Authors: Heidi Waem, Muhammed Demircan, Nicolas Becker

On 29 September 2023, the Belgian Data Protection Authority (Belgian DPA) issued a decision imposing a reprimand on a public authority and its processor for various infringements of the GDPR, including the lack of a timely signed data processing agreement between the public authority – who

Continue Reading Belgian DPA decides on the (in)validity of retroactive data processing agreements

Author: Nicholas De Lacy-Brown

The arrival of NIS2 is only one year away. With significantly enhanced requirements around cybersecurity management extending across the supply chain, increased reporting obligations in the case of cyber breach, and personal liability for senior management, working out whether or not an organisation will be in scope for NIS2 will be

Continue Reading EU: The NIS2 Enigma: who will be caught by the EU’s updated cyber requirements?

UK Extension

Following the European Commission’s adequacy decision for the EU-US Data Privacy Framework (DPF) (for further information see here), the UK Government has announced that from 12 October 2023, organisations in the UK can transfer personal data to US organisations certified to the “UK Extension to the EU-US Data Privacy Framework

Continue Reading UK: EU-UK Data Privacy Framework Extension