On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”) for failing to protect … [Read more] about The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation
This morning, Germany’s Federal Data Protection Authority (DPA) announced that the European Data Protection Board (EDPB) has finalized an initial set of FAQs on international transfers in light of the recent Schrems II judgment. You can read our … [Read more] about EDPB to Publish FAQs on Data Transfers
On July 22, 2020, the European Data Protection Board (‘EDPB’) released an information note on Binding Corporate Rules (‘BCRs’), which provides guidance for groups of undertakings/enterprises which have the UK ICO as their competent supervisory … [Read more] about EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority
On July 17, 2020, the European Data Protection Board (‘EDPB’) published a statement on the outcome of the Schrems II judgment, passed by the Court of Justice of the European Union (‘CJEU’) the day before. The judgment invalidated the EU-U.S. Privacy … [Read more] about European Data Protection Board Statement Provides Preliminary Insight into Use of Standard Contractual Clauses Following Schrems II Judgment
On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield, a principal legal method for the transfer of personal data from the EU to the United States. The CJEU ruling further cast doubt on the … [Read more] about Geopolitical Implications of the European Court’s Schrems II Decision