GDPR
Posts
An awaited new ECJ preliminary ruling on data privacy in the case C-210/16 Wirtschaftsakademie Schleswig-Holstein
On June 5, the European Court of Justice (ECJ) released its preliminary ruling in the case Wirtschaftsakademie Schleswig-Holstein. The ECJ found that the administrator of a fan page on Facebook is jointly responsible with Facebook for the processing of data of visitors to the page. By creating a fan page on Facebook and defining the criteria […]
GDPR implications on the global M&A process
A recent GDPR seminar attended by members of our team inspired us to share our thoughts on how the new European legislation on data protection would affect the M&A transactions. The GDPR implications on M&A deals would certainly go beyond the borders of the EU given the extraterritorial application of the Regulation. Privacy “by design” […]
Mandatory data protection officers under the GDPR
Data protection officers (“DPO”) will become key figures within organisations striving to ensure compliance with the stricter requirements of the GDPR as from May 2018. In the end of 2016, a conservative estimate by the International Association of Privacy Professionals suggested that 75,000 DPO positions will be created globally in response to the adoption of […]
How the GDPR will impact companies acting as personal data processors
Before the GDPR enters into force on 25 May 2018, companies processing personal data will have to reassess their approach to personal data processing. Under the current state of the law, a company acting as a personal data processor that has been found liable for unlawful personal data processing would be liable for a breach […]
How to define the most relevant legal basis for personal data processing under the GDPR
On its entry into force, the GDPR would make reliance on data subjects’ consents inappropriate for many personal data processing activities. A practical tip to self-test current consents: if it seems difficult for a controller to obtain a valid consent, perhaps there is another legal ground that should apply. When implementing a GDPR compliance strategy, […]
Consent of data subjects under the GDPR
One of the most common grounds for lawful processing of personal data is obtaining the data subject’s consent. As from 25 May 2018 when the GDPR shall enter into force, the requirements for obtaining lawfully such consent will be significantly amended. Despite being more burdensome for companies, the new requirements may serve as a competitive […]
Rights of data subjects under the General Data Protection Regulation
One of the EU’s key objectives in adopting the General Data Protection Regulation (“GDPR”) is to contribute to the well-being of individuals by reinforcing their rights with respect to their own personal data. As from 25 May 2018, persons and companies acting as data controllers should comply with the reinforced data subjects’ rights under the […]
Principles of personal data processing under the new EU data protection rules
The newly revised EU legal framework in the field of personal data protection has already made the processing of personal data an increasingly important topic for businesses operating in the territories of EU member states. As from 25 May 2018, the General Data Protection Regulation (“GDPR”) will become directly applicable in all EU states. With […]