Binding Corporate Rules

On July 16, 2020, the Court of Justice of the European Union issued its landmark judgment in the Schrems II case, concluding that the Standard Contractual Clauses issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid. Unexpectedly, the Court invalidated the EU-U.S. Privacy Shield framework.
Continue Reading BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid

On June 12, 2019, Hunton Andrews Kurth and its Centre for Information Policy Leadership (“CIPL”) hosted a roundtable discussion in the firm’s Brussels office on the update of the EU Standard Contractual Clauses for international data transfers (“SCCs”). More than 30 privacy leaders joined together to discuss the challenges of the current SCCs and provide their insights on the updated versions. Hunton partner David Dumont led the discussion, while CIPL President Bojana Bellamy illuminated CIPL’s work in this area. The session also featured Cristina Monti, Policy Officer in the International Data Flows and Protection Unit of the EU Commission DG Justice and Consumers.

Continue Reading Key Conclusions from Hunton Brussels Seminar on the Update of EU Standard Contractual Clauses for International Data Transfers

On May 31, 2019, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP issued a white paper on “GDPR One Year In: Practitioners Take Stock of the Benefits and Challenges.” This blog entry details key points identified in the white paper.
Continue Reading CIPL Issues White Paper on GDPR One Year In: Practitioners Take Stock of the Benefits and Challenges

On February 26, 2019, the European Data Protection Board presented its first overview on the implementation of the GDPR and the roles and means of the national supervisory authorities to the European Parliament. This blog entry provides highlights from the report.
Continue Reading EDPB Releases Overview on the Implementation and Enforcement of the GDPR

At its plenary meeting on February 13, 2019, in Brussels, the European Data Protection Board (“EDPB”) adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit, and an Information Note on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority.

Continue Reading EDPB Reiterates the Need to Address Post-Brexit Data Transfers, Including BCRs