Cybersecurity from compliance to crisis – With the ever-increasing threat of ransomware and other cybercrime, we offer a bird’s eye view of cybersecurity strategy focused on addressing risks, keeping up with regulatory and compliance issues, and managing a cyber crisis.
In our Deciphering Data Webinar Series, we provide a global perspective of what’s keeping executives awake at night with the world’s threat actors becoming seemingly more sophisticated every day, and give practical guidance on how to address these risks and concerns and prepare companies for challenges ahead.

The European Data Protection Board (EDPB) has published draft guidelines on the concepts of controller and processor in the GDPR (Guidelines). They replace the previous guidelines on the concepts of controllers and processors which the Art. 29 Working Party, i.e., basically the EDPB’s predecessor, had published in 2010. The Guidelines…

The European Data Protection Board (“EDPB”) has published draft guidelines on the concepts of controller and processor in the GDPR (“Guidelines”). They replace the previous guidelines on the concepts of controllers and processors which the Art. 29 Working Party, i.e. basically the EDPB’s predecessor, had published in 2010. The Guidelines are open for public consultation until October 19, 2020, after which the final version will be issued.

On 4 May 2020 the European Data Protection Board (EDPB) adopted updated guidelines on consent under the GDPR (“New Guidelines”). 

The New Guidelines supersede the guidelines on consent originally adopted by the EDPB’s predecessor, the Article 29 Working Party, on 10 April 2018 (the 2018 Guidelines), and subsequently endorsed by the EDPB.  

As the COVID-19 pandemic stretched across the globe, companies shifted to remote working environments and many reduced staff, all without much of an opportunity to prepare. The past two months have presented a serious threat to data security, including the most vulnerable financial data, personal data of employees and customers, and trade secrets. These risks cut across all sectors — financial services, industrial manufacturers, health care, and professional services. Recent experience confirms that an effective information security strategy should target these most-common threats: phishing, data sprawl, and employee mobility/redundancies.

Our latest edition covers 39 jurisdictions, answering five common data privacy and security questions employers may have in light of COVID-19. As the world grapples with the COVID-19 pandemic and its profound impact across regions and industries, many companies are facing difficult business and legal challenges and are required to…

Data Transfers: Derogations for specific situations (Art. 49 GDPR) In the context of the “Schrems II case,” we continue our analysis of alternative vehicles allowing the transfer of personal to third countries outside the European Economic Area. In previous papers, we focused on Binding Corporate Rules (BCR) as alternatives to…

April 3 update: Our latest edition includes updates for 12 jurisdictions in EMEA, Latin America and Asia Pacific. As COVID-19 continues to quickly spread across the globe and has officially been declared a pandemic, many companies are facing difficult business and legal challenges and are required to make some urgent…

In this episode of Connect On Tech, your host Brian Hengesbaugh is joined by Francesca Gaudino, a partner in our Milan office. Francesca reports on the on-the-ground situation in Italy in light of COVID-19 and issues Italian employers are facing. You will learn: If Italian employers can perform temperature checks…

Schrems II case – the data importer perspective Following our previous analysis of the consequences of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case, from the data exporter perspective (available here), we now focus on the implications of the same with respect to…