The European Union's General Data Protection Regulation ("GDPR") is arguably the most comprehensive - and complex - data privacy regulation in the world. Although the GDPR went into force on May ...

According to the draft guidelines, a “transfer implies that personal data are sent or made available by a controller or processor (exporter) which, regarding the given processing, is subject to ...

The GDPR establishes the general obligations of data controllers and of those processing personal data on their behalf (processors). These include the obligation to implement appropriate security ...

The new article establishes that consumers have specific rights with respect to personal data provided to a data controller, including (i) the right to know whether or not a controller is ...

General Data Protection Regulation, or GDPR, is here. Here's what it means, how it impacts individuals and businesses - and how to ensure compliance.

Article 24 of the GDPR mandates that the authorities or agencies who determine the purposes and means of the processing of personal data, i.e., controllers, establish and demonstrate data ...

After an eight-month Parliamentary journey, the Data (Use and Access) Act 2025 ("DUAA") received Royal Assent on 19 June 2025 ...

The data controller or processor is required to reveal the kind of personal data they process, their target subjects and the reasons for collecting and storing it.

The European Data Protection Board advised national regulators to allow personal data to be used for AI training, as long as the final product doesn’t reveal personal information.