The European Data Protection Board (“EDPB“) adopted an opinion on 7 October 2024, providing guidance for data controllers relying on processors (and sub-processors) under the GDPR. The two key themes are:

  1. supply chain mapping;
  2. verifying compliance with flow-down obligations.

For many financial institutions, the emphasis on these obligations should not come as a

Continue Reading EU: Engaging vendors in the financial sector: EDPB clarifications mean more mapping and management

In the evolving legal landscape of data protection, several decisions by data protection regulators and courts across the EU and UK underscore the importance of proactive GDPR compliance from a contractual perspective. These issues are being scrutinised more closely in corporate due diligence transactions and by regulators in the event of a data breach or

Continue Reading EU and UK: The importance of data processing agreements