Blog

picture

Private or public, does it matter?

Data protection is becoming increasingly complex in the education sector. New laws entering into force and additional guidelines make it difficult to keep up with the constant changes. An additional layer of complexity comes with the range of organisations funded in differing ways, from private companies to charitable organisations and publicly funded institutions. Learn more about the extraterritorial scope of privacy laws and the need for education providers to appoint a representative.

Andreas
Women called Charlotte in a pantsuit.

Andreas Maetzler, Charlotte Mason

picture

From CCPA to CPRA:

New Year, new consumers’ rights for Californian residents. With 1 January, 2023, the CPRA, sometimes also referred to as CCPA 2.0, entered into force. Main changes are related to privacy rights of Californian residents with the CPRA introducing new rights as well as amending rights already granted under CCPA.

Andreas
Women called Charlotte in a pantsuit.

Andreas Maetzler, Charlotte Mason

Europe and China Flag displayed on seperate shipping containers

Series on Implementing PIPL: (1) Cross-Border Data Transfers and Draft Standard Contract

Analysis of the recent guidance from the Cyberspace Administration of China (“CAC”) regarding cross-border transfers in particular China’s version of the Standard Contractual Clauses.

Man called Michael in a suit.
Women called Charlotte in a pantsuit.

Michael Schweiger, Charlotte Mason

UK DP reform.jpg

UK publishes proposals for new Data Protection Reform Bill

The UK Government has recently announced plans to reform UK data protection laws. Read this article for an update of what the reform plans contain and what the effect of the reform may be.

Women called Charlotte in a pantsuit.

Charlotte Mason

Illustration of the Turkish flag.

Turkish Data Protection Law (KVKK), VERBIS registration and what to do before December 31st, 2021!

Compliance with the Turkish data protection law (KVKK) is getting serious. 31 December 2021 is the deadline for the registration with the Data Controller Registry (VERBIS) and for the appointment of a representative in Turkey. From 2022 onwards the Turkish data protection authority may issue heavy fines for non-compliance.

Andreas
Man called Michael in a suit.

Andreas Maetzler, Michael Schweiger

Illustration of a camera on a concrete wall.

“The bad guys do not appoint Art. 27 representatives” but get fined!

Commentary on the Dutch Data Protection Authority imposing a fine of up to EUR 645,000.

Andreas
Women called Clara in a pantsuit.

Andreas Maetzler, Clara Sator

Illustration of a European map.

NIS Representation in the EU and UK – Is the March 31 deadline a turning point?

Digital service providers needed to appoint a Network and Information System representative by March 31, 2021, in the U.K. Read the following to find out if this obligation is relevant for you, what the background of it is, and what are the requirements in the EU and the UK.

Andreas

Andreas Maetzler

Illustration of a weathercock.

The Role of a Representative under EU and UK GDPR after Brexit

Up until the end of the transition period the obligation to appoint a representative for privacy related matters was applicable only for non-EU companies. From January 1st, 2021, this obligation became relevant for EU and UK companies as well. Read more about the legal obligation to appoint a privacy representative in the EU or the UK whether your company is located in the EU the UK or outside of Europe.

Andreas

Andreas Maetzler

illustration of the European and British flag In the context of Brexit.

Brexit and UK Privacy Representation

We put together information on the most burning questions when it comes to Brexit and UK Privacy Representation. To get the topic off your mind in an easy and hands-on way.

Andreas

Andreas Maetzler