Ikigai Law

AUGUST 4, 2023

India’s Digital Personal Data Protection Bill 2023 was introduced in Parliament on 3 August 2023. Once passed, the law will govern how businesses collect and use individuals’ data. Read on for a quick explainer of what the law means for you. An overview and summary of the law is on our blog. Who is affected?

Data protection 52

Data protection Law Law e-records 52

Legal IT Group

SEPTEMBER 15, 2023

International data transfers in GDPR compliance are complex, as data are transferred to third countries outside the European Union (EU) or the European Economic Area (EEA). Suppose you are interested in personal data protection issues. How does conducting a DTIA relate to GDPR compliance?

Data protection 52

Data protection Compliance Court Law 52

CaseFox

MAY 30, 2023

In today’s digital age, data security is a critical concern for law firms. As custodians of sensitive client information, law firms must take proactive measures to safeguard data from cyber threats and ensure compliance with data protection regulations.

Law firm 98

Law firm Data protection Law Law 98

new tech law blog

JANUARY 2, 2023

In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law. Bossware and the rules for processing personal data As a rule, the operation of bossware will involve the processing of employee personal data.

Data protection 52

Data protection Law Law Time-tracking 52

Debevoise Data Blog

AUGUST 27, 2024

Building on prior European guidance , the French and Irish DPAs published guidance on the deployment of generative AI, large language models and data protection. To that end, the EDPB proposed designating DPAs as the “national competent authorities” under the AI Act to create a single point of contact.

Data protection 52

Data protection Compliance Litigator Litigation 52

Debevoise Data Blog

JUNE 27, 2024

Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware payments. 22, then there must be sufficient human-involvement in that processing for it to be GDPR-compliant.

Data protection 52

Data protection Software e-records Compliance 52

Debevoise Data Blog

OCTOBER 12, 2021

million fine against Austrian Post for channelling electronic data protection-related inquiries to a web form and not offering an additional email address, irrespective of the data subject option to also use non-electronic postal mail or customer service. Standard Contractual Clauses).

Data protection 52

Data protection Failure-to-appear Compliance e-records 52

Debevoise Data Blog

MAY 28, 2024

EDPB “Consent or pay” models: Businesses operating large online platforms should consider the European Data Protection Board’s recent opinion indicating that “consent or pay” models are unlikely to be GDPR-compliant. These developments, and more, are covered below.

Data protection 52

Data protection Compliance Law Law 52

Ikigai Law

AUGUST 9, 2023

This article discusses the first step for fintechs to get ready for the new data law. No piece of legislation has taken more punches than our elusive data protection law. The data law is nearly here! The Digital Personal Data Protection Bill, 2023 was introduced in Parliament on 3 August 2023.

Data protection 52

Data protection Analytics Compliance Law 52

Legal IT Group

SEPTEMBER 19, 2023

For example, in 2020, the Data Protection Authority of Hamburg imposed a 35.3 This fact became known when the H&M servers encountered a technical error, and the data on the network drive became accessible to all employees for a few hours. Different local laws require employers to retain employee data.

Data protection 52

Data protection Compliance e-records Law 52

Debevoise Data Blog

MARCH 11, 2021

There were a few European data protection developments in February that companies may want to have on their radar. On the regulatory front, German DPAs have set up a taskforce to conduct random checks on companies’ cross-border data transfer compliance following Schrems II. We cover those developments (and more) below.

Data protection 52

Data protection Compliance Analytics Court 52

Debevoise Data Blog

JULY 20, 2021

Here are our highlights: European Commission adopts new Standard Contractual Clauses What happened : As reported in our blog post , the European Commission adopted its new Standard Contractual Clauses (“SCCs”) for the cross-border transfer of personal data from the EEA to “third countries”.

Data protection 52

Data protection e-filing Compliance e-records 52

Technology Law Dispatch

OCTOBER 26, 2023

On 3 October 2023, the UK Information Commissioner’s Office organised its annual Data Protection Practioner’s Conference 2023 (DPPC 2023). NIST), the ICO’s response was that there have been a number of laws introduced recently that require certain security measures to be adopted. Supply chains were also covered.

Data protection 59

Data protection Due diligence Compliance Law 59

Debevoise Data Blog

APRIL 8, 2021

million for vendor oversight failings, unlawful cross-border transfers What happened : The AEPD, the Spanish data protection authority (“DPA”), fined Vodafone Spain €8.15 million for various breaches of the GDPR and Spanish e-privacy laws, topping the €6 million CaixaBank penalty from earlier this year. €4

Data protection 52

Data protection Compliance Court Law 52

MatterSuite

DECEMBER 12, 2024

But with the increase of business information in layers, comes the challenge of protecting personal and sensitive information, too. Amidst a world where cyber threats are becoming very advanced and prevalent, it is now imperative to uphold robust compliance to security frameworks, as well as sufficient cybersecurity measures , to secure data.

Compliance 52

Compliance Data protection Failure-to-appear Time-tracking 52

Debevoise Data Blog

SEPTEMBER 27, 2023

The AEPD held that a DPO cannot hold a position that leads them to determine the purposes and means of data processing. The scale and data protection risks associated with such technologies has been further complicated recently by their increasing integration with artificial intelligence systems.

Data protection 52

Data protection Compliance e-filing Court 52

Debevoise Data Blog

NOVEMBER 21, 2023

Data protection & AI: In particular: (i) the French CNIL published its first set of guidance on GDPR compliance when developing AI tools; and (ii) the UK ICO issued a preliminary enforcement notice against Snap over its AI chatbot, alleging that Snap had not adequately assessed the privacy risks posed to child users of the tool.

Data protection 52

Data protection Compliance Failure-to-appear e-records 52

Debevoise Data Blog

SEPTEMBER 23, 2024

Our top-five European data protection developments from August are: Uber fined for personal data transfer: The Dutch Data Protection Authority fined Uber €290 million for the unlawful transfer of European drivers’ personal data to the U.S., without sufficient safeguards.

Data protection 52

Data protection Court Software Compliance 52

Debevoise Data Blog

APRIL 28, 2023

UK ICO updates guidance to clarify requirements for fairness in AI What happened : The UK ICO has updated its existing Guidance on AI and data protection following requests from industry to clarify requirements for fairness in AI. Norwegian Data Protection Authority fines medical device company c.$240,000

Data protection 52

Data protection Compliance e-filing Software 52

Debevoise Data Blog

DECEMBER 13, 2022

Management will also face new overarching and specific obligations to approve, oversee and manage DORA-related compliance frameworks. The EDPB Guidance envisages a relatively formalistic risk assessment which involves comparing the laws and practices of the exporting country to the laws and practices of the importing country.

Data protection 52

Data protection Compliance Due diligence Hearing 52

Debevoise Data Blog

MARCH 26, 2023

UK tribunal limits ICO enforcement order but partially upholds lawful basis objection What happened : A tribunal rejected certain aspects of the UK ICO’s October 2020 enforcement notice against Experian, a credit reference agency that holds and processes data relating to essentially the whole of the UK’s adult population.

Data protection 52

Data protection Compliance Court Law 52

Debevoise Data Blog

JUNE 8, 2023

Third country data transfers : Businesses that transfer personal data outside of the EEA may want to review their transfer mechanisms in light of new guidance on the EU and South East Asia SCCs, and the DPC’s record-breaking €1.2 billion fine against Meta. These developments, and more, covered below. (1)

Data protection 52

Data protection Compliance e-records Dispute resolution 52

Debevoise Data Blog

DECEMBER 22, 2023

This guidance, which draws on the GDPR as well as national and EU case law, contains relevant advice for using AI in the healthcare space more broadly. For example, the Garante notes the need to incorporate data protection by design and by default principles within any AI systems used in the healthcare space. UK and U.S.

Data protection 52

Data protection Time-tracking Compliance Machine learning 52

Debevoise Data Blog

DECEMBER 10, 2020

The big news this November was the European Data Protection Board (the “EDPB”) issuing its highly anticipated post- Schrems II data transfer guidance, followed just a day later by the European Commission’s draft updated Standard Contractual Clauses (“SCCs”) (see our blog post here ).

Data protection 52

Data protection Dispute resolution Court Compliance 52

Debevoise Data Blog

MAY 7, 2021

The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK.

Data protection 52

Data protection Court Compliance Hearing 52

Debevoise Data Blog

MAY 12, 2023

Key takeaways this April include: UK children’s data protection focus continues: Businesses may wish to review policies and procedures for dealing with children’s data in light of recent UK ICO fines and guidance, especially to ensure that terms of use are adequately enforced.

Data protection 52

Data protection Software design Machine learning Software 52

Technology Law Dispatch

MARCH 24, 2023

On 8 March 2023, the UK government presented a new version of the UK Data Protection and Digital Information Bill No.2. As with the previous bill, the new bill aims to alleviate the burden of compliance with the UK GDPR and its implementing UK Data Protection Act (2018) for organisations in the UK.

Data protection 52

Data protection Failure-to-appear Compliance Software 52

Legal IT Group

JANUARY 17, 2023

Therefore, individual states took matters into their own hands and passed local laws to protect the privacy of their residents. In this article, we will review who needs to know the new rules of the US legislation, when exactly they will come into force and what obligations these laws provide.

Data protection 52

Data protection Law Law Attorney 52

Debevoise Data Blog

APRIL 26, 2024

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. These developments, and more, are covered below.

Data protection 52

Data protection e-records Compliance Court 52

Debevoise Data Blog

NOVEMBER 10, 2020

ICO targets the data broking industry : On 27 October, the ICO demanded that Experian make sweeping changes to data protection practices within its direct marketing business within three months or face further enforcement action. We will continue to report on developments as Experian’s appeal progresses.

Data protection 52

Data protection Intellectual Property e-records Machine learning 52

CaseFox

JUNE 13, 2023

All different types of organizations store data, including law firms. Law firms handle confidential and sensitive client data. This makes law firms prone to data breaches. As cyber threats are increasing, law firm data security is becoming crucial for lawyers and clients.

Law firm 98

Law firm Law Law Data protection 98

Legally Speaking

JUNE 11, 2023

Have you ever wondered how Digital Law has evolved over the years and what it takes to be at the forefront of this dynamic field? This week we’re super excited to be chatting with Peter Wright, someone who is making waves as a specialist Law Firm advisor in the realm of Digital Legal issues. The scary part of starting a law firm.

Data protection 40

Data protection Law Law Paralegal 40

CaseFox

FEBRUARY 27, 2023

Law tech helps improve and streamline legal processes, ranging from document automation to artificial intelligence (AI) tools for legal research. The economic deception has introduced new challenges as big law clients got shifted to law firms, charging less, giving mid-size firms an open hand approaching potential clients.

Legal tech 97

Legal tech Legal tech Law firm Document automation 97

CaseFox

JUNE 3, 2023

In today’s digital era, lawyers and law firms are embracing online platforms not only for case management but also for accepting payments. While technology and digitalization offer convenience and efficiency, they also come with legal compliance responsibilities. Why Is PCI Compliance Crucial For Law Firms?

Compliance 52

Compliance Law firm Law Law 52

Ikigai Law

AUGUST 3, 2023

Our summary of the Digital Personal Data Protection Bill, 2023 The Digital Personal Data Protection Bill, 2023 ( 2023 Bill ) was tabled in Parliament on 3 August 2023. It is the fifth – and likely final – iteration of India’s efforts to formulate a personal data protection law.

Data protection 52

Data protection Compliance e-filing Hearing 52

Legal IT Group

JANUARY 4, 2023

Those who process personal data of EU residents should comply with the requirements of the General Data Protection Regulation or GDPR. Non-compliance with GDPR may result in hefty fines and reputational losses. However, DPO is not a mere formality needed to comply with the law.

Compliance 52

Compliance Data protection Law Law 52

Debevoise Data Blog

FEBRUARY 20, 2023

When calculating the fine, the CNIL cited the large scale of the data processing and the high proportion of minors (38% were between 13 and 17) as aggravating factors. The fines follow non-compliance notices CNIL served to 60 organisations that did not allow users to refuse cookies as easily as to accept them.

Data protection 52

Data protection Compliance e-records Court 52