01 Nov 2018

The long arm of the law: EU privacy regulators enforcing the GDPR's extra-territorial reach

This briefing considers the steps taken by the UK ICO and how, in light of the increasing number of high profile data incidents, Asia-based organisations need to be aware of the steps they should take in order to mitigate the risks of such incidents occurring

The UK Information Commissioner’s Office (UK ICO) has recently issued GDPR enforcement notices against a company based in Canada. This demonstrates the willingness of the EU data protection regulators to exercise their extra-territorial powers under the GDPR, including potentially against organisations in Asia. In addition, claims have been filed in the UK against companies outside the EU for alleged breaches of data privacy rules. 
  
This Client Briefing considers the steps taken by the UK ICO and how, in light of the increasing number of high profile data incidents, Asia-based organisations need to be aware of the steps they should take in order to mitigate the risks of such incidents occurring and, if they do, how to avoid enforcement action by the EU privacy regulators or related litigation.


the-long-arm-of-the-law-eu-privacy-regulators-enforcing-extra-territorial-reach.pdf

 

This material is provided for general information only. It does not constitute legal or other professional advice.