Data Privacy & Cybersecurity

On Jan. 17, 2025, EU Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) became applicable in the EU.

DORA focusses on risk management and resilience testing, with a strong focus on vendor risk management, incident management and reporting, and resilience testing of key systems.

DORA applies to financial institutions that are authorized

Six months after the SEC’s Cybersecurity Incident Disclosure Rule (SEC Rule) came into force, an April 2024 GT Alert summarized disclosure trends. The GT Alert identified that the companies who filed a mandatory form 8-K disclosing a cybersecurity incident had erred on the side of caution, hedged on whether the materiality threshold had been met

On Jan. 16, 2025 the European Data Protection Board (EDPB) published guidelines on the pseudonymization of personal data for public consultation. The Berlin Data Protection Commissioner (BlnBDI) played a leading role in drafting these guidelines (see the German-language BlnBDI press release). The consultation is ongoing, and comments can be submitted until Feb. 28, 2025

  1. Full Steam Ahead: The European Union’s (EU) Artificial Intelligence (AI) Act in Action — As the EU’s landmark AI Act officially takes effect, 2025 will be a year of implementation challenges and enforcement. Companies deploying AI across the EU will likely navigate strict rules on data usage, transparency, and risk management, especially for high-risk AI

Cyber criminals constantly develop new ways to steal money from businesses. One common scam targeting law firms and corporate legal departments involves “imposters” pretending to be clients or other parties who are owed payment, then tricking the attorney into paying the imposters. This deception has led to a rise in lawsuits where parties are battling

On Oct. 22, 2024, the CFPB issued a final rule that will require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s final rule, called the “Personal Financial Data Rights Rule,” implements Section 1033 of Title X of the Dodd-Frank Act, a to-date