Author

Francesca Gaudino

Browsing

The European Data Protection Board (EDPB) recently published the draft Guidelines on Examples Regarding Data Breach Notification, a document that encompasses eighteen examples of data security incidents, on a spectrum of risk and necessary mitigating measures.  Each example concludes with recommended actions based on the identified risks, mainly: recording the incident in the organization’s internal register, notifying the organization’s supervisory authority, and notifying affected individuals.  The Guidelines are currently open for public consultation. The Guidelines…

Happy Data Protection Day! The 28 January each year is celebrated as Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2021, we have summarised some of the key trends and developments in the EU, UK and beyond from a data protection perspective and looking ahead to what to expect for 2021. You can jump to specific country…

The decision by the Court of Justice of the European Union in “Schrems II” provides that the controller-to-processor standard contractual clauses are a viable mechanism for data transfers from the EU to third countries but identified further conditions that need to be considered when implementing them to address the requirement to provide “adequate protection” to such transfers. The CJEU put the onus on data exporters to determine whether the exporter’s implementation of the C2P SCCs…

The European Court of Justice (“ECJ”) issued a landmark ruling earlier today that invalidates the EU – US Privacy Shield Framework (“Privacy Shield”) in Case C-311/18 (“Schrems II”).

The accelerated rate with which people have embraced a more digital society and more tech-dependent ways of working has also given rise to challenges and issues when it comes to privacy and data security. Raffaele Giarda, Amy de la Lama and Francesca Gaudino discuss data protection issues associated with telework, the inevitable increase in cybersecurity risks, and privacy and security challenges, resulting from increased usage of AI and M2M. Join our panel of experts as they continue to reveal the…

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

On 4 May 2020 the European Data Protection Board (“EDPB”) adopted updated guidelines on consent under the GDPR (the “New Guidelines”). The New Guidelines supersede the guidelines on consent originally adopted by the EDPB’s predecessor, the Article 29 Working Party, on 10 April 2018 (the “2018 Guidelines”), and subsequently endorsed by the EDPB. The New Guidelines clarify the EDPB’s position on two specific issues: Cookie Walls – consent is not valid if access to a…

*Survey last updated April 30, 2020* Our latest edition, spanning 39 jurisdictions, answers five common data privacy and security questions employers may have in light of COVID-19, especially as lockdowns are slowly being eased in some countries and employers prepare to re-open workplaces. As the world grapples with the COVID-19 pandemic and its profound impact across regions and industries, many companies are facing difficult business and legal challenges and are required to make some urgent…

In this episode of Connect On Tech, your host Brian Hengesbaugh is joined by Francesca Gaudino, a partner in our Milan office. Francesca reports on the on-the-ground situation in Italy in light of COVID-19 and issues Italian employers are facing. You will learn: If Italian employers can perform temperature checks on employers and visitorsWhat measures can be taken by Italian employers to protect their workforcesActions Italian employers can take if they discover an employer has COVID-19 https://open.spotify.com/episode/5d0lzrq5Rn0MrrUEKYT5ii Related…

The European Data Protection Board (EDPB) has published its draft guidelines on processing personal data in the context of connected vehicles for public consultation. The Guidelines have a wide reach and will apply to more than just vehicle manufacturers. We have summarised the key points and recommendations from the EDPB in the Guidelines below. The public can provide comments to the EDPB until March 20th, 2020. Thereafter, the EDPB will finalize and adopt the Guidelines,…