News & Analysis

The EU’s General Data Protection Regulation regulates the transfer of personal data in the European Union. The deadline for adapting Standard Contractual Clauses to meet new compliance obligations is December 27, 2022.

The UK government is proposing to amend its data privacy regime to make it easier for employers to comply with its requirements.

Employers often want to have a data retention policy that works for all of their international operations. We look at the challenges with this approach and how to make it work in practice.

The European Commission and the United States have announced a new data transfer mechanism, following the invalidation of Privacy Shield in July 2020.

The subdistrict court found that an employer in the Netherlands may record the phone calls of its employees only if it fulfils all the requirements under the GDPR.

UK employers have just about got used to the idea of GDPR, but the government has launched a consultation on reforms to the data protection regime.

At long last, the European Commission, on June 4, 2021, adopted new Standard Contractual Clauses (“new SCCs”) to permit lawful transfers of personal data from the European Union (EU) to third countries such as the United States.

Following Brexit, the European Commission is working on an adequacy decision concerning the UK, which will be announced before the end of June 2021.

In the first case of its kind, the High Court of England & Wales has considered the limits on the extraterritorial reach of the European Data Protection Regulation (GDPR).

The Court of Justice of the European Union has invalidated the EU-U.S. Privacy Shield Framework, which more than 5,300 U.S. organizations had relied on to lawfully transfer personal data from the EU to the United States.