Data Protection

EDPB Issues New Guidance for Assessing Personal Data Breaches under the EU GDPR

January 10, 2022 By Paul Greaves and Wim Nauwelaerts

On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a public consultation on a draft set of guidelines in 2021. The finalized Guidelines are a practice-oriented, and case-based set of examples that leverage the experiences […]

Time to Restore Trust in Data Flows between Countries? Peter Swire Discusses Recent OECD Efforts in Developing Principles for Government Access to Data.

January 4, 2022 By Privacy, Cyber & Data Strategy Team

Alston & Bird Senior Counsel Peter Swire recently published an article in Lawfare titled, “Towards OECD Principles for Government Access to Data.” Peter and his co-authors discuss recent efforts of the Organization for Economic Cooperation and Development (OECD) to formulate common principles regulating governmental access to personal data held by the private sector for national […]

Belgian Supreme Court rules that Data Protection Authority may impose administrative fines even where a data subject’s personal data were not processed

November 2, 2021 By Paul Greaves, Wim Nauwelaerts and Privacy, Cyber & Data Strategy Team

The Belgian Supreme Court ruled in a judgment of Oct. 7, 2021 that a data subject has the right to lodge a complaint with the Data Protection Authority against a processing practice that violates the GDPR (in this case, the data minimization principle in Article 6 of the GDPR), even where the data subject’s personal […]

The EDPB-EDPS Joint Opinion on Data Processing Standard Contractual Clauses: Key Takeaways

February 4, 2021 By Wim Nauwelaerts

When a controller engages a processor, the GDPR requires that the parties enter into a specific contract that contains certain mandatory provisions. This contract is often referred to as a ‘data processing agreement’ or ‘DPA’. To facilitate compliance with this requirement, the GDPR has provided the European Commission with the power to issue standard contractual […]

EU and Japan Publish a Joint Release on Their Mutual Adequacy Decisions

January 23, 2019 By Maki DePalo

On January 23, 2019, the Personal Information Protection Commission of Japan (the “PPC”) and the European Commission (the “Commission”) jointly announced the adoption of the decisions recognizing each other’s personal data protection systems as equivalent. The Commission launched the process leading to the adoption of the adequacy decision in September 2018 and successfully completed the […]