The European Union (EU) has revised its Cybersecurity Directive (NIS2). The new rules will apply to a wide range of companies in many sectors, create new cybersecurity obligations, and impose high fines for noncompliance. EU countries have until October 17, 2024, to transpose the new rules. As the deadline approaches, companies should assess the impact on their cybersecurity strategy. This alert summarizes the key obligations for businesses.Continue Reading NIS2: Preparing for EU’s New Cybersecurity Rules
Matthew Nuding
EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified
On July 10, 2023, the European Commission (EC) adopted an adequacy decision in relation to the EU-U.S. Data Privacy Framework (DPF). This paves the way for organizations to certify to the DPF, reducing friction for transfers of personal data from the EU to the U.S., and allowing companies to simplify their compliance with EU data flow restrictions. It thus represents a major development in the regulation of data flows from the EU to the U.S.Continue Reading EU and U.S. Finalize Data Privacy Framework: Here’s How to Get Certified
European Commission Proposes New Rules on Financial Data Access and Use
On June 28, 2023, the European Commission (EC) published a Proposal for a Regulation on Financial Data Access (FIDA). FIDA aims to create a framework through which data holders (e.g., banks, credit institutions) share the financial data they hold with other players in the finance industry (e.g., fintech companies). Customers of financial institutions will be able to control i) which data is shared, ii) with whom, iii) for what purpose, and iv) for how long. If adopted, FIDA will further liberalize financial data sharing in the EU.Continue Reading European Commission Proposes New Rules on Financial Data Access and Use
UK and U.S. Commit to Establish a “Data Bridge” to Facilitate the Free Flow of Personal Data
On June 8, 2023, the UK and the U.S. governments issued a joint statement announcing that they had committed in principle to the establishment of a “UK Extension to the Data Privacy Framework,” which would facilitate flows of personal data between the two countries (the “Data Bridge”).Continue Reading UK and U.S. Commit to Establish a “Data Bridge” to Facilitate the Free Flow of Personal Data
UK Brings Forward Legislation to Streamline the GDPR
In March 2023, the UK government published the Data Protection and Digital Information (No. 2) Bill (the bill). If enacted, the bill will introduce significant changes to the UK’s data protection laws, with the aim…
Continue Reading UK Brings Forward Legislation to Streamline the GDPREU Privacy Regulators Coordinate to Assess Compliance with the GDPR Rules on Data Protection Officers
On March 15, 2023, the European Data Protection Board (EDPB) announced a coordinated action on the role of the data protection officers (DPOs). The data protection authorities (DPAs) will ask DPOs a series of questions…
Continue Reading EU Privacy Regulators Coordinate to Assess Compliance with the GDPR Rules on Data Protection Officers