Can't find what you're looking for? Try the search bar or refine your parameters using the Frameworks & Concepts button above.
7 points after giving another in-depth presentation to global businesses on the path to NIS2 compliance (with a flavour of DORA and GDPR): (i) Having a broad enough team (“multidisciplinary” / “multi-stakeholder” / however you wish to call it) is not easy for many organisations, irrespective of their size (this is nothing new, but it […]
Will data protection authorities be a top target for cybercriminals? Forced sharing of trade secrets is one of the consequences of yesterday’s CJEU judgment, in a way that in my view should prompt a serious question: how will organisations share those trade secrets with those supervisory authorities [SAs], and can the latter be trusted to […]
Looking back + forwards, 4 big topics for me on LinkedIn in 2024 & likely still for 2025 are the following:– ePrivacy– “Consent or Pay”– AI & personal data– Cybersecurity The key ePrivacy topic was the European Data Protection Board’s guidelines on the technical scope of Art. 5(3) of the ePrivacy Directive – basically, “to […]
Some seem to suggest that “unavailability of IT system = security incident = personal data breach”. While data protection *authorities* regularly suggest unavailability is a breach, the main EU *law* on data protection, the GDPR, doesn’t say so. Definition of “personal data breach” in Art. 4(12) GDPR: “breach of security leading to the accidental or […]
Practical checklist: good practices for vendor/supplier risk management inspired by GDPR, NIS2, Data Governance Act and DORA. The underlying question: what good practices do these EU laws highlight and transform into legal obligations in certain cases, and how can we combine them? This checklist is *not* a comprehensive list of best practices, but it should […]
What a week! So what’s next? After 3 speaker slots at CPDP2024 (featuring some of the most heated exchanges of the entire conference), one webinar, and loads of really good discussions on the biggest data protection topics (“Pay or OK”, “Advertising, data protection and AI”, “balancing of fundamental rights: protection of personal data vs/with freedom […]
Laws with cybersecurity requirements: time for the lawyer to wear a hoodie and for the CISO to put on a lawyer’s gown. [because we all know that’s how the other profession dresses 100% of the time] For years I have been stressing the need for cybersecurity and legal teams to work as one – and […]
Fines aren’t the only possible sanction in case of an infringement of data protection rules – prison is also a possibility in certain countries. That’s exactly the outcome of a case in France, where a former head of HR received a six-month (suspended) prison sentence yesterday. In that case, the person in question had created […]
Chances are you’ve seen this and your first thought was positive. But these innovations also come with risks, and you should be mindful of the opportunities such innovations present for bad actors (in this case, car thieves) and the legal implications thereof. Does that mean you should stop innovating? No! But it means that a […]