Archives

GDPR Compliance

Transferring data from Switzerland for eDiscovery purposes in a post-Schrems II world

Michael Simon Introduction: another one bites the dust On September 8, 2020, Adrian Lobsiger, the Swiss Federal Data Protection and Information Commissioner (FDPIC), announced in a position paper that he no longer considers the Swiss US Privacy Shield agreement to be adequate for the purposes of lawfully transferring personal data from Switzerland to the US. […]

Transferring data from the EU for eDiscovery purposes in a post Privacy Shield World

Michael Simon A few weeks ago, I had the privilege of participating in a Masters’ Conference webinar on the topic of how to lawfully transfer EU data to the US after the Court of Justice of the European Union (“CJEU”) invalidated the Privacy Shield agreement on July 16, 2020. Despite many uncertainties that remain from […]

The CJEU disrupts International Data Transfers, Again

The Court of Justice of the European Union (“ECJ”) released its much anticipated decision on July 16, 2020 regarding the transfer of personal data from the European Union (“EU”) to the United States (“US”). The full decision can be found here; and the ECJ press release can be located here.  The two main holdings of […]

The EU’s GDPR Turns 2!

Today marks the second anniversary of the EU’s General Data Protection Regulation. And, wow, what a two years it has been! Looking back to 2018, I can remember my email being flooded with privacy notice updates to account for the changes under the GDPR. It did cause me to pause at how  many (often too […]

The UK: They left the EU; did your data?

As many of you may know, the United Kingdom officially left the European Union on January 31, 2020, after forty-seven (47) years of membership. What does this mean? Well the short answer is: we do not really know yet.  The UK and the EU are now in a “transition period” that will last until at […]

Blockchain and Data Protection Laws: Can they Co-Exist?

Blockchain is a buzzword in the technology community, promising to combine unforseen computing power with the corresponding ability to confirm accuracy and legitimacy of transactions. The most common example of blockchain to the common user is cryptocurrency, the most popular of which is Bitcoin (or, at least, one of the most well-known). But, the use […]

The EDPB Offers Guidelines for Lawful Basis of Processing Based on the Necessity for the Performance of a Contract

By Michael A. Shapiro, Esq., CIPP/US/E, attorney with XPAN Law Group Article 6 of the General Data Protection Regulation (GDPR) requires that processing must be “lawful” on the basis of six specified conditions set forth in Article 6(1)(a) to (f).   One of the basis for lawful processing is the “necess[ity] for the performance of a […]

Vendor Risk Management: Playing with Fire and Risking Getting Burned

In 2019, the global average cost of a data breach is $3.92 million; a 1.5 percent increase from the 2018 study. While it is impossible to predict exactly where and when a data breach will occur, the costs associated with the breach of personal data is one no organization can really afford. Over the past […]

The Right to be Forgotten: Search Engines under the Recent CJEU cases

The further we evolve into a post-GDPR world, the more we are starting to see guidance come from a variety of sources. The European Data Protection Board (“EDPB”) continues to provide guidelines to fill in ambiguities in areas of the GDPR that are less clear. In addition, the Court of Justice of the European Union […]

An Active Summer for GDPR: Part II, Video Surveillance Data and the US CLOUD Act

In an effort to make sure everyone is up-to-date on the guidelines, decisions, and other relevant changes in European data protection, XPAN is providing a break down of what you may have missed over those relaxing summer months. Last week (available here), we provided a breakdown of the first of two plenary sessions held by […]