Data Protection

International

The challenges arising from data are countless and inescapable in our maturing technological landscape. To future-proof your organisation, and unlock opportunity from your data, you need alert and experienced lawyers who will deliver practical advice. Our team of experts includes former regulators who have been right at the heart of the development of the legal landscape in this critical area.

One-stop-shop

Clients turn to CMS to advise on global data privacy, protection and information security projects. Leading multinational companies, many of which hold large amounts of sensitive data and are heavily regulated, instruct us to advise on multi-jurisdictional projects.

Global AND local

Our teams are flexible in that they handle both large multinational projects but can also deep-dive for niche, country-specific advice. The teams are on the ground in over 40 countries, speak the local language and understand the local laws – but crucially in a global context.

Pragmatism and business acumen

CMS has a knack for turning legal advice into practical solutions that make sense not just to your legal teams, but to your other employees, such as the HR function, or software engineers.

Please reach out to any of our Technology, Media and Communications and data protection lawyers should you have an issue to explore. to find out more about data protection and data regulation offerings.

For the very latest legal updates delivered directly to your inbox, sign up to the Law-Now subscription service now.

Read more Read less
GDPR En­force­ment Track­er Re­port
The GDPR En­force­ment Track­er Re­port aims to provide you with valu­able in­sights...
Data Law Nav­ig­at­or | Over­view
100% se­cur­ity does not ex­ist. Now more than ever or­gan­isa­tions of all shapes and sizes should pay at­ten­tion to their data pri­vacy and cy­ber se­cur­ity. Un­pre­ced­en­ted num­bers are now work­ing from home, thus rais­ing ex­pos­ure to cy­ber se­cur­ity prob­lems an
CMS Breach As­sist­ant app
A head start dur­ing the first crit­ic­al hours of a data breach

Feed

Show only
28 September 2020
GDPR En­force­ment Track­er Re­port
1st edi­tion 2020All EU Mem­ber States have been re­quired to ap­ply the Gen­er­al Data Pro­tec­tion Reg­u­la­tion ("GDPR", Reg­u­la­tion (EU) 2016/679) since 25 May 2018. After a cau­tious ini­tial peri­od, the EU data pro­tec­tion au­thor­it­ies ("DPA") have in­creased their fin­ing activ­ity sig­ni­fic­antly. This GDPR En­force­ment Track­er Re­port aims to provide you with valu­able in­sights in­to the fin­ing activ­it­ies of all EU DPAs un­der the GDPR, as well as the ICO's prac­tice in the United King­dom. Our ana­lys­is is based on the pub­licly avail­able data on fines that we col­lect and com­pile at www.en­force­ment­track­er.com. We in­tend to pub­lish an­nu­al edi­tions of this re­port, and we ex­pect that the rel­ev­ance of in­sights will stead­ily in­crease as more data on fines be­comes avail­able.Over­view, coun­try and sec­tor ap­proachIn search of guid­ance on how to op­tim­ise its own data pro­tec­tion strategy and pri­or­it­ise data pro­tec­tion meas­ures, a com­pany will nat­ur­ally want to look at its peers and the com­pet­ent au­thor­it­ies' prac­tice. This holds true both in terms of busi­ness sec­tors and jur­is­dic­tion. Kick­ing off with an over­all sum­mary on the ex­ist­ing fines ("Num­bers and Fig­ures"), we have cor­res­pond­ingly di­vided the fines in­to the fol­low­ing busi­ness sec­tors and con­sidered the re­spect­ive fines' ori­gins:Fin­ance, in­sur­ance and con­sultingAc­com­mod­a­tion and hos­pit­al­ity­Health careIn­dustry, com­merce and real es­tate­Media, tele­coms and broad­cast­ing­Pub­lic sec­tor­Trans­port­a­tion and en­ergy­In­di­vidu­als and private as­so­ci­ation­sEm­ploy­er­sY­our takeawaysThe in-depth ana­lys­is per­mits first con­clu­sions to be drawn as to which busi­ness sec­tors at­trac­ted par­tic­u­larly hefty fines. We have also ana­lysed the DPAs' reas­on­ings for the fines. These as­pects to­geth­er al­low us to provide you with key takeaways for each busi­ness sec­tor. Apart from the law­ful­ness of each data pro­cessing op­er­a­tion, bol­ster­ing data se­cur­ity should re­main in the spot­light for every or­gan­isa­tion. Lit­ig­a­tion in data pro­tec­tion is set to in­crease in the near fu­ture. Or­gan­isa­tions that main­tain up-to-date se­cur­ity meas­ures will be best pre­pared for the fu­ture and for po­ten­tial lit­ig­a­tion.
17 July 2020
Schrems strikes again: EU-US Pri­vacy Shield in­val­id; Stand­ard Con­trac­tu­al...
A clash between US na­tion­al sur­veil­lance law and EU data pro­tec­tion stand­ards, which lies at the heart of Case C-311/18, Data Pro­tec­tion Com­mis­sion­er v Face­book Ire­land and Max­i­mil­lian Schrems (“Schrems I...
28 July 2020
Guide on in­ter­na­tion­al data trans­fers – Draw­ing on the Schrems II Case
Ana­lys­is on the Schrems II CJEU Judg­ment: im­plic­a­tions on in­ter­na­tion­al data trans­fers.
10 June 2020
DI­FC Data Pro­tec­tion Law
In­tro­duc­tion Fol­low­ing a series of con­sulta­tions, the Dubai In­ter­na­tion­al Fin­an­cial Centre (DI­FC) has is­sued Data Pro­tec­tion Law No.5 of 2020 (DPL), which in­creases pri­vacy com­pli­ance re­quire­ments for...
14 July 2020
The Chan­ging Face of Cy­ber Claims
CMS, Marsh, and Wave­stone con­trib­uted to this cy­ber in­sur­ance loss study which looks at prac­tic­al ways to man­age and mit­ig­ate cy­ber risk and claims in Europe.
12 May 2020
Loc­a­tion apps in the time of COV­ID-19
Con­tact tra­cing and loc­a­tion data-based ap­plic­a­tions have re­cently be­come the sub­ject of the heated de­bates in view of their wide­spread use in the fight against the COV­ID-19 pan­dem­ic. In re­sponse to...
23 June 2020
Coronavir­us (COV­ID-19) and Pri­vacy
CMS has pub­lished data pro­tec­tion guid­ance for em­ploy­ers who are re­act­iv­at­ing their work­places, and those that did not shut down their on-site op­er­a­tions.
12 March 2020
“High-risk AI”: a European ap­proach to ex­cel­lence and trust
On 19 Feb­ru­ary 2020, the European Com­mis­sion (the “Com­mis­sion”) pub­lished a White Pa­per en­titled ‘On Ar­ti­fi­cial In­tel­li­gence - A European ap­proach to ex­cel­lence’. Build­ing upon the European strategy for art...
08 May 2020
Data Law Nav­ig­at­or | Over­view
Find here in­form­a­tion about data pro­tec­tion and cy­ber se­cur­ity laws in vari­ous coun­tries world­wide.
11 March 2020
China pub­lishes new spe­cific­a­tion on per­son­al data se­cur­ity
On 7 March 2020, China pub­lished an up­dated ver­sion of the “In­form­a­tion se­cur­ity tech­no­logy – Per­son­al in­form­a­tion se­cur­ity spe­cific­a­tion” (“New Spe­cific­a­tion”), which will take ef­fect on 1 Oc­to­ber 2...
11/12/2019
Shar­ing is (S)caring: Your face is a weapon
Pod­cast
05 March 2020
Coronavir­us and the GDPR – pri­vacy ad­vice for com­pan­ies
When in­tro­du­cing meas­ures for em­ploy­ees, vis­it­ors and con­tract­ors to re­spond to the coronavir­us threat, com­pan­ies must choose pro­ced­ures that min­im­ise both the risk of in­fec­tion and pri­vacy non-com­pli­ance....