UK

UK Proposes Reforms to Data Protection Laws

On 10 September 2021, the UK Government’s Department for Digital, Culture, Media, and Sport (DCMS) published its long-awaited proposals for reform of the country’s data protection laws. The consultation paper includes a detailed and comprehensive set of suggested amendments to…

Read More
Privacy Law

Colorado Privacy Act: Another Piece to the Data Privacy Puzzle

Introduction Privacy laws have entered the compliance world by storm and are quickly changing data privacy practices. The most recent state, Colorado, passed the Colorado Privacy Act (CPA) into law on July 7, 2021. This new act follows California’s Consumer Privacy Act (CCPA) but calls out several additional rights, actions, and policies. The CPA pulls…
Read More
Cybersecurity

The 3 Biggest Mistakes the Board can Make around Cybersecurity

Although the topic of cybersecurity is now definitely on the board’s agenda in most organizations, it is rarely a fixed item. More often than not, it makes appearances at the request of the Audit & Risk Committee or after a question from a non-executive director, or – worse – in response to a security incident…
Read More
Securities Exchange Commission

Switzerland and United Kingdom Issue Guidance for Data Transfers to SEC 

Businesses and organizations registered with the U.S. Securities and Exchange Commission are often required to share personally identifiable information (PII) with the regulatory body.  But for entities that have operations outside of the U.S., complying with SEC requests has created a legal conundrum since the European Court of Justice’s Schrems 2.0 ruling–which invalidated the EU-U.S.…
Read More
Consumer Data

Deleting Data: A Guide

Of the many consumer rights established by the ever-expanding crop of data privacy legislation, the right to deletion is one of the ones you’ll see the most. Although different laws may have slightly different variations of the right, the general sentiment remains consistent – consumers have the right to have their personal data deleted from…
Read More
SCC

How to Comply With the EU’s New SCC Framework

Since the Schrems 2.0 decision, any organization involved in the international transfer of personal data between the EU and America has been eagerly awaiting a new set of Standard Contractual Clauses (SCCs). In short, the SCCs previously used for such transfers were written before the implementation of the EU’s General Data Protection Regulation (GDPR), so…
Read More
GCPR And CCPA Enforcement

Unforgiving GDPR Enforcement Sets the Tone for CCPA Enforcement

Now that the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are fully-enforceable (CCPA enforcement started July 1), most of the Western world is subject to some pretty serious data privacy standards. But with any law, there’s a difference between what’s written in the rule book, and a governing body’s endgame…
Read More
Data Encryption

Current Industry Regulations for Data Encryption: Are You Up to Date?

Though data is an incredibly valuable resource, more data generally means more responsibility. A larger amount of data presents a larger attack surface for hackers to target through cyberattacks. Encryption, the act of translating data into a new form that is undecipherable without a special key, is an impactful method of avoiding these issues and…
Read More
How To Respond To A Data Subject Access Request Under GDPR

How to Respond to a Data Subject Access Request Under GDPR

Under the European Union’s General Data Protection Regulation (GDPR), consumers have the right to request a copy of their personal data from companies who hold it. This type of request is known as a Data Subject Access Requests (DSAR). Responding to a DSAR is not difficult with the proper amount of advance preparation. An updated…
Read More
Back To Top