Home / Insight / GDPR


The EU General Data Protection Regulation came into force on 25 May 2018 and introduced some of the most strict data protection laws in the world. The CMS data protection team offers clients legal advice on all aspects of the GDPR and aims to help you understand where to focus your GDPR compliance efforts.

Please select one of the jurisdictions from the list below to find out more about GDPR in your country.

Pri­vacy, Data Pro­tec­tion and Cy­ber­se­cur­ity Bro­chure
Leg­al pre­ci­sion in pri­vacy, data se­cur­ity and data pro­tec­tion
Data Law Nav­ig­at­or | Over­view
100% se­cur­ity does not ex­ist. Now more than ever or­gan­isa­tions of all shapes and sizes should pay at­ten­tion to their data pri­vacy and cy­ber se­cur­ity. Un­pre­ced­en­ted num­bers are now work­ing from home, thus rais­ing ex­pos­ure to cy­ber se­cur­ity prob­lems an
CMS Breach As­sist­ant app
The ul­ti­mate guide to deal­ing with a data breach


Show only
14 July 2020
The Chan­ging Face of Cy­ber Claims
CMS, Marsh, and Wave­stone con­trib­uted to this cy­ber in­sur­ance loss study which looks at prac­tic­al ways to man­age and mit­ig­ate cy­ber risk and claims in Europe.
17 July 2020
Schrems strikes again: EU-US Pri­vacy Shield in­val­id; Stand­ard Con­trac­tu­al...
A clash between US na­tion­al sur­veil­lance law and EU data pro­tec­tion stand­ards, which lies at the heart of Case C-311/18, Data Pro­tec­tion Com­mis­sion­er v Face­book Ire­land and Max­i­mil­lian Schrems (“Schrems...
08 May 2020
Data Law Nav­ig­at­or | Over­view
Find here in­form­a­tion about data pro­tec­tion and cy­ber se­cur­ity laws in vari­ous coun­tries world­wide.
10 June 2020
DI­FC Data Pro­tec­tion Law
In­tro­duc­tion Fol­low­ing a series of con­sulta­tions, the Dubai In­ter­na­tion­al Fin­an­cial Centre (DI­FC) has is­sued Data Pro­tec­tion Law No.5 of 2020 (DPL), which in­creases pri­vacy com­pli­ance re­quire­ments for...
April 2020
Data ac­cord­ing to Private Law
12 May 2020
Loc­a­tion apps in the time of COV­ID-19
Con­tact tra­cing and loc­a­tion data-based ap­plic­a­tions have re­cently be­come the sub­ject of the heated de­bates in view of their wide­spread use in the fight against the COV­ID-19 pan­dem­ic. In re­sponse to...
Shar­ing is (S)caring: Your face is a weapon
12 March 2020
“High-risk AI”: a European ap­proach to ex­cel­lence and trust
On 19 Feb­ru­ary 2020, the European Com­mis­sion (the “Com­mis­sion”) pub­lished a White Pa­per en­titled ‘On Ar­ti­fi­cial In­tel­li­gence - A European ap­proach to ex­cel­lence’. Build­ing upon the European strategy...
11 March 2020
China pub­lishes new spe­cific­a­tion on per­son­al data se­cur­ity
On 7 March 2020, China pub­lished an up­dated ver­sion of the “In­form­a­tion se­cur­ity tech­no­logy – Per­son­al in­form­a­tion se­cur­ity spe­cific­a­tion” (“New Spe­cific­a­tion”), which will take ef­fect on 1...
05 March 2020
Coronavir­us and the GDPR – pri­vacy ad­vice for com­pan­ies
When in­tro­du­cing meas­ures for em­ploy­ees, vis­it­ors and con­tract­ors to re­spond to the coronavir­us threat, com­pan­ies must choose pro­ced­ures that min­im­ise both the risk of in­fec­tion and pri­vacy non-com­pli­ance....
18 February 2020
‘Les­sons learnt’ from the Maastricht Uni­versity cy­ber at­tack
On 23 Decem­ber 2019, Maastricht Uni­versity found it­self the vic­tim of a sig­ni­fic­ant cy­ber at­tack, which res­ul­ted in cy­ber crim­in­als tak­ing some of its data host­age. A man­age­ment sum­mary of what happened...
17 February 2020
Opin­ion on stand­ard con­trac­tu­al clauses: more a com­pli­ance head­ache than...
A re­cent non-bind­ing Opin­ion of the Ad­voc­ate Gen­er­al has sig­nalled that the stand­ard con­trac­tu­al clauses can con­tin­ue to be used as a safe­guard for trans­fer­ring per­son­al data out­side the EEA. However,...