White Label

Our Blog

ADGM Data Protection

The ADGM Data Protection Regulations 2021

Introduction The Abu Dhabi Global Market (ADGM) announced this week that it has enacted the highly anticipated new Data Protection Regulations 2021 (“DPR2021”). The ADGM, which was established in 2015, is an international financial centre located on Al Maryah Island in the capital of the United Arab Emirates. For those readers less familiar with the Gulf region, the ADGM is

Read More »
WLC // Privacy Strategy // Chess and Decision and people in blue

Can the DPO be involved in operational matters?

Last week, I had a long and interesting discussion with one of the leading Scandinavian data protection lawyers. We normally see eye to eye on most matters, so I was genuinely surprised to find myself disagreeing with his position on one of the most fundamental building blocks of data protection regulation, namely the position of the Data Protection Officer (DPO).

Read More »

Does the deployment of 5G require a DPIA?

Introduction In the last year, significant momentum has started to build around fifth generation (5G) for wireless communications technology. The new generation of mobile network technology brings with it new capabilities that over time will allow for a whole new range of previously unthinkable use cases for consumers, business and public administration. However, as also observed by data protection authorities,

Read More »
Data Protection

The new personal data protection law in Egypt – a GDPR comparison

As part of a growing trend across the region, Egypt has introduced the new Personal Data Protection Law No. 151/2020 (PDPL). It was passed in July and entered into force in October.   In a manner similar to a number of other countries that followed the highwater mark set by the EU, the PDPL also bears a strong resemblance to

Read More »
Data Ethics

Data Ethical Reporting in Denmark

A recent change in the Danish legislation on annual reporting for large companies has come into force. The change requires covered companies to supplement their annual report with a statement on their policies on data ethics. The change will have effect for the fiscal year commencing on January 2021 or later. In this article, we take a closer look at

Read More »
Personal data protection // Isometric Graphic // White Label Consultancy

What a seatbelt can teach us about data protection enforcement

We are seeing the introduction of new or updated “GDPR-inspired” data protection regulations across the Middle East and Africa. Although the European Union’s General Data Protection Regulation (GDPR) is driving an element of much needed global harmonisation, the GDPR also has the potential to restrict the vital free flow and aggregation of data in the region. This is something which

Read More »
Public sector

Not every man for himself: Risk assessments, transfers and ethical empowerment in the public sector

The saying ‘Every man for himself’ indicates not only a fundamental principle of competition along with an ambitious striving towards a goal. Much more, the saying enhances the idea of singularity and maybe even exclusion. ‘Every man for himself’ thus becomes the tale of insulation and maybe even lack of community-thinking. By ‘community-thinking’ we mean a set of common values

Read More »
Data Transfers
Data Transfers

Data transfers and standard contractual clauses in the light of Schrems II

  Introduction  Following the CJEU Schrems II court ruling, WLC focuses on a series of aspects relating to the ruling and its implications. In this article, we examine the legal basis requirement and why the European Commission’s Standard Contractual Clauses, otherwise known as the Model Clause or SCCs, are still alive – and what you need to be aware of when applying them.  Obviously, before transferring personal data out of the European Economic Area (EEA), a data exporter must ensure that there is a legal basis

Read More »
DIFC data protection law

Is GDPR compliance enough for the new DIFC data protection law?

The Dubai International Financial Centre (“DIFC”), a financial services free zone in the Emirate of Dubai in the UAE, recently released Data Protection Law DIFC No.5 of 2020. The law came into effect on 1 July 2020. Companies have a 3 month grace period to prepare for the new requirements. There is some good news though – the new law

Read More »
Data Transfers

Schrems II – Implications beyond the US of A

Introduction This post continues a series of WLC commentaries following the recent Schrems II judgement by the CJEU. The judgement invalidated the Privacy Shield and confirmed the validity of Standard Contractual Clauses (“SCCs”) as a cross-border data transfer mechanism. It however imposed a requirement on the data exporter and the data importer to ensure, on a case-by-case basis, full compliance with a

Read More »