European Data Protection Board (EDPB)

On 18 November 2021, the European Data Protection Board (“EDPB”) adopted new guidelines which:

  1. Set out a three part criteria for identifying whether an action will be considered an international transfer of personal data; and
  2. Clarify that restrictions on international data transfers do apply to transfers to entities located in a third country, but which

In this National Cybersecurity Awareness Month conversation, Mayer Brown lawyers from our global practice will discuss the latest legal trends and developments relating to cybersecurity in China, Europe and the UK. Topics will include:

  • The implications for international businesses seeking to comply with China’s new Data Security Law and Personal Information Protection Law in combination

Today, 21 June 2021, the European Data Protection Board (the “EDPB”) has published its final Recommendations 01/2020 on supplementary measures to ensure compliance with data protection laws when transferring personal data from Europe (the “Recommendations”).

The adoption of these Recommendations is the latest in a series of developments which demonstrate that it is

As the European Union finalizes new tools that raise the requirements to transfer personal data across borders, and as the trend toward localization and restricting cross-border movement of data continues to develop in Asia, organizations must reassess the rules that restrict sharing data internationally and revise their approach in response to this increasingly restrictive, complex

Today, 4 June 2021, the European Commission has formally adopted new standard contractual clauses for international personal data transfers from the European Union to third countries (“New EU SCCs”).

The 34-page New EU SCCs, which have been adopted to reflect the introduction of the General Data Protection Regulation (“GDPR”) and the

Codes of conduct are documents prepared by associations and other bodies that demonstrate how the General Data Protection Regulation(“GDPR”) applies and can be complied with by participants in particular industries and sectors  under Article 40 of the GDPR. Businesses may voluntarily adhere to codes of conduct to demonstrate their ability to comply with

On 13 April 2021, the European Data Protection Board (“EDPB“) adopted two opinions  (“Opinions“) concerning draft UK adequacy decisions published by the European Commission  which would permit the free flow of personal data from the European Economic Area (“EEA“) to the UK in the post-Brexit world.

The Opinions largely

In an increasingly interconnected world, preserving the free flow of data across borders is crucial to the prosperity of businesses operating in every industry. But over the last year, there have been a number of important data protection developments in Europe that have a direct impact on the supply chain and distribution arrangements operated by

A decision issued on 15 March 2021 by the Bavarian Data Protection Authority (“BayLDA“, publication pending) is the first German enforcement action in connection with last year’s decision of the Court of Justice of the European Union (“CJEU“, “CJEU’s Decision“) on the validity of the European Commission’s Standard Contractual

Whilst the UK left the European Union (“EU”) on 31 January 2020 (“Exit Day”) it remained within the EU’s legal framework during the Brexit Transition Period (“Transition Period”). When the Transition Period ends at 11:00 p.m. GMT on 31 December 2020 (“Completion Day”), EU law that was