-
2 months ago | 
datamatters.sidley.com | William Long |Francesca Blythe |Max Charles Savoie |Eleanor Dodding
Last year saw many developments across the worldwide data privacy and cybersecurity landscape, including in the EU/UK, and this momentum shows no sign of slowing in 2025. The EU General Data Protection Regulation (GDPR) enters its seventh year in May 2025. New cybersecurity and operational resilience legislation and related guidance are coming into force to regulate new and challenging technologies, several of which will affect financial services firms. View article here.
-
Oct 4, 2024 | 
datamatters.sidley.com | William Long |Francesca Blythe |Anila Rayani
On 12 September 2024, Advocate General Medina issued their Opinion in Case C-383/23 (Opinion) in which they confirmed that supervisory data protection authorities (SAs) must, when calculating the fine for a GDPR infringement committed by a subsidiary, take into account the total annual turnover of the entire group—a concept known as parental liability.
-
Sep 30, 2024 | 
lexology.com | William Long |Denise Kara |Eleanor Dodding
The next generation search tool for finding the right lawyer for you.
-
Aug 14, 2024 | 
datamatters.sidley.com | William Long |Francesca Blythe |Arthur Clover
On 26 July 2024, the European Supervisory Authorities (EBA, EIOPA and ESMA, collectively, the “ESAs”) published their joint final report on the draft Regulatory Technical Standards (“RTS”) specifying the elements that a financial entity should determine and assess when subcontracting ICT services supporting critical or important functions under Article 30(5) of the Digital Operational Resilience Act (“DORA”).
-
Aug 14, 2024 | 
lexology.com | William Long |Francesca Blythe |Arthur Clover
On 26 July 2024, the European Supervisory Authorities (EBA, EIOPA and ESMA, collectively, the “ESAs”) published their joint final report on the draft Regulatory Technical Standards (“RTS”) specifying the elements that a financial entity should determine and assess when subcontracting ICT services supporting critical or important functions under Article 30(5) of the Digital Operational Resilience Act (“DORA”).
-
Aug 12, 2024 | 
lexology.com | William Long |Francesca Blythe |Arthur Clover
On 24 May 2024, the Council of the European Union (the “Council”) released new details of a proposed reform of the General Data Protection Regulation’s (“GDPR”) procedural rules, which representatives of EU national governments approved on 29 May 2024.
-
Aug 9, 2024 | 
datamatters.sidley.com | William Long |Francesca Blythe |Denise Kara
During the King’s Speech on 17 July 2024, the newly appointed UK Prime Minister announced the UK Government’s intention to introduce a new Cyber Security and Resilience Bill to strengthen the UK’s defences against the global rise in cyberattacks and to protect the UK’s critical infrastructure.
-
Jul 26, 2024 | 
datamatters.sidley.com | William Long |Francesca Blythe |Matthias Bruynseraede
The protection of minors online continues to be a focus for EU regulators. Following the publication last year by the European Parliament of its guidelines on online age verification methods for children, the European Commission has recently announced it will be holding a dedicated stakeholder workshop in September 2024 to discuss guidelines for age verification and protecting minors.
-
Jun 12, 2024 | 
datamatters.sidley.com | William Long |Colleen Brown |Ash Nagdev
Pivotal shifts have occurred in global data privacy, artificial intelligence (AI), and cybersecurity from executives facing more pressure to monitor their organizations’ cybersecurity operations, to an unprecedented wave of consumer data privacy laws and rapid advancements in AI technology use and deployment. Indian organizations should establish best practices to address these new (and emerging) laws, regulations, and frameworks.
-
Jun 12, 2024 | 
lexology.com | William Long |Ash Nagdev |Colleen Brown
Pivotal shifts have occurred in global data privacy, artificial intelligence (AI), and cybersecurity from executives facing more pressure to monitor their organizations’ cybersecurity operations, to an unprecedented wave of consumer data privacy laws and rapid advancements in AI technology use and deployment. Indian organizations should establish best practices to address these new (and emerging) laws, regulations, and frameworks.
