131 results Companies unprepared for increasing cyber risks Companies increasingly face cybercrime incidents. Stibbe offers tailor-made solutions. European Data Protection Board provides welcoming guidance on the territorial scope of the GDPR If personal data of a Korean employee working for a U.S. company is processed in the HR department in London, does the GDPR apply? Is the GPDR applicable to a Dutch customer visiting the website of a Canadian company? 15 aspects of Brexit you did not know A Brexit without a deal, or with a deal that does not cover all relevant aspects, is still a potential scenario. We have highlighted a number of unexpected legal consequences of Brexit in such a no deal or incomplete deal scenario. Uitwisseling van persoonsgegevens met het Verenigd Koninkrijk Uit de Brexit deal volgt dat gedurende de eerste 4 maanden van 2021 de doorgifte van persoonsgegevens naar het Verenigd Koninkrijk (“VK”) nog op dezelfde manier mag plaatsvinden als voorheen. Belgian data protection authority fines hospital after data breach for taking insufficient data protection measures In 2021, a Belgian hospital fell victim to a ransomware attack that disrupted critical operations and compromised the personal data of 300,000 people. As a result, the Belgian data protection authority imposed a fine of €200,000 three years later. New EDPB statement on implementation of PNR directive: impact and recommendations The European Data Protection Board (EDPB) approved a new statement regarding the application of the PNR directive, in light of the ruling of the Court of Justice of the EU (CJEU) in case C-817/19. Key takeaways and insights from the EDPB Pseudonymisation Guidelines On 16 January, 2025, the EDPB released its guidelines on pseudonymisation. These guidelines are not yet finalized, as they remain open for public consultation until 28 February. In this blogpost, we highlight the key takeaways. Data Privacy Day 2023: highlighting the most impactful ECJ judgments from the past year In recent years, the ECJ has issued landmark judgments with far-yielding consequences for data controllers and data processors. To celebrate Data Privacy Day 2023, we highlighted the most impactful judgments of the ECJ from the past year. Digital Law Up(to)date: EDPB guidelines on facial recognition in the area of law enforcement The European Data Protection Board adopted on 12 May 2022 Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement. Digital Law Up(to)date: New EDPB Guidelines on the practical implementation of amicable settlements The EDPB published new guidelines on the practical implementation of amicable settlements. Belgian DPA rules on employee geographic tracking by public authorities On 21 February 2023, the litigation chamber of the Belgian data protection authority has ruled on the legitimacy of the geographic tracking of employees by a public authority. EU General Court denies WhatsApp’s action to annul EDPB decision The General Court has declared WhatsApp’s request to annul an EDPB binding decision inadmissible. ECJ further shapes independent position of DPOs In a judgment of 9 February 2023 (C-453/21), the European Court of Justice has further shaped the rules surrounding the independence of a data protection officer (DPO), one of the cornerstones of the GDPR. Digital Law Up(to)date: Clarification by the CJEU on the retention of traffic and location electronic communications data for the purpose of combating serious crime The Grand Chamber of the CJEU confirms that EU law precludes national legislative measures which provide for the general and indiscriminate retention of traffic and location data relating to e-communications, for the purpose of combating serious crime. Digital Law Up(to)date: Two new EU proposals of regulation to strengthen cybersecurity and information security across the EU organs On 22 March, the EU published two new proposals of regulation on 'cybersecurity at the institutions, bodies, offices and agencies of the Union' and on 'information security in the institutions, bodies, offices and agencies of the Union'. Digital Law Up(to)date: New EDPB guidelines to calculate the amount of GDPR administrative fines The EDPB adopted new guidelines on the calculation of administrative fines under GDPR. The objective is to strengthen harmonisation and transparency of the methodology used by national supervisory authorities to calculate the amount of the fines. Digital Law Up(to)date: Approval of the Data Governance Act by the Council of the EU The Council of the European Union adopted the Data Governance Act. The new regulation promotes the availability of data and builds a trustworthy environment to facilitate their use for research and the creation of innovative new services and products. Digital Law Up(to)date: Consumer associations can control GDPR implementation According to the CJEU, consumer protection associations are now allowed to control the GDPR implementation. Pagination Previous page Page 3 Current page 4 Page 5 Page 6 Next page
Companies unprepared for increasing cyber risks Companies increasingly face cybercrime incidents. Stibbe offers tailor-made solutions.
European Data Protection Board provides welcoming guidance on the territorial scope of the GDPR If personal data of a Korean employee working for a U.S. company is processed in the HR department in London, does the GDPR apply? Is the GPDR applicable to a Dutch customer visiting the website of a Canadian company?
15 aspects of Brexit you did not know A Brexit without a deal, or with a deal that does not cover all relevant aspects, is still a potential scenario. We have highlighted a number of unexpected legal consequences of Brexit in such a no deal or incomplete deal scenario.
Uitwisseling van persoonsgegevens met het Verenigd Koninkrijk Uit de Brexit deal volgt dat gedurende de eerste 4 maanden van 2021 de doorgifte van persoonsgegevens naar het Verenigd Koninkrijk (“VK”) nog op dezelfde manier mag plaatsvinden als voorheen.
Belgian data protection authority fines hospital after data breach for taking insufficient data protection measures In 2021, a Belgian hospital fell victim to a ransomware attack that disrupted critical operations and compromised the personal data of 300,000 people. As a result, the Belgian data protection authority imposed a fine of €200,000 three years later.
New EDPB statement on implementation of PNR directive: impact and recommendations The European Data Protection Board (EDPB) approved a new statement regarding the application of the PNR directive, in light of the ruling of the Court of Justice of the EU (CJEU) in case C-817/19.
Key takeaways and insights from the EDPB Pseudonymisation Guidelines On 16 January, 2025, the EDPB released its guidelines on pseudonymisation. These guidelines are not yet finalized, as they remain open for public consultation until 28 February. In this blogpost, we highlight the key takeaways.
Data Privacy Day 2023: highlighting the most impactful ECJ judgments from the past year In recent years, the ECJ has issued landmark judgments with far-yielding consequences for data controllers and data processors. To celebrate Data Privacy Day 2023, we highlighted the most impactful judgments of the ECJ from the past year.
Digital Law Up(to)date: EDPB guidelines on facial recognition in the area of law enforcement The European Data Protection Board adopted on 12 May 2022 Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement.
Digital Law Up(to)date: New EDPB Guidelines on the practical implementation of amicable settlements The EDPB published new guidelines on the practical implementation of amicable settlements.
Belgian DPA rules on employee geographic tracking by public authorities On 21 February 2023, the litigation chamber of the Belgian data protection authority has ruled on the legitimacy of the geographic tracking of employees by a public authority.
EU General Court denies WhatsApp’s action to annul EDPB decision The General Court has declared WhatsApp’s request to annul an EDPB binding decision inadmissible.
ECJ further shapes independent position of DPOs In a judgment of 9 February 2023 (C-453/21), the European Court of Justice has further shaped the rules surrounding the independence of a data protection officer (DPO), one of the cornerstones of the GDPR.
Digital Law Up(to)date: Clarification by the CJEU on the retention of traffic and location electronic communications data for the purpose of combating serious crime The Grand Chamber of the CJEU confirms that EU law precludes national legislative measures which provide for the general and indiscriminate retention of traffic and location data relating to e-communications, for the purpose of combating serious crime.
Digital Law Up(to)date: Two new EU proposals of regulation to strengthen cybersecurity and information security across the EU organs On 22 March, the EU published two new proposals of regulation on 'cybersecurity at the institutions, bodies, offices and agencies of the Union' and on 'information security in the institutions, bodies, offices and agencies of the Union'.
Digital Law Up(to)date: New EDPB guidelines to calculate the amount of GDPR administrative fines The EDPB adopted new guidelines on the calculation of administrative fines under GDPR. The objective is to strengthen harmonisation and transparency of the methodology used by national supervisory authorities to calculate the amount of the fines.
Digital Law Up(to)date: Approval of the Data Governance Act by the Council of the EU The Council of the European Union adopted the Data Governance Act. The new regulation promotes the availability of data and builds a trustworthy environment to facilitate their use for research and the creation of innovative new services and products.
Digital Law Up(to)date: Consumer associations can control GDPR implementation According to the CJEU, consumer protection associations are now allowed to control the GDPR implementation.