Does the GDPR really apply to my company? From a data protection standpoint, this is the first thing that comes to mind within non-EU companies. In many cases, the GDPR seems like an issue of the Old Continent, so it does not affect non-EU companies. In others, companies apply the GDPR to all their processing activities just to avoid the possibility of being addressed by EU authorities. Neither decision is per se correct.
This post was contributed by Mac Macmillan, an attorney in Hogan Lovells’ London office On November 22, 2012, the UK government published its Impact Assessment of the draft European data protection regulation. When the draft regulation was first published, the European Commission estimated that harmonizing the European data protection regime would bring a net administrative […]
The German data protection authorities on September 26, 2011 adopted an “Orientation guide – cloud computing.” The guide sets out mandatory and recommended content for any agreement between German users of cloud computing services and cloud computing serving providers. It highlights the customer’s responsibility for full compliance with German data protection requirements for the cloud. Based on this orientation guide, customers and providers will have to review existing agreements in the German market.
As recently reported by the data protection authority of the German Federal State of Bavaria in its annual review, a US court recently accepted the data protection authority’s limitation on the scope of discovery involving documents with personal information. The issue of EU data protection rules conflicting with US discovery requests is a recurring one, and this episode demonstrates an instance of international comity worth noting.
The French data protection authority (CNIL) recently simplified the formalities imposed on non-EU companies using data processors in France. While limited in scope as it only relates to processes in the fields of human resources and client and prospects management, the simplification can only be welcomed.
Out of Brussels comes the news that the European Commission has circulated a document containing a draft strategy for improvements in data protection, including a long-awaited set of proposals for revamping of the EU Data Protection Directive. This blog entry summarizes the proposals. Any one of the proposed changes would be news, but taken together, they suggest a dramatic set of possible changes with respect to data protection in the EU.