June

Almost one year after the EU General Data Protection Regulation (GDPR) went into effect, new laws include general rules on the handling of employee data.

Three important aspects that will affect most employers include the general processing of employee data and showing how data processing is based on the employer’s legitimate interests, how an employee's biometric data may be processed or used to identify the employee, and how an employee’s or candidate’s criminal data can and should be used.
 

In the 12 months since the GDPR took effect in Latvia, the Latvian data protection authority has received a record number of complaints and has begun to impose low-level penalties.

Latvia has also adopted local data protection legislation. In addition, data controllers have begun to report personal data breaches, although many cases did not qualify to be reported under the GDPR. Overall, Latvia reports that companies have begun to pay more attention to security measures tailored specifically for personal data. Even more, GDPR-related questions have become an important part of M&A deals.
 

As part of a series on different data protection regimes across the globe and how UK businesses operate within them, Helen Foster, partner, and Rachel Marmor, counsel, both who work in technology, privacy and security at Davis Wright Tremaine LLP, consider the benefits and drawbacks of a global approach, and how businesses can best protect themselves against legal conflicts.