Cybersecurity, Privacy, & AI

Trending Now
CMMC Cybersecurity Rules Are Rolling Into Defense Contracts • CMMC Cybersecurity Rules Are Rolling Into Defense Contracts • VA Inventory Report Reveals 367 AI Systems Operating in Healthcare, Benefits and Services • FAR Council Proposes Revised CUI Framework as Part of Revolutionary FAR Overhaul With Important Guidance and Clarifications • FTC, Like States, Worried About Data Broker Activities

Cybersecurity 2020 – The Year in Preview: New Guidance Continues to Clarify GDPR’s Scope

Michiru13 | Shutterstock

Foley Hoag looks at the European Union’s General Data Protection Regulation, warning that it has been expensive to comply with, has potentially serious penalties attached to it, and is more broadly applicable than one might assume.

A company falls within the GDPR’s territorial scope in two main situations. The first is when the company processes data in the context of its EU establishment. The second is when the company performs certain processing activities that target data subjects located in the EU. In late 2019, the EU’s lead data protection regulator, the European Data Protection Board, issued its final guidelines on the GDPR’s territorial scope. Enforcement bodies are familiar with them, and companies should be too.

More at Foley Hoag

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–SaturdaySubscribe here.