Privacy & Cyber Regulatory Enforcement

EU Supervisory Authorities Disclose DPO Notification Tools

June 17, 2018 By Privacy, Cyber & Data Strategy Team

Shortly after the GDPR’s entry into application on May 25, 2018, several EU Supervisory Authorities have activated online Data Protection Officer (“DPO”) notification tools, allowing organizations to communicate the contact details of their DPO to the Supervisory Authorities, which is a requirement under Article 37 GDPR. While the DPO Guidelines of the Article 29 Working […]

Vermont Passes New Data Broker Law

June 14, 2018 By Privacy, Cyber & Data Strategy Team

Under a Vermont law, data brokers that process information regarding Vermont residents are now subject to registration and security requirements beginning January 1, 2019. Included in the new law are three notable components: (1) a broad statutory definition of a “data broker,” (2) an annual registration requirement for data brokers, and (3) reporting on data […]

Momentum Building for California’s Consumer Right to Privacy Act Ballot Initiative

June 4, 2018 By Privacy, Cyber & Data Strategy Team

In early May, a group called Californians for Consumer Privacy gathered enough signatures for the Consumer Right to Privacy Act (CRPA) to qualify for the November 2018 ballot. The ballot initiative builds on existing California laws directed at protecting the privacy of California consumers’ personal information, including the Shine the Light law (Civil Code §1798.83) […]

German DPAs Issue DPIA Blacklists; Many Companies Likely to be Affected

May 30, 2018 By Daniel Felz

The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and […]