On 2 September 2020, the European Data Protection Board (“EDPB”) published new Guidelines 07/2020 (“Guidelines”) for public consultation on the concepts of controller and processor under the European General Data Protection Regulation (“GDPR”). Once finalised, the Guidelines will replace the previous Working Party 29 Opinion 1/2010 (WP169), upon which

On 24 October 2019, a third round of draft amendments (” Third Draft “) to the “Information Technology Personal Information Security Specification” (National Standard GB/T 35273- 2017) (GB/T 35273-2017) (” Spec ification “) were issued. This Third Draft follows two earlier versions that had been released for public consultation on 1 February 2019 and 25

The number of cyber attacks is on the increase and so is their level of sophistication. Because insurance companies are data driven businesses holding vast amounts of customer data (personal information, health and financial data), cyber attacks are a real threat and should be prioritised as one of their key operational risks. Most of the

The European General Data Protection Regulation (“GDPR”), which came into force over six months ago, illustrates a significant evolution in European data protection law marked by the extension of territorial scope. On November 23, the European Data Protection Board (“EDPB”), previously known as the Article 29 Working Party, issued new draft guidelines (“Guidelines”) relating to

The European Data Protection Board (“EDPB”) held its first plenary meeting on May 25, 2018, the same day the EU General Data Protection Regulation (“GDPR”) came into force.

The EDPB replaces the Article 29 Working Party, which was an advisory body made up of the various data protection authorities under the prior European Union (“EU”)

Computer and Telecommunications Law Review has published Gabriela Kennedy’s article on personal data and cybersecurity risks that often arise when a company develops a Bring-Your-Own-Device (BYOD) practice. Gabriela discussed the new Information Leaflet issued by the Hong Kong Privacy Commissioner, which aims to help companies continue to comply with the Personal Data (Privacy) Ordinance (Cap.

On 12 August 2016, the Cyberspace Administration of China (CAC), the General Administration of Quality Supervision, the Inspection and Quarantine of China (GAQSIQ), and the Standardisation Administration of China (SAC) jointly released Several Guidelines to Strengthen National Cybersecurity Standardisation (the “Guidelines”). Under the Guidelines, mandatory national standards will be introduced to regulate critical fields such

Hong Kong’s Privacy Commissioner has issued a revised Code of Practice on Human Resource Management (the “Code”) and a revised Privacy Guidelines for Monitoring and Personal Data Privacy at Work (the “Guidelines”).

Neither the new Code nor the new Guidelines include any material change from their existing versions. The only changes are the new Code

The conference of the independent federal and state data protection authorities in Germany (“Data Protection Conference”) has published guidelines for employers on the limits of control of email and other Internet services in the workplace on January 27, 2016. Within these guidelines, the data protectionists emphasize their restrictive position regarding the employer’s control rights.