Earlier this month, the European Data Protection Board (EDPB) published a report on the resources that the EU Member States make available to their Data Protection Authorities (DPA) and on the enforcement actions initiated by those DPAs. Resources made available by the EU Member States to the DPAs The EDPB report releases statistics on both […]
Data Protection
Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC
Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]
EDPB publishes Guidelines on the Concepts of Controller and Processor in the GDPR
On July 7th, the European Data Protection Board (“EDPB”) adopted its finalized guidelines on the concepts of controller and processor in the General Data Protection Regulation (“GDPR”). While the EDPB’s predecessor – the Article 29 Working Party – had issued guidance on the concepts of controller/processor (Opinion 1/2010, WP169) back in 2010, many practical concerns […]
Colorado Becomes the Third State to Adopt a General Privacy Law
On July 7, Colorado became the third state behind California and Virginia to adopt a comprehensive privacy law when Governor Jared Polis signed the Colorado Privacy Act into law. The CPA contains many similarities to the Virginia Consumer Data Protection Act (VCDPA) and the California Consumer Privacy Act, as amended by the California Privacy Rights […]
Alston & Bird Publishes FAQs – Standard Contractual Clauses for Controllers and Processors in the EU/EEA
Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation: Are controllers and processors obliged to use the Article 28 clauses for their data processing agreements? Do the Article 28 clauses ensure compliance with […]