Global Privacy & Security Compliance Law Blog

Commentary on Global Privacy and Security Issues of Today

Latest from Global Privacy & Security Compliance Law Blog

The Measures outline requirements and procedures for self-initiated and regulator-mandated compliance audits from May 1, 2025.

By Hui Xu and Bianca H. Lee

The Cyberspace Administration of China’s (CAC’s) official release of the Measures for Personal Information Protection Compliance Audits (the Measures) marks the CAC’s commitment to implementing the compliance audit system under the PIPL,

The EU regulation designed to facilitate secondary use of clinical data for research brings benefits for health research, but also poses challenges for companies.

By Deniz Tschammler, Danielle van der Merwe, Oliver Mobasser

On 5 March 2025, Regulation 2025/327 creating the European Health Data Space (the EHDS Regulation) was published in the Official

The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom.

By Brian Meenagh, Calum Docherty, Faisal Imam,* and Ksenia Koroleva

The Saudi Data & Artificial Intelligence Authority (SDAIA) has released non-binding guidelines for assessing risks when transferring or

Proposals grant controllers increased flexibility for automated decision-making, provided suitable safeguards are implemented.

By Fiona Maclean, Gail Crawford, Amy Smyth, and Lorenzo Meusburger

On 23 October 2024, the UK government introduced the Data (Use and Access) Bill (the Bill) to Parliament, marking a significant step in the evolution of the country’s data