The long awaited and, one hopes, much prepared for new General Data Protection Regulations (GDPR) are just a few short months away from becoming law. To help companies look at the practical steps they need to take now in order to be ready, Pillsbury will be presenting “#ReadyforGDPR?” on February 20 from Noon – 1:00pm EST. We will discuss how these new laws will significantly impact companies doing business in Europe, even those without a physical EU presence, and the latest feedback from enforcers as to what will trigger fines. We hope you can join!
Does Artificial Intelligence (AI) matter?
“AI is probably the most important thing humanity has ever worked on. I think of it as something more profound than electricity or fire.”
—Sundar Pichai, Google CEO
Oracle recently published a policy document entitled “Licensing Oracle Software in the Cloud Computing Environment” which sets out specific requirements on customers when licensing various Oracle programs and using them in the following cloud computing environments:
- Amazon Web Services
- Amazon Elastic Compute Cloud (EC2)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (a.k.a. the General Data Protection Regulation or GDPR) will, as most business people are probably aware of by now, come into force across the EU on 25 May 2018.
This will be the case in the UK (notwithstanding Brexit) and every other member state, since EU regulations have direct applicability. In other words, they do not need an act of parliament in the member state to make them into law. By contrast, EU directives are not directly applicable. When passed they still need legislation to be passed before they become part of national law. The current regime of the 1995 Data Protection Directive, and the UK’s Data Protection Act of 1998, both of which are due to be replaced next year, are good examples of this.
To complete the picture, from a UK regulatory perspective, in terms of what is changing, the government has introduced a Data Protection Bill which is currently passing through parliament. The Bill does not replace GDPR in the UK. Instead it seeks to make the UK’s own data protection laws “fit for purpose” in a digital age, replacing 1998 Act and, amongst other things, implementing the “GDPR standards across all general data processing”.
- The European Union Court of Justice (“CJEU”) to rule on the validity of Model Contractual Clauses (“MCCs”) following referral by the Irish High Court.
- The Irish High Court has “well-founded” concerns that there is no effective remedy in US law for EU citizens whose personal data is transferred to the United States and the use of MCCs does not eliminate those concerns.
Tim Wright, Partner and Antony Bott, Special Counsel, in Pillsbury’s Global Sourcing & Technology Transactions Practice look at some of the issues to be considered when procuring and sourcing robotic process automation software and solutions
The Future Is Now
You can’t move in the outsourcing industry without hearing about Robotic Process Automation (RPA). And while it might sound like terminology cribbed from a sci-fi novel, the truth is that RPA is already here, and it is transforming the way modern businesses operate. Along with related developments in machine learning and artificial intelligence, automation as a whole has been characterised by the former chief scientist of Baidu as being “as transformative for society as electricity.” Fuelled by continuing developments in computing power, big data, storage and connectivity, the opportunity for companies is to save money, while operating more effectively, scalably and compliantly—it is, in many senses, a compelling opportunity.
The Fourth Industrial Revolution is the term coined by Klaus Schwab, the founder and executive chairman of the World Economic Forum, to describe the fourth major industrial era since the first industrial revolution which took place in Europe and America in the 18th and 19th centuries. Industry 4.0 comprises a collection of transformative technologies, what Schwab refers to as “emerging technology breakthroughs,” such as automation, artificial intelligence, the Internet of Things, digitalisation, use of composite materials, autonomous vehicles, quantum computing and nanotechnology with industrial/commercial applications.
Although not a new technology, many commentators would include additive manufacturing (AM) in the list of transformative technologies making up Industry 4.0. Until relatively recently, however, AM’s adoption was largely confined to development of prototypes with industrial uses rather than full scale manufacturing. This started to change with the expiration of certain key patents around a decade or so ago, to the point that today – although still in its infancy – AM has reached an inflection point as lower costs and technical advances have put it in reach of a greater number of businesses and consumers.
Those of us who have been grappling with how best to approach GDPR compliance in outsourcing and other commercial contracts will be all too familiar with Article 28 of the GDPR. Article 28.3 builds on the limited obligations that existed under the existing regime but also include some significant enhancements to the minimum processor obligations to be addressed head on in the contract.
Processor’s obligation to notify infringing instructions
One requirement of Article 28.3 in particular, has provided clients and counsel alike with a degree of angst since the final draft of the GDPR was published in May 2016, and further back still for those of us who had followed the negotiations and multiple redrafts of the GDPR prior to its final publication.
Global In-House Centers (GICs) were first seen in India in the 1990s as an alternative to IT outsourcing arrangements with third-party vendors. The principal driver was labor-cost arbitrage between the United States or Europe and India. The banking, financial services and insurance industries were early adopters. In their original iteration, GICs were known as “offshore captive centers.” A number of these captives were later sold to outsourcing vendors, particularly in the years following the Great Recession.
In recent years, there has been a resurgence of interest in GICs in India across a wider range of industries, including transportation, telecom, media, manufacturing, medical devices, oil & gas, aerospace, retail and hospitality. In “Global In-House Centers in India, v2.0,” Pillsbury partners Jeff Hutchings and Craig de Ridder explore how GICs in India are evolving from cost-saving platforms into Innovation Centers for emerging digital technologies that can provide a competitive advantage.
The increasing number of software supply chain compromises represents a significant weakness that should be top of mind for security professionals. Regardless of your firm’s core business, chances are they rely on and are connected to a range of software provider’s electronic distribution channels for acquiring initial licenses or software updates. Any such electronic access, even through authorized and vetted means, poses a risk to the organization. Put simply: your software provider’s vulnerabilities could easily become your next breach.