articles
Data breaches: why they matter and how to prepare
Data breaches can have severe consequences for individuals and organizations alike, impacting personal privacy, financial stability, and corporate reputation. The GDPR emphasizes swift action and robust data protection to reduce these risks. This guide provides an introduction to handling data breaches under EU and UK GDPR, exploring common types of breaches, preventive steps, and essential response measures, including guidance on managing third-party processors.
Charlotte Mason Charlotte Mason, Elif Merve Demir Elif Merve Demir
The role of the legal representative under the Digital Services Act
The Digital Services Act (DSA) is another key corner stone of the “Digital Strategy for Europe” and part of a new generation of regulations for digital governance. The DSA is designed to protect users against illegal and harmful content and goods as well as the spread of disinformation in the digital world. Its aim is to ensure user safety, protect fundamental rights, and create a fair and open online platform environment. Like the GDPR, the Digital Services Act has extra-territorial scope meaning that it applies irrespective of the providers’ location. Non-EU provider of intermediary services are required to appoint a legal representative as substitution for their own establishment.
Andreas Maetzler Andreas Maetzler, Katharina JOKIC Katharina JOKIC, Charlotte Mason Charlotte Mason
CCPA: Managing Consumer Rights - CPRA regulations now enforceable
Those organizations rushing before 1 July 2023 to put compliance measures in place in time for the original enforcement date of the California Privacy Rights Act regulations (CPRA regulations) will have taken comfort in the last-minute decision by Sacramento County Superior Court last June to push enforcement back to 29 March 2024. However, the decision last week by the California Third District Court of Appeals means that the California Privacy Protection Agency (CPPA) can immediately begin to enforce the CPRA regulations, which include detailed rules on consumer privacy rights request handling, opt-out mechanisms for sale/sharing of data and the mandatory recognition of opt-out signals. From now on, we can expect to see a step up in enforcement activity and an increase in sanctions.
Andreas Maetzler Andreas Maetzler, Charlotte Mason Charlotte Mason
Ready for the new Swiss Data Protection Law? Implications for organizations outside Switzerland
The revised Swiss Federal Act on Data Protection (RevFADP), which takes effect from September 1, 2023, brings Switzerland’s data protection regime in line with the GDPR and has significant implications for organizations outside Switzerland. The territorial scope of the RevFADP is broader than the GDPR, applying to activities with an impact in Switzerland even if initiated from abroad. Non-Swiss companies targeting goods or services to Swiss individuals or storing data on Swiss servers must comply. Additionally, organizations caught by the RevFADP’s scope must appoint a representative in Switzerland to serve as their local point of contact for Swiss data subjects and the Swiss supervisory authority (FDPIC). Senior managers and those responsible for an organization’s data protection tasks should take note of the new criminal sanctions of fines up to CHF 250,000 for individuals that have wilfully breached the RevFADP.
Charlotte Mason Charlotte Mason, Andreas Maetzler Andreas Maetzler
EU Commission adopts its adequacy decision for the EU-U.S. Data Privacy Framework
The European Commission’s recent adoption of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) is a turning point in transatlantic data transfers. Effective 10 July 2023, this framework replaces the invalidated Privacy Shield Framework, once again allowing transfers from the EU to certified U.S. organisations without the need for additional transfer tools. However, with its complex backstory and potential for future challenges, the EU-U.S. DPF promises a fascinating journey ahead in the realm of data privacy. This blog post provides a concise yet comprehensive overview of the DPF and its practical implications.
Charlotte Mason Charlotte Mason