Legal IT Group

JUNE 12, 2023

Every day, more and more companies face the problem of personal data protection. As companies are increasingly scrutinised for proper data protection, it’s worth paying close attention to the latest best practices to avoid dealing with the potential negative consequences of a data breach.

Data protection 130

Data protection e-filing Court e-records 130

Legal IT Group

JANUARY 17, 2023

Therefore, individual states took matters into their own hands and passed local laws to protect the privacy of their residents. In this article, we will review who needs to know the new rules of the US legislation, when exactly they will come into force and what obligations these laws provide.

Data protection 130

Data protection Law Law Attorney 130

Inside Privacy

APRIL 28, 2023

On 29 March 2023, the UK Information Commissioner’s Office (“ICO”) published updated Guidance on AI and data protection (the “Guidance”) following “requests from UK industry to clarify requirements for fairness in AI”. AI has been a strategic priority for the ICO for several years.

Data protection 74

Data protection Compliance Law Law 74

MatterSuite

MAY 8, 2023

Law firms are often targeted by cybercriminals due to the sensitive information they handle and the potential for financial gain. In 2020, the American Bar Association reported that over 25% of law firms had experienced a data breach, with smaller firms being particularly vulnerable. What is Cyber Security Compliance?

Compliance 98

Compliance Failure-to-appear Data protection Intellectual Property 98

Legal IT Group

NOVEMBER 13, 2023

A data protection officer ( DPO ) is a specialist who helps companies ensure compliance with international data protection laws. In a nutshell, the DPO is a key person who helps the company in all business processes to ensure compliance with the data protection law.

Data protection 130

Data protection Compliance International law Law 130

Relativity

MARCH 13, 2025

Ensuring compliance with data privacy regulations is not only a legal obligation; it’s a critical component of maintaining customer trust and safeguarding sensitive information. In 2025, several new regulations are expected to be enacted.

Data protection 52

Data protection Compliance 52

Technology Law Dispatch

OCTOBER 26, 2023

On 3 October 2023, the UK Information Commissioner’s Office organised its annual Data Protection Practioner’s Conference 2023 (DPPC 2023). Any framework could be used as a baseline as long as the focus is on security as an outcome and not compliance. Supply chains were also covered.

Data protection 59

Data protection Due diligence Compliance Law 59

Technology Law Dispatch

JUNE 23, 2023

On 19 June 2023, the Information Commissioner’s Office (ICO) has released new Guidance on Privacy-Enhancing Technologies (PETs) for Data Protection Compliance. Understanding PETs PETs are software and hardware systems that can help minimize use of personal data use while maximizing information security.

Data protection 52

Data protection Compliance Software Law 52

Inside Privacy

MARCH 14, 2023

Following a report, the French supervisory authority (“CNIL”) audited two organizations carrying out medical research in early 2022 to check their compliance with these requirements. Another requirement is that patients participating in the research must receive all the information mandated by Art.

Data protection 65

Data protection Compliance 65

Legal IT Group

APRIL 2, 2025

Definition of personal data 1.2. Rights of data subjects 1.4. Privacy concepts and roles Technologies, most impacting on privacy and data protection 2.1. Social media advertising, based on personal data 2.2. PRIVACY PROTECTION IN THE MODERN WORLD 1.1. Such an identifier is personal data.

Data protection 130

Data protection Compliance Software Machine learning 130

Legal IT Group

APRIL 2, 2025

Even though the lack of privacy measures will have the same data leakage, IoT developers still shall take all appropriate actions to protect the personal data of its users. Internet of Things and General Data Protection Regulation. Then what to consider when creating IoT devices for compliance with the GDPR?

Data protection 100

Data protection Compliance Lawyer Law 100

Legal Tech Blog

SEPTEMBER 7, 2023

New data protection laws, increasing regulation, greater risk of cyber attacks: The challenges for entrepreneurs are becoming ever greater. However, compliance can be largely automated through artificial intelligence. On September 1, a new data protection law (revDSG) has come into force in Switzerland.

Compliance 70

Compliance Data protection Legal tech Legal tech 70

Legal IT Group

FEBRUARY 23, 2023

Introduction In our previous articles , we have already drawn your attention to the Brazilian data protection legislation which is quite similar to the General Data Protection Regulation (GDPR). Also, the ANPD has shared a new form which should be used for sending security incident reports by a data controller.

Data protection 130

Data protection Compliance e-filing Law 130

LawSites

SEPTEMBER 8, 2021

20, is similar to Europe’s General Data Protection Regulation (GDPR) and applies to any organization that has employees in China or does business in China. This new PIPL product asks companies a series of questions about their business and how they handle personal information from China. With companies facing a Nov.

Compliance 85

Compliance Law Law Data protection 85

Debevoise Data Blog

AUGUST 27, 2024

Representative actions: In light of the CJEU ruling that a violation of the controller’s information obligations can be subject to a representative action, businesses should consider the potentially increased risk of litigation following GDPR breach allegations and how to respond.

Data protection 52

Data protection Compliance Litigator Litigation 52

Legal IT Group

JUNE 5, 2023

A data protection impact assessment (DPIA) sounds like something big, complicated and problematic. DPIA stands for Data Protection Impact Assessment. A DPIA is typically conducted when a new project involving the specific processing of personal data is being implemented. Well, it is true. Let’s check.

Data protection 130

Data protection Compliance Time-tracking Law 130

Legal IT Group

SEPTEMBER 29, 2023

Brazil’s Lei Geral de Proteção de Dados Pessoais (or LGPD), similar to GDPR, CCPA and PIPEDA, regulates personal data protection. If the company does not process personal data in Brazil but still processes data to offer or supply goods or services to Brazil, the LGPD also applies in this case.

Data protection 130

Data protection Compliance Court Law 130

Legal IT Group

JANUARY 22, 2024

With this regard, it is essential to know about the privacy legislation of this country since, nowadays, most internet businesses process the personal data of their clients, and they should do it in compliance with data protection laws.

Data protection 130

Data protection Compliance Litigator Litigation 130

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant.

Data protection 52

Data protection Compliance Law Law 52

Debevoise Data Blog

JUNE 27, 2024

Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware payments. These developments are covered in more detail below.

Data protection 52

Data protection Software e-records Compliance 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. See , our post on what to do in light of the new EU SCCs.

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Ikigai Law

AUGUST 4, 2023

India’s Digital Personal Data Protection Bill 2023 was introduced in Parliament on 3 August 2023. Once passed, the law will govern how businesses collect and use individuals’ data. What data is covered? Personal data, i.e., data about an individual that can identify them. What else should fiduciaries do? (a)

Data protection 52

Data protection Law Law e-records 52

Global LegalTech Hub

MAY 7, 2024

Countries like Italy initially blocked ChatGPT's use, later reinstating it with promises of increased transparency and data protection. The Ibero-American Data Protection Network (RIPDP) warns of the risks associated with using AI services like those developed by OpenAI, L.L.C.,

Data protection 130

Data protection Compliance Law Law 130

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. On the regulatory front, German DPAs have set up a taskforce to conduct random checks on companies’ cross-border data transfer compliance following Schrems II. We cover those developments (and more) below.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards. ICO proposes £6.09

Data protection 52

Data protection Court Software Compliance 52

Kevin O'Keefe

FEBRUARY 25, 2024

Privacy and Data Protection: Advising on compliance with data protection laws, including GDPR in Europe and CCPA in California, especially for AI systems that process personal data. Regulatory Compliance: Assisting with compliance regarding AI-specific regulations and standards across different sectors.

Law firm 130

Law firm Intellectual Property Data protection Compliance 130

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

SEPTEMBER 27, 2023

The controller was also fined €9,000 for not having the proper contact information for the DPO in its privacy policy, and for using cookies without user consent. These developments, and more, covered below.

Data protection 52

Data protection Compliance e-filing Court 52

Legal IT Group

JULY 5, 2023

The role of codes of conduct in protecting personal data and what you need to know about compliance (and the consequences of deciding to comply but not doing so). Why can a medical facility collect consent for data processing? The data subject’s signature will be deemed to be such express consent.

Data protection 130

Data protection Compliance Court Software 130

Inside Privacy

JULY 3, 2023

On 21 June 2023, at the close of a roundtable meeting of the G7 Data Protection and Privacy Authorities, regulators from the United States, France, Germany, Italy, United Kingdom, Canada and Japan published a joint “Statement on Generative AI” (“Statement”) (available here ).

Data protection 108

Data protection Compliance Law Law 108

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

DECEMBER 13, 2022

Management will also face new overarching and specific obligations to approve, oversee and manage DORA-related compliance frameworks. While aspects of the regime, including details of incident reporting obligations, remain to be decided, the key requirements are now set.

Data protection 52

Data protection Compliance Due diligence Hearing 52

Debevoise Data Blog

DECEMBER 22, 2023

For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space. In particular, the paper recommends the use of internal data access controls, regular auditing of data security measures, and the use of data protection impact assessments.

Data protection 52

Data protection Time-tracking Compliance Machine learning 52

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 4 million was for allegedly deficient oversight of Vodafone’s data processors. Here are our highlights of what you need to know.

Data protection 52

Data protection Compliance Court Law 52

new tech law blog

JANUARY 2, 2023

In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law. Bossware and the rules for processing personal data As a rule, the operation of bossware will involve the processing of employee personal data. 5 of the General Data Protection Regulation.

Data protection 52

Data protection Law Law Time-tracking 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 billion fine against Meta. These developments, and more, covered below. (1)

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

MARCH 26, 2023

The tribunal agreed with the ICO that where Experian obtained personal data for marketing purposes from a third party that had collected it on the basis of consent, the consent would no longer be informed and withdrawal of consent is complicated, though Experian had since changed this practice.

Data protection 52

Data protection Compliance Court Law 52