June

In a bylined article, Technology Transactions partner Rebecca Eisner and associate Lei Shen discuss some of the issues to consider as you review your vendor agreements for GDPR compliance. For example, you may need to appoint a data protection officer, depending on the types of processing your company conducts.
 
But another important and potentially time-consuming step that you need to complete is the review of your agreements with third-party vendors that will have access to your EU personal data to ensure those agreements comply with the GDPR.
 
Even if your agreements already comply with the EU Data Protection Directive, you may still need to update those agreements to meet the new requirements of the GDPR.

The Israeli Parliament has passed the Protection of Privacy Regulations (Data Security), 5777-2017.
 
The Regulations introduce a far-reaching reform to the existing information security regulations that date back to 1986 and have become ill-suited for the current technology era. The new Regulations introduce an overarching data breach notification requirement for the first time in Israel.
 
The Regulations will become standard in late March 2018, giving data handlers 12 months to prepare. The Regulations apply to anyone who owns, manages or maintains a database containing personal data in Israel. All Israeli organizations, companies and public agencies are subject to the Regulations.

Africa's third-largest economy passed its Protection of Personal Information (POPI) Act in 2013, but the data protection law is not yet fully operational.
 
The country's Information Regulator is currently drafting its procedural rules for things like handling complaints about privacy violations, and mapping out its future committees for education and outreach, enforcement, and dispute resolution. And local legal professionals are sceptical about how well-resourced it will be. It's budget allocation in the current financial year is just 10 million Rand (roughly $770,000), although that will rise to 25 million Rand in the next financial year.
 
The country passed its data protection law in 2013, but it won't be fully operational until the regulator is as well.