Tag Archives: Jane Shvets

UK Treasury Publishes First Post-Brexit UK Sanctions Regulations and Guidance

 by Jane Shvets, Konstantin Bureiko, Tom Cornell, and Satish M. Kini

On 31 January 2019, the UK’s HM Treasury published the first set of regulations (the “Regulations”) under the Sanctions and Anti-Money Laundering Act 2018 (“SAMLA”).[1] The Regulations are due to come into force on “exit day”—29 March 2019 at 11.00pm—if the UK leaves the European Union without a deal. The UK Office of Financial Sanctions Implementation (“OFSI”) has also published new guidance on post-Brexit financial sanctions, which should be read in tandem with the Regulations.[2] In many respects, the Regulations mirror sanctions measures currently in force in the UK under EU regulations and merely give them an independent statutory footing in the UK. But the Regulations do diverge from established EU sanctions practice in certain places and may require companies in the UK to change their sanctions compliance practices. Continue reading

New Guidance on the GDPR’s Territorial Scope – Are You Covered?

by Jeremy Feigelson, Jane Shvets, and Robert Maddox

The European Data Protection Board (“EDPB”)—a working group of representatives of the EU data protection authorities—has issued Guidelines (PDF: 255 KB) on the territorial scope of the EU General Data Protection Regulation (“GDPR”), which are open for comment until 18 January 2019. The Guidelines clarify one of the main areas of concern for non-EU companies: when will GDPR reach them?

There are five key takeaways from the Guidelines: Continue reading

You Want What?: Responding to Individual Requests Under the GDPR

 by Jeremy Feigelson, Jane Shvets, and Christopher Garrett

With the EU General Data Protection Regulation (“GDPR”) in force for less than two months, many companies are already experiencing an increase in requests from individuals seeking to obtain a copy, or request correction or erasure, of their personal data under Articles 15 to 17 of the GDPR.

Do we have to respond?

Yes. A response is required even if the response is that the company will not honour the request because a relevant exemption applies. Continue reading

Draft GDPR Transparency Guidelines Issued: What Does Your Privacy Policy Need to Contain?

by Jeremy Feigelson, Jane Shvets, Dr. Thomas Schürrle, Ceri Chave, Dr. Friedrich Popp, and Christopher Garrett

Late last year, the Article 29 Working Party (the “Working Party”) issued detailed draft guidance (the “Guidelines”) on transparency under the EU General Data Protection Regulation (the “GDPR”), which comes into force in May 2018. These Guidelines, which will be finalized following a consultation process, contain the Working Party’s interpretation of the mandatory transparency information that must be provided to a data subject by way of privacy policy or other disclosures.

One of the express requirements of the GDPR relates to how businesses communicate their use of a data subject’s personal information to that data subject at the point of data collection or consent, typically via a privacy policy or notice. Getting this right is crucial. Businesses will need to examine their current privacy policies and other disclosures closely, and consider whether these need revising not just in the light of the GDPR, but also to factor in the requirements listed in the Guidelines, which elaborate on existing GDPR provisions. While the Guidelines will not be binding, data protection authorities may take a dim view of businesses which fail to comply with the Guidelines without good reason, given that representatives from all of the EU data protection authorities are part of the Working Party. Businesses that fail to comply with the information duties under the GDPR will face fines of up to the higher of 4% of annual worldwide turnover or EUR 20 million. Continue reading

Russia Considers Enhanced Whistleblower Protections

by Jane Shvets, Anna V. Maximenko, and Elena Klutchareva

Effective anti-corruption compliance programs include protections for whistleblowers that raise corruption concerns.  Article 13.3 of Russia‘s 2008 Federal Law No. 273-FZ on Counteracting Corruption (the “Anti-Corruption Law”) addressed Russian lawmakers’ expectations regarding effective compliance programs.[1]  But the law was silent on whistleblower protections.  Recently proposed legislation in Russia may help address this gap.

Even before the Anti-Corruption Law came into effect, Russian law included several provisions that could be interpreted to provide some protection for whistleblowers.  For example, Russian employment law prohibits discrimination and sets out an exhaustive list of permissible grounds for dismissing an employee for cause; firing an employee for blowing the whistle on potential corruption is not among them.  As a result, firing an employee for whistleblowing could ran afoul of Russian employment law.  In addition, the Russian government can protect individuals whose security might be threatened as a result of their participation in criminal proceedings that involve alleged corruption.  The state might, for example, provide such witnesses with physical protection, relocate them, or even give them new identities. Continue reading