General Data Protection Regulation

ICO Promises to Perform on the International Stage

David Smith

Last month I commented on the Information Commissioner’s new Information Rights Strategic Plan which promised that there was more to come, not least an International Strategy for the ICO. Now that this International Strategy has been published it doesn’t disappoint. I must though confess to a certain amount of self interest here. When I was Read More

No Comments

The intersection of US litigation and EU data privacy laws

Laura Hall

Companies with operations in the EU are increasingly finding that the broad scope of discovery in litigation in the United States is in conflict with their obligations under laws implementing the EU Data Privacy Directive. Most US courts, when considering whether production of documents in violation of foreign data privacy law should be compelled, have Read More

No Comments

The ICO’s New Strategic Plan – A Change Of Course Or Steady As She Goes?

David Smith

You may have seen that on 25 May, with exactly one year to go until the GDPR takes effect, the Information Commissioner, Elizabeth Denham, published her office’s Information Rights Strategic Plan for 2017- 2021. This might not be headline grabbing stuff but it’s important nevertheless as it sets out how the ICO will be approaching Read More

No Comments

GDPR: Are we losing sight of today’s risks as we all look to the future?

David Smith

This week all eyes are on the future. There’s just one year to go until the EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and we have the promise, in the Conservative Party’s manifesto, that here in the UK we will be getting a new data protection law that is Read More

No Comments

BCRs under the GDPR: Practical considerations

Wanne Pemmelaar

Modern businesses increasingly depend on the free data flows between business units, customers and third parties. As new legislation and developments shake up the existing principles of cross- border data transfer, many internationally operating organisations turn to Binding Corporate Rules (BCRs). The BCRs can be a key element not only for the compliant cross-border data Read More

No Comments

Article 29 Working Party adopts Guidelines on the “lead supervisory authority”

Peter van Dyck

One of the key innovations of the upcoming General Data Protection Regulation (GDPR) is the so-called one stop shop principle.  This principle aims to avoid companies that undertake cross-border processing of personal data finding themselves subject to a plurality of competent data protection authorities. Concretely, the GDPR provides that the data protection authority in the Read More

No Comments