Virginia has just become the second U.S. state with a comprehensive privacy law, with Governor Ralph Northam’s signing of the Virginia Consumer Data Protection Act (“VCDPA”) on March 2, 2021.…
As covered in our Annual Review, 2020 was a blockbuster year for European data protection. If January is anything to go by, 2021 will be the same. New data breach…
On 19 January 2021, the UK Information Commissioner’s Office (the “ICO”) published its September 2020 letter to the Securities and Exchange Commission (the “SEC”) analysing the GDPR’s impact on UK-based…
Over two years since the GDPR came into force, the full extent of its impact is still developing at pace. In this post, we look back at the 2020 European…
The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post-Schrems II data transfer guidance, followed just a day later by the European…
The European Data Protection Board (“EDPB”) recently published new guidance on how companies can validly transfer EU personal data to the many countries that have not been deemed by the…
EU authorities have understandably declined to put forward a single list of mandatory data security controls that apply to all companies subject to the GDPR. As a result, each new…
On November 4, 2020, Vincent Pitaro of the Cybersecurity Law Report published: Comparing U.S. and E.U. Approaches to Incident Response and Breach Notification. The article summarises a panel discussion at…
October was a particularly busy month, with headline-grabbing stories such as the long-awaited finalisation of the fines against British Airways and Marriott, which may well be the last penalties the…
Hot on the heels of British Airways’ £20m fine (covered here), the UK Information Commissioner’s Office has fined Marriott £18.4m for alleged data security failings linked to the breach of…