Photo of Oliver Yaros

Oliver Yaros is a partner in the Intellectual Property & IT Group as well as the Technology & IP Transactions and Cybersecurity & Data Privacy practices of the London office of Mayer Brown. He advises clients on technology and outsourcing transactions with a particular focus on fintech and digital transformation projects, as well as clients operating within a broad range of sectors on data protection matters and cybersecurity incidents, intellectual property transactions and related issues.

Read Oliver's full bio.

The UK Information Commissioner’s Office (the “ICO”) published new guidance on transfer risk assessments (“TRAs”) and a template for carrying out a TRA.

All businesses are required to carry out TRAs, also known as local law assessments or transfer impact assessments, when transferring personal data subject to the UK GDPR outside the United Kingdom using

Ransomware attacks continue to surge from the levels seen just a few years ago and the threat such attacks present against companies and organisations remains very real – not least because the sums involved also continue to surge. According to a recent report by software company Acronis1, global ransomware damages are predicted to

On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic

Companies that rely on standard contractual clauses for transferring personal data from the United Kingdom to jurisdictions not considered to offer an adequate level of data protection under the UK General Data Protection Regulation can no longer use the old EU standard contractual clauses in new contracts as of today, Wednesday 21 September 2022.

The UK Government has published its response to the consultation on its proposed reform of the UK’s data protection regime (which we have provided further information on in our previous legal update available here.) Whilst the UK Government has proposed several incremental reforms to the UK’s data protection laws that will diverge from the

On 25 May 2022, the European Commission published Questions and Answers for the New  Standard Contractual Clauses to provide practical guidance on the use of standard contractual clauses (SCCs) and help organisations with their General Data Protection Regulation (GDPR) compliance efforts. The Commission confirmed that the Q&A document will be regularly updated.

Continue reading.

The Queen’s Speech 2022 (the “Speech”), given on 10 May 2022 (available here), details the UK Government’s priorities for the year. Although its focus was primarily on the cost of living crisis and proposed economic measures, the Speech confirmed that the UK’s data protection regime will be reformed by way of the ‘Data

On March 25, 2022, the United States and the European Union jointly announced an “agreement in principle” to a new trans-Atlantic data privacy framework to facilitate the cross-border transfer of personal data (the “Framework”).1 As part of the Framework, the US has made “unprecedented commitments” related to intelligence collection and surveillance practices.2 The

Today, 21 March 2022, the International Data Transfer Agreement (IDTA) and the UK Addendum to the EU standard contractual clauses have entered into force.

The IDTA and the UK Addendum can be used for transfers of personal data outside the UK to countries that are not considered “adequate” by the UK Government. You can read

In line with the government’s commitments in its 2022 National Cyber Strategy, the Department for Digital, Culture, Media & Sport (DCMS) launched a consultation on 19 January 2022 outlining its proposals for new measures to strengthen the cyber security of businesses in the UK.

The UK government acknowledges that a new legal framework needs