The EU Is Regulating Your AI. Five Ways To Prepare Now

The European Union (EU) is leading the world in regulating essential issues that impact anyone interacting with EU companies and citizens. The EU led the way on data privacy regulation with the General Data Protection Regulation (GDPR). They are doing it again with AI regulation, and it will impact your business. Should AI be regulated?…
Read More
GDPR

UK Ranks Second Highest in GDPR Fines

A new report from cybersecurity company ESET found that the UK ranks second highest in average GDPR fine value ($10 million), despite issuing the lowest number (five) of GDPR fines in the EU. Spain issued the highest number of fines (273), while Luxembourg issued the highest value fines.  The report found that more than 650…
Read More
Data Sharing

France Moves to Stop Data Sharing with US

Under the CLOUD Act, companies registered in the United States are obligated to share with U.S. authorities data belonging to foreign entities. France’s top cybersecurity official, Guillaume Poupard is working to stop that practice.  Poupard, who is the director general of ANSSI–France’s cybersecurity agency–wants to stop cloud providers like Microsoft, Amazon, and Google from sharing…
Read More
Securities Exchange Commission

Switzerland and United Kingdom Issue Guidance for Data Transfers to SEC 

Businesses and organizations registered with the U.S. Securities and Exchange Commission are often required to share personally identifiable information (PII) with the regulatory body.  But for entities that have operations outside of the U.S., complying with SEC requests has created a legal conundrum since the European Court of Justice’s Schrems 2.0 ruling–which invalidated the EU-U.S.…
Read More
GDPR Violators

Cybersecurity and Data Privacy Inextricable According to EU Regulators

The Wall Street Journal has reported on a developing trend in the cybersecurity and data privacy landscape: European Union regulators are cracking down on perpetrators of data privacy breaches and violators of the General Data Protection Regulation (GDPR).  In Croatia, regulators “fined an unnamed technology service provider last week because it lacked proper cyber defenses,…
Read More
Deleted Data Gdpr

Why Deleting Data Doesn’t Meet GDPR’s Data Destruction Guidelines

When it comes to data, there’s a fine line between deletion and destruction. Under many of the major privacy laws, organizations are obligated to “delete” or “erase” data, while consumers are granted the right to be forgotten. The problem? Deleted data isn’t really gone.  According to ZDNet, 59 percent of used or refurbished hard drives…
Read More

EU Releases Draft Decision on UK Data Privacy Standards

Since the start of 2021, post-Brexit data relationships between the European Union and the United Kingdom have been governed by The EU-UK Trade and Cooperation Agreement, which established a 4-6 month temporary period where data could flow freely between the two jurisdictions.  Beyond that, the future was unclear. The grace period could have been extended…
Read More

A Guide to New Draft SCCs–and the EDPB’s Response

Ever since the EU-US Privacy Shield was struck down in Schrems 2.o, companies have been scrambling to figure out how to safely transfer data in and out of the EU while remaining compliant with the General Data Protection Regulation (GDPR). At this point, the general consensus is that transfers from the EU should only be…
Read More

2020 News in Review

Week Ending December 28  ICO Warns SolarWinds Victims to Report Breaches  The United Kingdom’s Information Commissioner’s Office (ICO) has issued a warning to organizations compromised by the SolarWinds breach. The breach, which was carried out by Russian hackers, affected more than 18000 organizations worldwide. ICO requires UK data controllers subject to NIS regulations to report…
Read More
Privacy Shield

A New Framework for a Post-Privacy Shield Era

Since the Schrems 2.0 case ended the EU-US Privacy Shield agreement, the companies that relied on the framework to transfer data between Europe and the U.S. have been left wondering what to do next. Can companies still rely on Standard Contractual Clauses (SCCs) for data transfers? If not, what alternatives do they have? The European…
Read More
Back To Top