GDPR Implementation

Wim Nauwelaerts Authors Summary of EDPB’s Guidelines of the GDPR

January 9, 2020 By Privacy & Data Security Team

Wim Nauwelaerts, Brussels partner and leader of the firm’s EU Privacy and Data Protection practice, has authored a summary of the European Data Protection Board’s (EDPB) guidelines on the territorial scope of the GDPR. On November 12, 2019, the EDPB adopted the final version of its guidelines – almost one year after they had been […]

German DPA Announces GDPR Compliance Survey of Large Companies – Translation Provided

July 2, 2018 By Daniel Felz

Following a two-year grace period, EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018. For many companies, preparing for the GDPR was a multi-year project involving multiple teams and input or assistance from across the organization. On this blog, we have outlined the items we have seen as particularly time- or […]

GDPR Fragmentation May Appear More Significant than Intended

June 26, 2018 By Privacy & Data Security Team

With the entry into application of the GDPR on May 25, 2018, the EU Member States were expected to have adopted national legislation implementing the regulation. To date, however, only 30% of Member States have effectively passed legislation, which still leaves the legal landscape to be precarious. The GDPR allows for deviations and specifications in […]

EU Supervisory Authorities Disclose DPO Notification Tools

June 17, 2018 By Privacy & Data Security Team

Shortly after the GDPR’s entry into application on May 25, 2018, several EU Supervisory Authorities have activated online Data Protection Officer (“DPO”) notification tools, allowing organizations to communicate the contact details of their DPO to the Supervisory Authorities, which is a requirement under Article 37 GDPR. While the DPO Guidelines of the Article 29 Working […]

German DPAs Issue DPIA Blacklists; Many Companies Likely to be Affected

May 30, 2018 By Daniel Felz

The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and […]