The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and importantly when they do not). In particular: A non-EU controller or processor that is subject to the GDPR (e.g.,…
This week the European Data Protection Board (EDPB), a body that represents European data protection authorities, set up a new cookie banner taskforce. The new taskforce will coordinate the response to over 400 complaints concerning cookie banners filed by a nonprofit organization founded by Max Schrems, None of Your Business…
Major mergers and spin-offs by IT service providers are rare, but when they occur (e.g., Xerox’s acquisition of ACS in 2010 and Atos’ subsequent acquisition in 2014, HPE’s 2017 spin-off of its Enterprise Services business and merger with CSC in the form of DXC), pause and consider your options. These…
The last decade saw explosive growth in enterprise migration to the cloud, a trend driven by the promise of lower overhead costs and greater scalability. Given this, many have made the leap and moved both non-mission-critical workloads and mission-critical functionality into the cloud. This is where “data gravity,” a phrase…
On October 20, 2020, a consortium of U.S. federal financial regulators (Regulators)[1], issued a proposed rule (Proposed Rule) that, if enacted, would codify that mere supervisory guidance that is not the product of notice and comment rulemaking—e.g., interagency statements, advisories, bulletins, policy statements, and FAQs—does not have the force of law.…
As if a global pandemic was not enough to trigger hypervigilance, cybercriminals have seized the COVID-19 crisis as an opportunity to exploit individuals’ and organizations’ cybersecurity vulnerabilities. The FBI anticipates a rise in cyber-exploitation during this time, and has warned citizens of the various means of launching a cyberattack. In…
‘Contact tracing’ is a process used by public health officials to identify individuals who may have come into close proximity with a contagious virus, such as COVID-19. Traditionally, infected persons are asked to identify interactions with people whilst infected or in the days leading up to infection being diagnosed. Health…
Business continuity and disaster recovery (BC/DR) plans are an essential element of your and your suppliers’ business—an increasingly apparent fact as we now face the uncertainty caused by COVID-19. Your agreements with suppliers and service providers likely account for exigent circumstances via force majeure and BC/DR provisions, and reviewing and…
In managing relationships with their suppliers during the pandemic, companies will find it in their interest to show some flexibility—but only within certain parameters. In “COVID-19: BCP and Remote Work Notifications from Suppliers,” colleagues Aaron M. Oser and Mario F. Dottori take a practical look at just what this means for often…
From September 30, 2019, new guidelines on outsourcing arrangements (Guidelines) issued by the European Banking Authority (EBA) will apply to all outsourcing arrangements entered into, reviewed or amended on or after this date. The Guidelines aim to establish a more harmonized framework for all financial institutions that are within the…