The new adequacy decision with the United States 

Since the invalidation of the Privacy Shield, legal departments and DPOs have been busy putting in place Standard Contractual Clauses for all data transfers to the US.  More recently, following the Schrems II ruling, additional measures were to be put in place.  However, the approval of the Data Privacy Framework has changed all that. What...
drapeau europe

GDPR representative in the EU, what are the risks in case of non-appointment?

Nowadays, the GDPR’s extraterritoriality (Article 3.2) and its related obligation to designate a representative in the EU (Article 27) are some of its best-known features. According to these, any entity without a European establishment but nevertheless subject to the GDPR must appoint a dedicated representative in the EU. The role and responsibilities of the latter...

What are Brexit’s consequences on GDPR compliance?

1. What is the current situation? On June 23rd, 2016, the British population voted in favor of Brexit (51.9%). On March 29th, 2017, the United Kingdom invoked the procedure provided for by Article 50 of the Treaty on the European Union. Negotiations then began to find an agreement that would satisfy the two now opposing...

GDPR extraterritoriality and the role of EU representative

Encouraged by globalization then technological developments, the ongoing process of extraterritorial normative expansion has been embraced by the European legislator for several years. The legislator has been willing to extend its territorial scope, safeguard fundamental rights beyond its borders, and hold accountable companies located abroad. This article aims to provide an overview of this process,...