The EU General Data Protection Regulation (GDPR) represents the biggest change to EU data protection law in more than twenty years. It has grabbed headlines as a result of its extra-territorial reach and the potentially vast fines for non-compliance. (For a general overview of the GDPR, please refer to our Alert Memo.) With the GDPR’s May 25, 2018 effective date rapidly approaching, the Article 29 Working Party (an advisory group made up of representatives from EU data protection authorities as well as the European Commission) recently published its latest wave of GDPR guidance. In this post, we summarize both the prior guidance and the most recent update, which covers critical issues such as data breach notification requirements and the calculation of penalties for non-compliance.
Continue Reading Preparing for GDPR – Guidance from the Article 29 Working Party
Cybersecurity in the EU – The New Regime under the GDPR and NISD
By Colin Pearson, Gareth Kristensen, Emmanuel Ronco, Christopher J. Cook, Natascha Gerlach, Francesco De Biasi, Thomas Kopp & Daniel Ilan on
From May 2018, organizations established or providing services in the EU will be subject to new national and EU-wide cybersecurity legislation, as regulators in EU Member States begin to apply both the General Data Protection Regulation and national legislation implementing the Network and Information Security Directive.
These new laws will significantly increase the territorial and
…