GDPR special

The countdown’s over: the EU General Data Protection Regulation (GDPR) became compulsory as from 25 May 2018. Decisions need to be taken to ensure compliance with the Regulation. Not doing so involves not just the risk of a penalty but also a reputational risk. As business heads towards digital transformation so must it meet this new challenge.

We organize different types of events with specialized expert speakers who will provide an overview of the new regulatory environment from various viewpoints, with the following principal thresholds:

X-ray of the GPDR: solving the puzzle

  • Key Topics
  • Key Topics
  • The Court of Justice of the European Union invalidates the Privacy Shield

    The Privacy Shield is the framework that permitted international data transfers between Europe and the United States; its invalidation will cause chaos in commercial relations between the EU and the US.
  • The new Guidelines on Cookies of the Spanish Data Protection Agency forces the review of all cookie policies of commercial websites

    The Spanish Data Protection Agency (AEPD), in cooperation with the entities Adigital, Autocontrol, IAB Spain and the AEA, has published the awaited 'Guidelines on the use of cookies' which is intended to clarify the main obligations that the editors of websites should take into consideration.
  • New Portuguese Data Protection Act

    Law 58/2019, of August 8, which ensures the implementation of the GDPR in Portugal, has come into force last Friday, August 9th.
  • Colombia: The EPS cannot order employers to provide the medical records of their employees to process incapacity to work

    The Ministry of Health and Social Protection, in a resolution dated February 20, 2019, has established that due to the private and reserved nature of medical records, health care entities (EPS) cannot order employers to provide the medical records of their employees and employers cannot request said records from their employees to process incapacity to work.
  • CNPD publishes model of record of processing activities

    The National Data Protection Commission has published on its website a model of record of processing activities for controllers and a model for processors, in accordance with the requirements set forth in article 30 of the General Data Protection Regulation (Regulation (EU) 2016/679), which can be consulted aqui. 
  • Garrigues participates in one of the first international publications on privacy since the GDPR

    The work reviews privacy regulations in numerous jurisdictions worldwide.
  • First penalties imposed under the GDPR in Portugal

    The Portuguese Data Protection Agency (CNPD, pursuant to its Portuguese acronym) has imposed a 400,000 euro fine on Centro Hospitalario Barreiro-Montijo due to two breaches of the General Data Protection Regulation (GDPR) which has been in force since May 25, 2018.
  • How the GDPR impacts M&A professionals

    El nuevo marco legal puede tener incidencia en la documentación y en los procesos de las operaciones de compraventa de empresas
  • Protecting personal data under the GDPR in arbitration

    In this article we highlight the implications for parties, counsel, arbitral institutions and third party providers and consider how to best deal with GDPR compliance including assessing if consent is necessary, obtaining consent when and if needed, gathering documents, rights of access, denial and deletion, and transfer of personal data outside the EU.
  • The 'Privacy Shield' comes under European Union scrutiny

    The European Parliament's Civil Liberties Committee has filed a motion for resolution for approval in plenary session, requesting that the European Commission suspend the “Privacy Shield” agreement between the European Union and the USA, in force since July 2016, designed to facilitate international data transfer between these two zones.