Join Baker McKenzie regulatory and enforcement practitioners as we navigate this uncertain time and work together through the challenges ahead. We offer practical advice and real-time analysis of the changing landscape across the United States, Europe and Asia. Webinar Series: The New Framework for Investment Adviser Marketing In this 4-part…
The European Data Protection Board (EDPB) has published draft guidelines on the concepts of controller and processor in the GDPR (Guidelines). They replace the previous guidelines on the concepts of controllers and processors which the Art. 29 Working Party, i.e., basically the EDPB’s predecessor, had published in 2010. The Guidelines…
The European Data Protection Board (“EDPB”) has published draft guidelines on the concepts of controller and processor in the GDPR (“Guidelines”). They replace the previous guidelines on the concepts of controllers and processors which the Art. 29 Working Party, i.e. basically the EDPB’s predecessor, had published in 2010. The Guidelines are open for public consultation until October 19, 2020, after which the final version will be issued.
Questions continue to arise over the interplay of the second Payment Services Directive (PSD2) with the General Data Protection Regulation (GDPR). Both PSD2 and the GDPR are complex legislation and the relationship between distinct provisions of each law and how they work together is not altogether clear, which has led to uncertainty for payment service providers, including banks. For example, when is ‘consent’ required to access payment data and what does consent mean? To this end, the European Data Protection Board (EDPB) has published draft guidelines for consultation, but alongside other industry bodies and firms, the European Banking Federation (EBF) has voiced concerns over their workability for the sector.
On 4 May 2020 the European Data Protection Board (EDPB) adopted updated guidelines on consent under the GDPR (“New Guidelines”).
The New Guidelines supersede the guidelines on consent originally adopted by the EDPB’s predecessor, the Article 29 Working Party, on 10 April 2018 (the 2018 Guidelines), and subsequently endorsed by the EDPB.
In brief On 17 April 2020 the UK Information Commissioner’s Office (ICO) published a statement on its regulatory approach during the coronavirus pandemic. Recognising that operational and financial pressures caused by the coronavirus may impact organisations’ ability to fully comply with aspects of data protection laws, the ICO has stated…
Late last year the UK Information Commissioner’s Office (“ICO”) issued its first formal monetary penalty notice under the General Data Protection Regulation (“GDPR”). The ICO fined Doorstep Dispensaree GBP 275,000 for, among other things, failing to keep sensitive data securely and providing an inadequate privacy notice to data subjects. This…
On 19 February 2020 the ICO published its draft guidance on the AI auditing framework for public consultation, which is open until 1 April 2020. What is the draft guidance? The draft guidance sets out best practice for data protection compliance for artificial intelligence (“AI”). It clarifies how to assess…
EDPB – Guidelines on the Territorial Scope of the GDPR (Art. 3) and on Representatives (Art. 27) – Now adopted after public consultation The European Data Protection Board (“EDPB”) has published the adopted version of its guidelines on the territorial scope of the General Data Protection Regulation (“GDPR”). The guidelines…
Data has gone global. Whether you’re operating in one country or worldwide you need to know the local and international rules, regulations and risks that will affect your business. We are bringing together members of our global Data Protection and Security Team from London, EU, and the US to update…