Data breach

The Netherlands: Obligation to notify serious cybersecurity incidents might expose banks to new risks

Peter Eijsvoogel

A draft Dutch law will, once adopted, require mandatory notification of security breaches or loss of integrity of ICT systems that may have a significant impact on the availability or integrity of certain vital products or services (the Bill). The Bill will affect the financial services sector. The new law is expected to take effect Read More

No Comments

Singapore: The PDPA has “teeth” – First Fines for Data Protection Breaches Imposed in Singapore

Yeoh Lian Chuan

The Personal Data Protection Commission (PDPC) announced on 21 April 2016 that it had taken action against 11 organisations for breaching their obligations under the Personal Data Protection Act (PDPA). The penalties imposed ranged from warnings to fines, with the highest fine—$50,000—imposed on K Box Entertainment Group Pte Ltd. This development is significant as: (a)     Read More

No Comments

Cybersecurity and risk management

Mark Ridgway

The topic of cybersecurity is seldom out of the press these days, occupying the minds of business leaders and politicians alike. From a business perspective, the ideal outcome would be to eliminate cybersecurity risks entirely. However, two things are clear. First, there is no panacea for the diverse and ever-evolving range of threats that exists. Read More

No Comments

Article 29 reserves position on EU-U.S. Privacy Shield; uncertainty for companies remains

Jane Finlayson-Brown

Following the European Commission’s announcement on 2 February 2016 that agreement had been reached with the U.S. government on a new EU-U.S. Privacy Shield, the Article 29 Working Party (the A29 WP) held a press conference on 3 February confirming that whilst they see the agreement between negotiators as a positive step, they are reserving their position as to Read More

No Comments

What can we expect from the EU General Data Protection Regulation?

Charlotte Mullarkey

It is now clear that the proposed EU data protection framework will be revised, and that it will be in the form of a Regulation – the General Data Protection Regulation. The GDPR will replace the current Directive and will be directly applicable in all Member States without the need for implementing national legislation. It Read More

No Comments