by Jeremy Feigelson, Jane Shvets, and Robert Maddox
The European Data Protection Board (“EDPB”)—a working group of representatives of the EU data protection authorities—has issued Guidelines (PDF: 255 KB) on the territorial scope of the EU General Data Protection Regulation (“GDPR”), which are open for comment until 18 January 2019. The Guidelines clarify one of the main areas of concern for non-EU companies: when will GDPR reach them?
There are five key takeaways from the Guidelines: Continue reading
by Jeremy Feigelson, Jane Shvets, and Christopher Garrett
With the EU General Data Protection Regulation (“GDPR”) in force for less than two months, many companies are already experiencing an increase in requests from individuals seeking to obtain a copy, or request correction or erasure, of their personal data under Articles 15 to 17 of the GDPR.
Do we have to respond?
Yes. A response is required even if the response is that the company will not honour the request because a relevant exemption applies. Continue reading
by Jeremy Feigelson, Jane Shvets, Dr. Thomas Schürrle, Ceri Chave, Dr. Friedrich Popp, and Christopher Garrett