“European data protection rules will become a trademark people recognise and trust worldwide”. That is how, in January 2012, Viviane Reding – then Vice-President of the European Commission and EU Justice Commissioner – ended her announcement of the widest reform of privacy and data protection law ever attempted. Six years later, this ambitious aim is becoming a reality. Organisations from around the world and well beyond Europe are grappling with the new European General Data Protection Regulation (GDPR) and its impact on their data activities. From Australian banks and South American insurers to US universities and Asian telecoms companies, determining the applicability of the GDPR to their operations has become a critical business decision. As many global companies ponder over the right strategy to privacy compliance, a key question has emerged: which organisations, and under which circumstances, are subject to the territorial scope of the GDPR?
On the 1st July, the Article 29 data Protection Working Party adopted an opinion on cloud computing. The Working Party Opinion analyses the “hot topics” on data protection arising from cloud computing services .It also provides guidelines for providers of cloud computing services and their clients. The Opinion is summarized (and linked to) in this blog entry drafted by Hogan Lovells privacy lawyers in London and Madrid.
The French data protection authority (CNIL) recently simplified the formalities imposed on non-EU companies using data processors in France. While limited in scope as it only relates to processes in the fields of human resources and client and prospects management, the simplification can only be welcomed.