On November 27, 2023, the European Union took a significant step in shaping its digital landscape. The Council approved the Data Act, which will officially take effect 20 days after its publication in the EU Official Journal. This Act establishes extensive rules for handling and sharing data from “connected products” and “related services.” Scope The Act aims not just to
One of the most demanding challenges in clinical research is to establish a clear framework for the lawful and ethical use of retrospective data. Retrospective data represents a valuable source of information for research projects; however, it is typically collected for purposes unrelated to the research’s objectives. This gives rise to concerns such as the potential for unlawful repurposing of
Cookies have been at the center of data protection discussions for a long time, but recently the focus on the implementation of cookies has increased significantly. This blog post provides some insight into the most recent changes with regard to data protection authorities’ opinion on the implementation of cookie banners since the European Data Protection Board’s Cookie Banner Taskforce report.
As Saudi Arabia introduces its Personal Data Protection Law (PDPL), organizations based in the region should be aware of its data protection requirements, and those operating internationally must be able to comply with the diverse legal regimes. Drawing from the principles of the GDPR, the PDPL shares many similarities. Yet, it brings its unique characteristics, affecting procedures, legal bases, and
The Data Protection Officer (DPO) role has become a global profession. Although the practice of appointing a DPO previously existed in several countries around the globe, recently, there have been major developments in Gulf Cooperation Council (GCC) countries. Organizations should evaluate whether these new requirements apply to them and whether they should appoint a DPO. In this white paper, we explain
Over the last three years, the Attorney-General’s Department has conducted a Review of the Privacy Act 1988 (Cth). On 28 September, the Government Response to the Privacy Act Review Report was published. This Government Response comes eight months after the Attorney-General’s Department published the Privacy Act Review Report 2022, a 320-page document outlining 116 recommendations and proposals resulting from extensive
On July 10, 2023, the European Commission (EC) adopted an Adequacy Decision regarding the EU-U.S. Data Privacy Framework (DPF). The decision taken by the EC regarding the EU-U.S. DPF enables organisations to certify their compliance with the EU-U.S. DPF, simplifying the process of transferring personal data from the EU to the U.S. The EU-U.S. DPF represents a significant step in
White Label Navigating the Risks of Large Language Models The emergence of powerful Large Language Models (LLM) led businesses to consider the implementation of these technologies in their daily activities. LLMs have the potential to improve business productivity and efficiency, but they can also be an additional risk factor that should be evaluated to ensure compliance with legal obligations. At
ENISA AI Cybersecurity Conference took place on 7th June, and here are the key highlights: AI is a double-edged sword when it comes to Cyber Security as it enables better and more advanced prevention against cyberattacks but at the same time enables cyber criminals to advance their attack methods and vectors. Generative AI by Huub Janssen (Rijksinspectie Digitale Infrastructuur) Cyber
As a data protection professional, you will often find yourself being part of large contractual negotiations, where you will be responsible for data processing agreement. Therefore, please find below a few tips on how to prepare for a (re-) negotiation of data processing agreements to achieve the best possible outcome of these. First of all, know the party on the