Alston & Bird Privacy, Cyber & Data Strategy Blog

European Union (EU)

EU Supervisory Authorities Clarify Breach Notification Requirements

By

Background On April 4th, 2023, the European Data Protection Board (‘EDPB’), which is composed of representatives of the EU national supervisory authorities and the European Data Protection Supervisor (‘EDPS’), published an updated version of the Working Party 29 Guidelines on personal data breach notification under the EU General Data Protection Regulation (‘GDPR’). The EDPB had […]

EU Standard Contractual Clauses (SCCs) Deadline is Looming

By and

Companies relying on the SCCs as a data transfer tool have less than a month to update their existing contracts (if they haven’t done so already).  WHAT HAPPENED? The EU General Data Protection Regulation (GDPR) allows companies that want to transfer personal data protected by the GDPR to third countries outside the EU/EEA to do […]

European Parliament Adopts “NIS2” Cybersecurity Directive

By

On November 10, 2022, the European Parliament adopted a new cybersecurity directive (the “NIS2 Directive”), which is designed to replace and repeal the existing EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (the “NIS Directive”). The objective of the NIS2 Directive is to achieve a higher level of cybersecurity within the EU […]

Heavier Breach Notification Obligations for U.S. Companies Subject to the EU GDPR According to Proposed Regulatory Guidance from the EDPB

By

On October 18, 2022, the European Data Protection Board (“EDPB”) published a proposed updated version of its regulatory guidance on personal data breaches under the EU GDPR (the “Proposed Updated Guidance”). The Proposed Updated Guidance seeks to place heavier personal data breach notification obligations on controllers established in the U.S. (and other non-EU countries) but […]

EU and U.S. Reach Agreement In Principle on a Replacement for the EU-U.S. Privacy Shield

By and

On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in 2020. The new framework will be designed to allow personal data to flow freely […]