Archives

GDPR Compliance

The EU’s GDPR Turns 2!

Today marks the second anniversary of the EU’s General Data Protection Regulation. And, wow, what a two years it has been! Looking back to 2018, I can remember my email being flooded with privacy notice updates to account for the changes under the GDPR. It did cause me to pause at how  many (often too […]

The UK: They left the EU; did your data?

As many of you may know, the United Kingdom officially left the European Union on January 31, 2020, after forty-seven (47) years of membership. What does this mean? Well the short answer is: we do not really know yet.  The UK and the EU are now in a “transition period” that will last until at […]

Blockchain and Data Protection Laws: Can they Co-Exist?

Blockchain is a buzzword in the technology community, promising to combine unforseen computing power with the corresponding ability to confirm accuracy and legitimacy of transactions. The most common example of blockchain to the common user is cryptocurrency, the most popular of which is Bitcoin (or, at least, one of the most well-known). But, the use […]

The EDPB Offers Guidelines for Lawful Basis of Processing Based on the Necessity for the Performance of a Contract

By Michael A. Shapiro, Esq., CIPP/US/E, attorney with XPAN Law Group Article 6 of the General Data Protection Regulation (GDPR) requires that processing must be “lawful” on the basis of six specified conditions set forth in Article 6(1)(a) to (f).   One of the basis for lawful processing is the “necess[ity] for the performance of a […]

Vendor Risk Management: Playing with Fire and Risking Getting Burned

In 2019, the global average cost of a data breach is $3.92 million; a 1.5 percent increase from the 2018 study. While it is impossible to predict exactly where and when a data breach will occur, the costs associated with the breach of personal data is one no organization can really afford. Over the past […]

The Right to be Forgotten: Search Engines under the Recent CJEU cases

The further we evolve into a post-GDPR world, the more we are starting to see guidance come from a variety of sources. The European Data Protection Board (“EDPB”) continues to provide guidelines to fill in ambiguities in areas of the GDPR that are less clear. In addition, the Court of Justice of the European Union […]

An Active Summer for GDPR: Part II, Video Surveillance Data and the US CLOUD Act

In an effort to make sure everyone is up-to-date on the guidelines, decisions, and other relevant changes in European data protection, XPAN is providing a break down of what you may have missed over those relaxing summer months. Last week (available here), we provided a breakdown of the first of two plenary sessions held by […]

An Active Summer for GDPR: Part I, Codes of Conduct & Certification under the GDPR

As the summer is beginning to wind down, it is a good time to reflect on the last few months and to set priorities for the upcoming fall and winter months when it comes to a company’s security and privacy infrastructure. And, the EU authorities have had an active summer — giving companies in all […]

Beware of Potential Conflicts: Should Your Organization Appoint an IT Director as a Data Protection Officer?

**Reproduced from the International Journal for the Data Protection Officer, Privacy Officer, and Privacy Counsel, availabe here.  By Jordan L. Fischer, Esquire, Managing Partner, XPAN Law Group, LLC and Michael A. Shapiro, Esquire, XPAN Law Group, LLC Since the enactment of the European Union’s General Data Protection Regulation (the “Regulation”), the Data Protection Officer (“DPO”) […]

One Year Later: How are the Regulators Enforcing the GDPR?

We are coming up on the first anniversary of the European Union’s General Data Protection Regulation (“GDPR”), one of the most anticipated data protection regulations in recent memory. Love it, hate it, indifferent — regardless of your personal feelings, the GDPR made waves. It was the catalyst that caused companies across all industries to start […]