EDPB Adopts Final Guidelines on GDPR Extra-territoriality

Almost exactly a year after publishing its draft version, the EDPB has adopted its final guidelines on Article 3 of the GDPR and the extra-territorial scope of the legislation. The adopted guidelines don’t differ substantially from the consultation draft but include a number of clarifications and new examples. Some of the key takeaways are: Article … Read more

Brexit, Data, Brexit

As we all continue to try to grapple with the implications of a no-deal Brexit, the last week or two has seen the publication of a few things of interest from a data protection perspective: The EDPB’s view of data transfers in a no-deal Brexit scenario On 12 February 2019, the European Data Protection Board … Read more

Data Protection Predictions 2019

2018 was a landmark year for data protection and privacy; the EU General Data Protection Regulation (“GDPR“) came into effect on 25 May 2018 and implemented a comprehensive reform of the EU data protection regime. So what could 2019 possibly have in store for data protection and privacy? This article sets out some predictions for further data protection developments in … Read more

UK Government note clarifies “no deal” and data protection

The UK Government has published a “no deal” note to clarify how data protection law will work in the event that the UK leaves the EU without a deal. The note confirms that separate draft regulations and more detailed guidance will be published in the next few weeks but, in the meantime, it clarifies at … Read more

EDPB finally issues draft guidelines on GDPR extra-territoriality

On 23 November 2018, the European Data Protection Board (the “EDPB“) published its draft guidelines on Article 3 of the GDPR, being the provision that sets out the territorial scope of Europe’s data protection legislation. The guidelines are only in draft form and subject to consultation but they do go some way to clarifying key … Read more

Brexit Withdrawal Agreement: Impact for data protection

Following a UK Cabinet meeting on 14 November 2018, the UK Government has announced support for the text of a draft Withdrawal Agreement and an outline of the Political Declaration on the Future Relationship agreed with EU negotiators. The Withdrawal Agreement sets out the arrangements for the UK’s withdrawal from the EU on 29 March … Read more

Data protection if there’s no Brexit deal

On 13 September 2018, the UK Government published a series of technical notes setting out the implications in various sectors and areas of a ‘no deal’ scenario (i.e. a scenario in which the UK leaves the EU without an agreement), including a note specifically covering data protection. The note sets out the actions UK organisations … Read more

Data breaches: new Article 29 Working Party guidance

In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article 29 Working Party issued its initial guidance in October 2017 and published a final version … Read more