Cross-border

Germany’s Cyber Threat Landscape – Top 3 Lessons from the BKA Situation Report

August 1, 2022 By Daniel Felz

Germany boasts one of the world’s largest, most sophisticated, and international economies. Companies doing business in Germany are thus an increasingly relevant target for cyberattacks. Germany‘s Federal Criminal Police Office (Bundeskriminalamt or BKA) is the federal law enforcement agency charged with investigating cybercrime, and for coordinating federal-state cooperation in cybercrime matters. The BKA recently published […]

EDPB Issues Draft Guidelines on the Calculation of Administrative Fines

May 19, 2022 By Paul Greaves and Privacy, Cyber & Data Strategy Team

On May 16, 2022, the European Data Protection Board (‘EDPB’) published draft regulatory guidelines (‘draft guidance’) on the calculation of administrative fines for infringements of the EU General Data Protection Regulation (‘GDPR’). In the draft guidance, the EDPB sets out its methodology, consisting of five steps, for calculating administrative fines. The EDPB adopted these guidelines […]

EU and U.S. Reach Agreement In Principle on a Replacement for the EU-U.S. Privacy Shield

March 25, 2022 By Paul Greaves and Wim Nauwelaerts

On March 25, 2022, the European Commission and the United States announced that they have reached an “agreement in principle” on a replacement for the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in 2020. The new framework will be designed to allow personal data to flow freely […]

Russia Arrests Suspected Members of REvil Ransomware Gang

January 19, 2022 By Kellen Dwyer and Kim Peretti

Russia’s Federal Security Service (“FSB”) issued a press release on January 14, 2022 claiming that it dismantled the REvil ransomware gang by arresting 14 suspected members and seizing computer equipment, luxury vehicles, bitcoin, and fiat currency valued at over $1 million. REvil is a notorious cybercriminal organization that claimed responsibility for a ransomware attack last […]

Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC

August 17, 2021 By Daniel Felz, Kate Hanniford and Wim Nauwelaerts

Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]