Our top five European data protection developments from July are: EU AI guidance: Businesses should consider reviewing their AI policies and practices following guidance from the French CNIL and the…
Key takeaways from April include: UK FCA’s AI regulation: UK FCA-regulated firms should take note of the FCA’s newly confirmed approach to AI regulation that seeks to be outcome-focused, principle-led,…
Key takeaways from January include: Transparency about data processing and retention: In a reminder of the importance of transparency under the GDPR, and the need for companies to make their…
Key takeaways from December include: Concept of non-material damage under GDPR: In an expansive reading of the right to compensation under GDPR, a data subject’s fear that their personal data…
Key takeaways from November include: AI Regulation: Businesses utilizing AI in the EU, particularly those in healthcare and generative AI, should keep in mind that European authorities and regulators continue…
Key takeaways from October include: Employee monitoring: Following new guidance issued by the UK ICO, employers may want to review their existing employee monitoring to ensure it meets the regulator’s…
Key takeaways from September include: UK-US data bridge: From 12 October 2023, UK businesses will be able to transfer personal data to certain US organisations certified under a UK-specific extension…
As businesses adopt Generative AI tools, they need to ensure that their governance frameworks address not only AI-specific regulations such as the forthcoming EU AI Act, but also existing regulations,…
Key takeaways from August include: Conflicts of interest: Businesses should consider re-evaluating their data protection officer’s role and responsibilities, including dual roles on boards and committees, to prevent conflicts of interest…
Key takeaways from June and July include: Data transfers to the U.S.: Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S.…