Last week, I had a long and interesting discussion with one of the leading Scandinavian data protection lawyers. We normally see eye to eye on most matters, so I was genuinely surprised to find myself disagreeing with his position on one of the most fundamental building blocks of data protection regulation, namely the position of the Data Protection Officer (DPO).
Introduction In the last year, significant momentum has started to build around fifth generation (5G) for wireless communications technology. The new generation of mobile network technology brings with it new capabilities that over time will allow for a whole new range of previously unthinkable use cases for consumers, business and public administration. However, as also observed by data protection authorities,
As part of a growing trend across the region, Egypt has introduced the new Personal Data Protection Law No. 151/2020 (PDPL). It was passed in July and entered into force in October. In a manner similar to a number of other countries that followed the highwater mark set by the EU, the PDPL also bears a strong resemblance to
A recent change in the Danish legislation on annual reporting for large companies has come into force. The change requires covered companies to supplement their annual report with a statement on their policies on data ethics. The change will have effect for the fiscal year commencing on January 2021 or later. In this article, we take a closer look at
We are seeing the introduction of new or updated “GDPR-inspired” data protection regulations across the Middle East and Africa. Although the European Union’s General Data Protection Regulation (GDPR) is driving an element of much needed global harmonisation, the GDPR also has the potential to restrict the vital free flow and aggregation of data in the region. This is something which
The saying ‘Every man for himself’ indicates not only a fundamental principle of competition along with an ambitious striving towards a goal. Much more, the saying enhances the idea of singularity and maybe even exclusion. ‘Every man for himself’ thus becomes the tale of insulation and maybe even lack of community-thinking. By ‘community-thinking’ we mean a set of common values
Introduction Following the CJEU Schrems II court ruling, WLC focuses on a series of aspects relating to the ruling and its implications. In this article, we examine the legal basis requirement and why the European Commission’s Standard Contractual Clauses, otherwise known as the Model Clause or SCCs, are still alive – and what you need to be aware of when applying them. Obviously, before transferring personal data out of the European Economic Area (EEA), a data exporter must ensure that there is a legal basis
The Dubai International Financial Centre (“DIFC”), a financial services free zone in the Emirate of Dubai in the UAE, recently released Data Protection Law DIFC No.5 of 2020. The law came into effect on 1 July 2020. Companies have a 3 month grace period to prepare for the new requirements. There is some good news though – the new law
Introduction This post continues a series of WLC commentaries following the recent Schrems II judgement by the CJEU. The judgement invalidated the Privacy Shield and confirmed the validity of Standard Contractual Clauses (“SCCs”) as a cross-border data transfer mechanism. It however imposed a requirement on the data exporter and the data importer to ensure, on a case-by-case basis, full compliance with a
Intro This post is a continuation of our pragmatic advice on dealing with the consequences of the recent Schrems II judgement of CJEU, that have invalidated the Privacy Shield and put in question the way organisations transfer data outside of the EU/EEA. We are focusing on practical steps that the organisation should take internally as a reaction to the Schrems