Uncategorized

Join us on January 21, 2021 at 12pm EST/9am PST for a complimentary webinar – Understand and Prepare for the California Privacy Rights Act.

Panelists Elliot Golding and Glenn Brown of our Data Privacy & Cybersecurity Practice will provide an overview of the CPRA and its interplay with the CCPA.  The speakers will also

The ICO has confirmed a small, but important, change to the time limits for responding to subject access requests (SARs) under the GDPR. Calculation of the one-month time limit should begin from the date on which the request was received, not the day after. Therefore, if a request is received on 3rd September, the deadline for responding will be 3rd October (rather than 4th October, as previously understood). The ICO update on the subject, which follows a (2004) CJEU decision on time limits, is here and the guidance on subject access rights has been updated to reflect this.


Continue Reading Subject Access Requests – What does ‘one month’ mean?

Pursuant to Article 35.4 of the RGPD (GDPR), the CNIL has published a list of 14 categories of processing activities for which it deems it necessary to perform a Data Protection Impact Assessment (DPIA).   On its website, the CNIL also provides examples of the types of processing activities for each of these categories.
Continue Reading The CNIL Has Published Its List of Processing Activities Requiring a DPIA

In May this year, the General Data Protection regulation (GDPR) brought with it a new Data Subject Access Requests (DSAR) regime.  We expect that the ICO will update its Code of Practice shortly.   Until then, Andrew Peters of our Labour & Employment team has prepared a five-part blog series which discusses practical concerns for UK employers receiving DSARs post-GDPR.
Continue Reading GDPR’s Impact on Employee Data Subject Access Requests in the UK

One of the new obligations introduced by the General Data Protection Regulation (GDPR) is to prepare a data protection impact assessment (DPIA) for certain types of processing operations – i.e., those which are likely to result in a high risk. To put it simply, a DPIA is a process for building and demonstrating compliance with the GDPR, which complements the new focus on accountability, privacy by design and a far more risk-based approach.
Continue Reading Polish Supervisory Authority Publishes a Proposed “Black List” Recommendation on Processing Activities That Require a DPIA

On May 8, Georgia governor Nathan Deal vetoed Senate Bill 315, a proposed cybersecurity law imposing penalties of up to one year in jail and a $5,000 fine for “unauthorized computer access.”  In his veto, Governor Deal expressly cited concerns with the “national security implications” of the bill.  He noted the it could “inadvertently hinder the ability of government and private industries” to protect against cybersecurity breaches.
Continue Reading Cybersecurity Bill Vetoed in Georgia