Almost exactly a year after publishing its draft version, the EDPB has adopted its final guidelines on Article 3 of the GDPR and the extra-territorial scope of the legislation. The adopted guidelines don’t differ substantially from the consultation draft but include a number of clarifications and new examples. Some of the key takeaways are: Article … Read more
The GDPR came into effect almost a year ago on the 25 May 2018. As the most significant reform of data protection law in Europe for over 20 years, the legislation raised expectations of a cultural shift in attitude to data privacy. A year on from the fanfare of implementation, this bulletin looks at key … Read more
As we all continue to try to grapple with the implications of a no-deal Brexit, the last week or two has seen the publication of a few things of interest from a data protection perspective: The EDPB’s view of data transfers in a no-deal Brexit scenario On 12 February 2019, the European Data Protection Board … Read more
2018 was a landmark year for data protection and privacy; the EU General Data Protection Regulation (“GDPR“) came into effect on 25 May 2018 and implemented a comprehensive reform of the EU data protection regime. So what could 2019 possibly have in store for data protection and privacy? This article sets out some predictions for further data protection developments in … Read more
The UK Government has published a “no deal” note to clarify how data protection law will work in the event that the UK leaves the EU without a deal. The note confirms that separate draft regulations and more detailed guidance will be published in the next few weeks but, in the meantime, it clarifies at … Read more
On 23 November 2018, the European Data Protection Board (the “EDPB“) published its draft guidelines on Article 3 of the GDPR, being the provision that sets out the territorial scope of Europe’s data protection legislation. The guidelines are only in draft form and subject to consultation but they do go some way to clarifying key … Read more
Following a UK Cabinet meeting on 14 November 2018, the UK Government has announced support for the text of a draft Withdrawal Agreement and an outline of the Political Declaration on the Future Relationship agreed with EU negotiators. The Withdrawal Agreement sets out the arrangements for the UK’s withdrawal from the EU on 29 March … Read more
On 13 September 2018, the UK Government published a series of technical notes setting out the implications in various sectors and areas of a ‘no deal’ scenario (i.e. a scenario in which the UK leaves the EU without an agreement), including a note specifically covering data protection. The note sets out the actions UK organisations … Read more
In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article 29 Working Party issued its initial guidance in October 2017 and published a final version … Read more
