Data Privacy

EDPB Rules of Procedure for Informal Panel of EU DPAs

The European Data Protection Board (EDPB) has published its Rules of Procedure for the informal panel of EU Data Protection Authorities (DPAs) concerning the EU-US Data Privacy Framework. This guidance outlines the operational framework for the DPAs in their oversight of the framework.

EDPB Opinion on Dutch SA's draft decision on ABB Group rules

The European Data Protection Board (EDPB) has issued Opinion 4/2026 regarding a draft decision by the Dutch Supervisory Authority concerning ABB Group's Binding Corporate Rules (BCRs). This opinion addresses the international transfer of data and the adequacy of ABB's proposed rules.

EDPB Opinion on Dutch Authority's Draft Decision for FrieslandCampina

The European Data Protection Board (EDPB) has issued Opinion 3/2026 regarding a draft decision by the Dutch Data Protection Authority concerning FrieslandCampina's Binding Corporate Rules (BCRs). This opinion addresses international data transfers and compliance with GDPR.

EDPB Opinion on Dutch Supervisory Authority's AkzoNobel Group Decision

The European Data Protection Board (EDPB) has adopted an opinion regarding a decision by the Dutch Supervisory Authority concerning AkzoNobel Group's Binding Corporate Rules (BCRs). This opinion addresses international data transfers and compliance with GDPR.

EDPB Opinion on Heineken Group BCR Draft Decision

The European Data Protection Board (EDPB) has issued Opinion 1/2026 regarding a draft decision by the Dutch Supervisory Authority concerning Heineken Group's Binding Corporate Rules (BCRs). This opinion addresses the international transfer of data under GDPR.

ICO Guidance on Subject Access Requests

The UK Information Commissioner's Office (ICO) has published guidance on subject access requests (SARs) under GDPR. The guidance is aimed at large businesses in the public, private, and third sectors, with resources also available for small businesses.

ICO Guidance on Individual Rights and GDPR

The UK's Information Commissioner's Office (ICO) has updated its guidance on individual rights under GDPR. This update is in anticipation of the Data (Use and Access) Act 2025 and indicates that further changes may occur. The guidance is primarily aimed at large businesses.

ICO Guidance on Lawful Basis for Personal Data Processing

The UK's Information Commissioner's Office (ICO) has updated its guidance on the lawful basis for processing personal data. This guidance is under review due to upcoming legislation, the Data (Use and Access) Act 2025, and may be subject to change.

UK GDPR: Controllers and Processors Definitions and Responsibilities

The UK's Information Commissioner's Office (ICO) has updated its guidance on definitions and responsibilities for data controllers and processors under UK GDPR. This update is in anticipation of the Data (Use and Access) Act 2025 and is suitable for large businesses, with resources also available for small businesses.

ICO Guidance on UK GDPR International Data Transfers

The UK's Information Commissioner's Office (ICO) has published updated guidance on international transfers of personal data under UK GDPR. The guidance consolidates information on adequacy regulations, appropriate safeguards, transfer risk assessments, and exceptions for restricted transfers.