The new EU General Data Protection Regulation (GDPR) establishes requirements (and certain incentives) for internal compliance mechanisms that do not exist in current legislation. These requirements, which will have an impact on internal processes and staffing of firms, such as the requirement...

Prior to the application of the EU General Data Protection Regulation (GDPR), one of the results of the relatively-low-level of legislatively permitted data protection violation administrative fines was, arguably, a lack of compliance by U.S. Tech Giants, among others. At least on paper, this...

This article investigates various developments over that year that helped (or are helping) reshape European Union data privacy law, building around two important events: the Court of Justice of the European Union's Google Spain decision, applying a form of a "right to be forgotten," and the...

The European Union Agency for Network and Information Security (ENISA), is one of the “third generation” of EU agencies, active in the area of cybersecurity. Over a period of years this expert agency’s fundamental regulation has been amended and replaced, and its governing bodies modified....