Category: Policy & Legislation
GDPR: Guidance on Consent Requirements
In December 2017, the Article 29 Working Party released for comment a draft of its guidance on consent under the GDPR. Consent is one of the lawful bases for processing personal data and one of the permitted means by which personal data may be transferred to a third country outside […]
GDPR: Ready or Not, Here It Comes…
What does the beginning of December mean to you? The start of the holiday season? Well, yes, but it also marks the start of the 6-month countdown to GDPR. Are you ready? According to the latest statistics, 86% of companies (of all sizes in multiple industries) are not – and […]
New Law Heightens Cybersecurity Requirements for Delaware Residents
On August 17, 2017, Governor John Carney signed into law bi-partisan legislation that increases cybersecurity protections for Delaware residents whose personal information may be compromised as a result of a data breach. House Substitute 1 for House Bill 180 (“House Bill 180”), sponsored by Representative Paul Baumbach, is the first piece of […]
DoD Contractors Required to Meet Cybersecurity Requirements by Year End
The window for Department of Defense (DoD) contractors to bring themselves into compliance with cybersecurity requirements is closing. Specifically, changes to the Defense Federal Acquisition Regulation Supplement (DFARS) published in late 2016 require that DoD contractors and subcontractors provide “adequate security” on “covered information systems.” The new rule also imposes […]
GDPR for Employers
Who is covered? If a company has EU-based employees whose behaviour it “monitors” (see below) it will need to take steps to ensure that it is compliant with the GDPR when it comes into force in May 2018. “Monitoring” in an employment context is not defined in the GDPR itself […]
Introduction to Europe’s General Data Protection Regulation
What is it? The GDPR is a European law that will govern how companies (whether EU-based or not) use personal data. It replaces the existing law on use of personal data and comes into force on 25 May 2018. Many aspects of the existing law will remain in place, including the data […]