2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.

In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and

Continue Reading CJEU Insight

Since the enactment of Singapore’s Cybersecurity Act (Act) in August 2018, the digital battlefield has transformed dramatically. The nation’s move towards digitalisation has not only spurred the growth of Singapore’s digital economy but also brought new cyber threats and challenges to the fore.

Given this, the Cyber Security Agency of Singapore (CSA

Continue Reading Imminent Changes to Singapore’s Cybersecurity Act: New Obligations on Service Providers

Sweeping Amendments to NYDFS Cybersecurity Regulation

On November 1, 2023, the New York Department of Financial Services (NYDFS) announced extensive amendments to its cybersecurity requirements for financial institutions issued under 23 NYCRR Part 500.  The amendments are intended to address the evolution in the cybersecurity landscape since the regulation was first enacted in 2017, including

Continue Reading US: Regulators Enhance Information Security Requirements for Financial Services Companies

Implicit within Delaware law, and now explicit in the SEC Cyber Rules, is the concept of adequate governance. It is not what the FTC just said on a particular topic, the latest guidance from a Data Protection Authority, what the NIST framework provides, or a set of controls in any particular subject area regarding privacy

Continue Reading US: Understanding Governance–A Path for Privacy and Security Governance

Dear subscriber, 

Thank you for subscribing and being a part of DLA Piper’s Data Protection, Privacy and Cybersecurity community. We appreciate your continued engagement with our insights and the evolving nature of the landscape.

Our goal for this blog is to help you navigate all aspects of data protection, privacy, and cybersecurity laws, while considering

Continue Reading We’re now seamlessly global. Here’s what to expect. 

Author: Sarah Birkett

Cyber Security Strategy discussion paper launched

This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030.

The discussion paper, which acknowledges that the Australian Government was
Continue Reading Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

Author: Carolyn Bigg

Are we seeing a return of proactive enforcement of Hong Kong’s data protection laws, after a lull in recent years?

On 14 November 2022, the Office of the Privacy Commissioner for Personal Data (“PCPD”) published two investigation reports for non-compliance of the Personal Data (Privacy) Ordinance (“PDPO”):

  • EC Healthcare’s failure to obtain


Continue Reading HONG KONG: Increased Enforcement Action?

Authors: Ross McKean, Henry Pelling

On 24 October 2022, the ICO issued a penalty notice (MPN) to Interserve Group Limited (Interserve), imposing a fine of £4.4m for violations of the GDPR (the violations were pre-Brexit).
The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal
Continue Reading UK: ICO issue fine of £4.4m to Interserve for security failings

The European Council and the European Parliament have agreed on measures for a high common level of cybersecurity across the EU (the “NIS2”).

Once adopted, NIS2 will replace the current Directive on Security of Network and Information Systems (“NIS Directive”). NIS2 will introduce a number of changes, including bringing more sectors
Continue Reading Europe: One step closer towards the adoption of NIS2