Insights & news

GDPR Q&A | Twenty-one Questions and Answers to assist companies in complying with the General Data Protection Regulation

  • 06/08/2018
  • Articles
GDPR Q&A | Twenty-one Questions and Answers to assist companies in complying with the General Data Protection Regulation

The Charter of Fundamental Rights of the European Union establishes that everyone has the right to the protection of one’s personal data. In the EU, the new “General Data Protection Regulation” (GDPR) further elaborates on the rights and obligations when processing personal data.

The GDPR contains significant new obligations, when compared to the regime applicable under Directive 95/46/EC, and raises the stakes for data protection compliance in terms of responsibility and liability.

Companies doing business in Europe should seek legal advice if they feel that they may be affected by this highlight complex and considerably far-reaching legislation.

The enclosed document contains twenty-one questions most commonly asked by companies that are actively working to comply with the GDPR.

Key contacts

Related practice areas

Related insights

Sign up for updates
    • 14/01/2020
    • Articles

    Advocate General Confirms Validity of EU Standard Contractual Clauses

    Advocate General Henrik Saugmandsgaard Øe recently delivered his opinion in the Facebook Ireland and Schrems case, (also known as the Schrems II case). The Advocate General states that the validity of the Commission Decision approving standard contractual clauses for the transfer of personal data (SCCs) cannot be called into question. At the same time, the Advocate General indicated that controllers and supervisory authorities have an obligation to suspend transfers on the basis of SCCs if the obligations contained in the clauses cannot be guaranteed under the laws of the data importer. Please click below for a short client memorandum on these guidelines.

    Read more
    • 03/12/2019
    • Articles

    EDPB Guidelines on Data Protection by Design and by Default

    On 13 November 2019, the European Data Protection Board (EDPB) published draft guidelines (the Guidelines) on the principle of “Data Protection by Design and by Default” set out under Article 25 of the General Data Protection Regulation (GDPR). The Guidelines explain how controllers must ensure that they effectively implement the “data protection principles and data subjects’ rights and freedoms by design and by default” during the design and life cycle of processing activities. The EDPB underlines that Data Protection by Design and Default is a requirement for all controllers, independent of their size. The examples contained in the Guidelines illustrate the broad range of processing activities to which this principle applies: from setting up membership administration to buying customer relationship management (CRM) software; designing online order forms; improving effectiveness of deliveries (through tracking employees); deciding on loan applications as a financial institution; or using artificial intelligence to profile customers. However, the complexity of implementing this principle will vary based on the individual processing operation. In this regard, the principle of Data Protection by Design and Default is coherent with the “risk-based approach” underlying the GDPR. Please click below for a short client memorandum on these guidelines.

    Read more
    • 26/11/2019
    • Articles

    Annual Review Confirms Validity of EU-US Privacy Shield

    On 23 October 2019, the European Commission (Commission) published its report on the Third Annual Joint Review of the EU-US Privacy Shield. The Privacy Shield is a self-certification scheme whereby certified US organisations can more easily receive personal data transferred to them from the EU. Certification is granted when an organisation implements measures in order to protect personal data. At the time of the review, there were more than 5,000 participating companies. In its report, the Commission confirms that the EU-US Privacy Shield continues to provide an adequate level of protection for transfers of personal data. It indicates that important improvements have been made to the framework, but also identifies some areas of concern. The European Data Protection Board (EDPB), which is invited to participate in the annual review process, published its own report on the Third Annual Joint Review on 12 November 2019, essentially confirming the findings of the Commission and making further recommendations on access by public authorities of data transferred to the US under the Privacy Shield. The annual review procedure is an important element in the construction of the Privacy Shield since its predecessor, the EU-US Safe Harbour scheme, was annulled by the Court of Justice of the European Union (CJEU) on 6 October 2015 (Case C-362/14). Whether the improvements suffice for the Privacy Shield to meet the EU requirements will be determined by the European Courts in the coming months. Please click below for a short client memorandum on the Third Annual Review of the EU-US Privacy Shield.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *