One Stop Shop: Will the Promise be Delivered?

One of the business-friendly improvements promised by the GDPR is a ‘one stop shop’ regulatory interface facility to benefit companies doing business across multiple EU jurisdictions.

If you are attending IAPP’s Europe Data Protection Congress,  please stop by Copper Hall at 9:15 am on Thursday, November 9th to learn if the promise will be delivered.   Panelists including: Continue Reading

Visit us at the IAPP Europe Data Protection Congress

Our Data Privacy & Cybersecurity team members will be present at IAPP’s Europe Data Protection Congress on November 8-9, 2017.

Stop by Stand 3 to learn how our our globally connected team can keep you abreast of the commercial impact that legal, policy and regulatory changes could have on your business wherever you operate.

While visiting us, you can test your knowledge of data protection laws.  The person who answers the most questions correctly in the least amount of time will win an Apple watch.

The competition results will be announced following lunch on Thursday, November 9th.

Breakfast Briefing – Cybersecurity Readiness and Effective Breach Response

The EU General Data Protection Regulation (GDPR) increases organizations’ obligations to a new level and also adopts, for the first time, specific breach notification guidelines. Cybersecurity readiness and effective responses are no longer the exclusive domain of IT departments -these are now board-level concerns.  Regardless of industry sector, size or commercial focus, companies not only need to fortify their IT systems, but also must ensure that cybersecurity best practices and incident response training become part of the corporate DNA. Continue Reading

WP 29 Publishes Guidelines on Personal Data Breach Notification Under Regulation 2016/679 “WP250”

The G29 is continuing its work to clarify GDPR with a view to its implementation in May 2018. The subject of personal data breach notification is not entirely new, as the reporting obligation, which will soon apply to all, already exists for communication service providers. However, these guidelines reiterate or provide more detailed information about certain key requirements.

Continue Reading

Compliance to PSD2 and GDPR – A New Challenge

The revised EU’s Payment Services Directive (PSD2) and EU’s General Data Protection Regulation (GDPR) will both come in force in 2018. Seemingly unconnected, these two regulatory initiatives share a common goal– putting customers in control of their own personal data and keeping that personal data safe.

PSD2  is an update to the original Payment Service Directive, which was adopted in 2007.  The original Directive was implemented to make cross-border payments as easy, efficient and secure as national payments in the EU Member States.  The major changes of PSD2 are: Continue Reading

WP 29 publishes Guidelines on Automated Individual Decision-Making and Profiling “WP251”

The Article 29 Working Party, the group of EU data protection authorities charged with agreeing European-wide guidance on GDPR, has published Guidelines on the Automated Individual Decision-Making and Profiling “WP251”. While the introduction of the concept of “profiling” in the GDPR is relatively new, it is not the case for automated individual decision-making, which is already prohibited. These guidelines provide details about key requirements with respect to profiling and automated individual decision-making. Continue Reading