The final draft of the new European General Data Protection Regulation (GDPR) was agreed on 15 December 2015 and, once it has been approved by the European Parliament in early 2016, is expected to take effect by early 2018. This reform aims to update data protection law to address the challenges of the digital age while simultaneously protecting the rights of individuals and enabling businesses to utilise personal data in a more consistent manner across the European Union. The GDPR will be directly applicable in the same form in all EU Member States with the intention of reducing the burden on international organisations that, up until now, have had to vary their compliance to satisfy the particular data protection requirements of each Member State.
Continue Reading

In its judgment of 6 October 2015 (C-362/14), the Court of Justice of the European Union (“CJEU”) held that transfers of personal data of European citizens to the United States made under the so-called Safe Harbor scheme are subject to significant risks, and declared the corresponding decision of the European Commission to be invalid. As a consequence, EU entities of U.S. companies so far relying on Safe Harbor will need to revise their practice of submitting personal data to the U.S. to comply with EU data protection law.
Continue Reading