Skip to content

White Label

Our Blog

WLC // Privacy Strategy // Chess and Decision and people in blue

Can the DPO be involved in operational matters?

Last week, I had a long and interesting discussion with one of the leading Scandinavian data protection lawyers. We normally see eye to eye on most matters, so I was genuinely surprised to find myself disagreeing with his position on one of the most fundamental building blocks of data protection regulation, namely the position of the Data Protection Officer (DPO).

Read More »

Does the deployment of 5G require a DPIA?

Introduction In the last year, significant momentum has started to build around fifth generation (5G) for wireless communications technology. The new generation of mobile network technology brings with it new capabilities that over time will allow for a whole new range of previously unthinkable use cases for consumers, business and public administration. However, as also observed by data protection authorities,

Read More »
Data Protection

The new personal data protection law in Egypt – a GDPR comparison

As part of a growing trend across the region, Egypt has introduced the new Personal Data Protection Law No. 151/2020 (PDPL). It was passed in July and entered into force in October.   In a manner similar to a number of other countries that followed the highwater mark set by the EU, the PDPL also bears a strong resemblance to

Read More »
Data Ethics

Data Ethical Reporting in Denmark

A recent change in the Danish legislation on annual reporting for large companies has come into force. The change requires covered companies to supplement their annual report with a statement on their policies on data ethics. The change will have effect for the fiscal year commencing on January 2021 or later. In this article, we take a closer look at

Read More »
Personal data protection // Isometric Graphic // White Label Consultancy

What a seatbelt can teach us about data protection enforcement

We are seeing the introduction of new or updated “GDPR-inspired” data protection regulations across the Middle East and Africa. Although the European Union’s General Data Protection Regulation (GDPR) is driving an element of much needed global harmonisation, the GDPR also has the potential to restrict the vital free flow and aggregation of data in the region. This is something which

Read More »
Public sector

Not every man for himself: Risk assessments, transfers and ethical empowerment in the public sector

The saying ‘Every man for himself’ indicates not only a fundamental principle of competition along with an ambitious striving towards a goal. Much more, the saying enhances the idea of singularity and maybe even exclusion. ‘Every man for himself’ thus becomes the tale of insulation and maybe even lack of community-thinking. By ‘community-thinking’ we mean a set of common values

Read More »
Data Transfers
Data Transfers

Data transfers and standard contractual clauses in the light of Schrems II

  Introduction  Following the CJEU Schrems II court ruling, WLC focuses on a series of aspects relating to the ruling and its implications. In this article, we examine the legal basis requirement and why the European Commission’s Standard Contractual Clauses, otherwise known as the Model Clause or SCCs, are still alive – and what you need to be aware of when applying them.  Obviously, before transferring personal data out of the European Economic Area (EEA), a data exporter must ensure that there is a legal basis

Read More »
DIFC data protection law

Is GDPR compliance enough for the new DIFC data protection law?

The Dubai International Financial Centre (“DIFC”), a financial services free zone in the Emirate of Dubai in the UAE, recently released Data Protection Law DIFC No.5 of 2020. The law came into effect on 1 July 2020. Companies have a 3 month grace period to prepare for the new requirements. There is some good news though – the new law

Read More »
Data Transfers

Schrems II – Implications beyond the US of A

Introduction This post continues a series of WLC commentaries following the recent Schrems II judgement by the CJEU. The judgement invalidated the Privacy Shield and confirmed the validity of Standard Contractual Clauses (“SCCs”) as a cross-border data transfer mechanism. It however imposed a requirement on the data exporter and the data importer to ensure, on a case-by-case basis, full compliance with a

Read More »
Programme Planning
Data Transfers

How can I help my organisation manage the consequences of Schrems II Judgement

Intro This post is a continuation of our pragmatic advice on dealing with the consequences of the recent Schrems II judgement of CJEU, that have invalidated the Privacy Shield and put in question the way organisations transfer data outside of the EU/EEA. We are focusing on practical steps that the organisation should take internally as a reaction to the Schrems

Read More »