CEE Legal Matters
In-depth coverage of the news and newsmakers that shape Europe's emerging markets
Six years after the introduction of the GDPR, many businesses still treat it as if it were a “new law,” a regulation to be addressed later, rather than a priority today. It took years for the GDPR and data protection in general to even make their way onto Q&A lists in legal due diligence, competing alongside other established legal risks when analyzing target companies.
The European Commission and the European Data Protection Board (“EDPB”) have recently published reports on the first year of implementation of the new EU–U.S. Data Privacy Framework (“DPF”). These reports analyze the application of data protection mechanisms in cross-border transfers between the EU and the U.S., as well as ongoing challenges.
The European Union’s Network and Information Systems Directive (NIS2) was introduced to enhance cybersecurity across the EU, aiming to protect critical infrastructure and essential services such as energy, transportation, and healthcare. NIS2 sets a high bar for all EU Member States, requiring them to improve their cybersecurity resilience, implement strong risk management practices, and report incidents within strict timelines. Yet, despite these clear guidelines, Bulgaria, like many other EU countries, has been slow to adopt the necessary changes and was unable to meet the deadline for transposing NIS2 (i.e., the 17th of October this year). The delay has left Bulgaria facing several legal and operational challenges, compounded by the absence of a functioning Parliament.
In today's digital age, social media has become a ubiquitous presence in our personal and professional lives. For employers, these platforms offer a valuable yet complex tool in the hiring process. While the potential to gather additional insights about job candidates is enticing, it also raises significant legal questions regarding privacy and data protection.
Few topics have sparked as much controversy in 2024 as the seizure and examination of mobile data carriers and the data found therein. Despite an urgent need to have the legal framework amended by the end of 2024, a new draft bill was published only on 20 November 2024. We take a look.
Evo Legal Founder Arina Stivrina has joined Walless’ Latvia team as an Associate Partner.
The long-anticipated initiative to establish a new legal framework for personal data protection in Albania is finally moving forward, as the Council of Ministers has approved a draft law that aligns closely with the European Union’s General Data Protection Regulation (GDPR). This proposed legislation promises to bring significance in this important but frequently underappreciated legal domain. With its comprehensive approach and alignment with EU standards, the new law aims to greatly improve privacy protection in the national context.
