Data Protection & Privacy

Welcome to the home of data protection & privacy on Law-Now.

To stay in touch with the latest developments, please bookmark this page on your mobile or register to receive eAlerts.

Recent Articles

  •  
    18/06/2025
    Belgium

    Launch of new portal for data breach notification by the Belgian Data Protection Authority

    The Belgian Data Protection Authority (BDPA) has just launched a new portal for data breach notification, which went live on 10 June 2025 (see announcement in French or Dutch). This significant development aims to streamline the process of notifying data breaches in Belgium. We provide an overview of the key changes and requirements introduced by this new portal and offer practical guidance to ensure compliance.What are the key changes and requirements?The new portal consolidates the notification process, requiring data controllers to use a single platform for all data breach notifications. This...
    Read more
  •  
    16/06/2025
    APAC

    Malaysian Guidelines on Cross-Border Data Transfers

    On 29 April 2025, the Personal Data Protection Commissioner of Malaysia issued the Guidelines on Cross Border Personal Data Transfer (“Guidelines”), providing comprehensive guidance on the transfer of personal data out of Malaysia. These Guidelines are intended to clarify the requirements under the amended Section 129 of the Personal Data Protection Act 2010 (“PDPA”) and to assist data controllers in ensuring compliance when engaging in cross border personal data transfers. The Guidelines should be read in conjunction with the PDPA and any other relevant legislative instruments.Scope...
    Read more
  •  
    05/06/2025
    Europe

    EDPB issues draft Blockchain Guidelines (Part 2)

    On 8th April, the European Data Protection Board (EDPB) published draft guidelines on the processing of personal data through blockchain technologies. These guidelines aim to help controllers use blockchain technology while complying with the General Data Protection Regulation (GDPR). Stakeholders can comment on these guidelines until 9th June 2025. This article summarises the key points relevant to the data controllers using blockchain.This article is the second part of our article series on this topic. You can read part 1 here.Data retention periods on blockchain: forever and beyond?Controllers...
    Read more
  •  
    05/06/2025
    Europe

    EDPB issues draft Blockchain Guidelines (Part 1)

    On 8th April, the European Data Protection Board (EDPB) published draft guidelines on the processing of personal data through blockchain technologies. These guidelines aim to help controllers use blockchain technology while complying with the General Data Protection Regulation (GDPR). Stakeholders can comment on these guidelines until 9th June 2025. This article summarises the key points relevant to data controllers using blockchain.This article is the first part of our article series on this topic. Part 2 will follow soon.Blockchain technology and personal dataA blockchain means both an ecosystem...
    Read more
  •  
    03/06/2025
    APAC region

    Cyber Space: Global insights on cyber and data risk for insurers

    Issue 3, June 2025. Navigating the wave of increased cyber regulation in APACThe Asia-Pacific (“APAC”) region is riding a wave of increased cyber regulation, with Singapore, Malaysia, and Hong Kong each rolling out significant legislative changes to strengthen cyber resilience and accountability. This article explores how these legislative developments are reshaping the compliance landscape for organisations, especially those operating critical infrastructure or digital services.The common thread running through these developments is a clear move towards more robust regulatory oversight....
    Read more
  •  
    28/05/2025
    Europe

    European Commission proposes GDPR sim­pli­fic­a­tion for small mid-cap enterprises

    On 21 May 2025, the European Commission unveiled its long-awaited fourth Simplification Omnibus package, which targets the General Data Protection Regulation (GDPR), the EU’s flagship data-protection legislation. The Commission states that its aim is to reduce bureaucracy and create a regulatory environment that drives innovation, growth, quality jobs and investment.The following article outlines how the proposed GDPR simplification will achieve these objectives.GDPR simplificationArticle 30 of the GDPR states that each controller and processor must maintain a record of processing activities....
    Read more