As we previously discussed, the GDPR sets forth new regulations governing the cross-border transfer of personal data. For U.S. companies that might fall within the GDPR’s scope, one particular concern regarding cross border data transfers is how the GDPR affects the applicability and enforcement of the EU–U.S. Data Privacy Shield, which is the current mechanism… Continue reading GDPR and the Privacy Shield
The GDPR generally prohibits data transfers to non-EU countries unless the data can expect an “adequate level of protection” abroad. The GDPR provides various mechanisms for permitting data transfers and establishes a clear hierarchy among those mechanisms. The first is whether there is an adequate level of protection in place. If there is no adequate… Continue reading Cross-Border Transfers under the GDPR
The GDPR articulates certain principles governing the processing of personal data, which is broadly defined to include any information that can be used to directly or indirectly identify a particular person. Beyond these general provisions however, the GDPR, like its predecessor the Data Protection Directive, enumerates certain restrictions and requirements for the processing of certain… Continue reading The GDPR and Special Category Data
Assuming your business activities fall within the territorial scope of the GDPR, you may be required to designate a Data Protection Officer (DPO). A DPO may be an employee or designated outside service provider who has expert knowledge of data protection law and practices. The DPO’s job is to inform and advise the company of… Continue reading Do You Need A DPO?
The GDPR represents a complete overhaul to the EU’s current privacy framework. The GDPR is intended to have broader and more comprehensive rules regarding the processing, use, and storage of personal data than the EU’s prior Data Protection Directive 95/46/EC. More importantly, unlike the Data Protection Directive the GDPR will not require transposition into legislation… Continue reading The GDPR’s Territorial Scope
This month, Tracking Data will be covering the EU’s General Data Protection Regulation (GDPR), which was adopted on April 27, 2016 and goes into effect on May 25, 2018. The GDPR defines a broad set of rights and principles governing the protection of EU data subjects. These rights include the right to access one’s personal… Continue reading March Is GDPR Awareness Month
Last week the U.S. Securities and Exchange Commission (SEC) published new cybersecurity guidance for public companies. The guidance reinforces and expands upon a 2011 SEC publication, and highlights two additional topics: (1) the importance of robust cybersecurity disclosure policies and procedures and (2) the application of insider trading prohibitions in the cybersecurity context. Disclosure Controls and… Continue reading SEC Issues Interpretive Guidance on Cybersecurity Disclosures