Data Protection
g-digital, Garrigues’ digital business division, rounds off 2025 with new digital trust products and increases its eIDAS offering
With solutions designed to be integrated into all types of real-world client processes (evidence, signature, storage and certified notifications), it is gearing up for a 2026 marked by the entry into force of the European Digital Identity (EUDI) Wallet and the new compliance challenges faced by businessesEU pushes for a profound reshaping of the digital economy in 2026 with proposed changes to legislation governing AI, data and platforms
2026 brings a raft of reforms that will redefine AI, privacy and digital markets in the EU. The regulatory agenda is shifting towards greater transparency, greater oversight and new obligations for platforms, technology providers and companies that process data or rely on digital services. It will be a pivotal year in terms of anticipating risks, adapting processes and strengthening corporate digital strategies.New guidance on vehicle data and the Data Act: challenges and opportunities
The European Commission has published the first guidelines clarifying how the obligations of the Data Act apply to connected vehicles. The document provides guidance for manufacturers, providers and users on access to, and use and transmission of, the data generated by vehicles, paving the way to a new stage in automotive data governance and the structure of future business models based on digital mobility.Data Economy, Privacy and Cybersecurity Newsletter - November 2025
In this newsletter, we offer the latest updates on everything related to the data economy, privacy, and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.Is pseudonymized data personal data? Key points following the European Court of Justice's judgment in the EDPS v SRB case
The judgment delivered by the European Court of Justice (CJEU) on September 4, 2025 in the EDPS v SRB case (case C 413/23 P) is an important landmark in the field of data protection, because it deals with the concept of “personal data” which is at the heart of the practice.Comparison of the transposition of NIS II by Portugal with that planned in Spain
In July 2025, the Portuguese government resumed the process of transposing Directive (EU) 2022/2555 (NIS2) by presenting Bill no 7/XVII/1 Below we compare this transposition with the Spanish bill, examining the areas of application that are subject and exempt in each case, as well as the planned penalty system.Proposal by the European Commission to amend the GDPR: a critical review and practical suggestions
The European Commission has recently presented a proposal to amend the GDPR with a view to reducing the bureaucratic burden on small and medium-sized companies. The main measure that has been introduced is to expand the exceptions to the obligation to keep a Record of Processing Activities (RoPA). Although the intention behind the amendment is positive, the approach taken has been criticized because it fails to bear in mind the essence of compliance with the Regulation. We analyze what this implies (not necessarily an improvement for small and medium-sized companies) and propose various alternatives to facilitate compliance with the GDPR.Data Economy, Privacy and Cybersecurity Newsletter - June 2025
In this newsletter we offer the latest news on data protection, privacy and cybersecurity. We address the most recent resolutions of the competent authorities and agencies, key judgements and the most relevant current issues in this area.Data Economy, Privacy and Cybersecurity Newsletter - April 2025
In this newsletter, we offer the latest updates on everything related to the data economy, privacy and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.