To comply with the General Data Protection Regulations (GDPR), companies must have technical and organizational measures in place to protect personal data. In light of the recent decision of the Croatian Personal Data Protection Agency (AZOP) against a leading local security company, one measure that requires closer scrutiny is the prevention of data breaches by employees. What happens if, regardless of various security measures, a careless employee commits a data breach? Will the company be liable for a breach committed by its employee?

The Serbian Data Protection Law that was adopted in November 2018 to align Serbia’s data protection laws with the GDPR has now been in force for almost two years (its application commenced nine months after its date of adoption, in August 2019).

Privacy pros are now celebrating the three-year anniversary of the GDPR, even as we are living through the current pandemic. It is, in fact, almost impossible to talk about privacy trends without touching on the COVID-19 crisis.

This article sets out the legislative and regulatory framework governing the protection of personal data in Greece.

In Hungary, immunity to COVID-19 may be verified on the basis of Government Decree 60/2021 by way of an immunity certificate or the mobile app of the National eHealth Infrastructure (EESZT). While in principle both methods may establish immunity based on either vaccination or recovery from the illness, only the immunity certificate has been available for use since February 2021, as the EESZT mobile app is currently still in its introductory phase.

Following the adoption of the GDPR, an important new element was brought into Romania’s legal framework – the required designation of a Data Protection Officer (DPO), which is mandatory in some cases.

The COVID-19 pandemic has triggered substantial social changes and a seemingly never-ending rollercoaster of legislative amendments and re-adoptions. Both social and legislative changes occurred in the Employment Sector, inevitably including the sphere of Personal Data Protection (PDP).

In its July 2020 Schrems II judgment, the Court of Justice of the European Union invalidated the Privacy Shield for EU-US personal data transfers for commercial purposes. In a case concerning data transfers by Facebook Ireland to the US, the court concluded that because of its mass surveillance programs, the US does not provide the adequate – that is, a sufficient – level of personal data protection that is guaranteed by EU law. What conclusions may be drawn from Schrems II for personal data transfers to Russia almost one year later?

The challenges arising from the protection of personal data are countless and inescapable in our landscape. Three years after the GDPR came into force, some clear trends can be seen on the Polish market, from which a set of good enforcement practices may be derived.

With the introduction of Turkish Data Protection Law No. 6698 (the KVKK) back in 2016, data privacy has become an important aspect of M&A transactions and due diligence processes. Concerned about the potential administrative fines under the law and the strict scrutiny of the Turkish Data Protection Authority (DPA), buyers started to place greater importance on the compliance of target companies’ privacy practices with the law.

On December 31, 2020, CEE Legal Matters reported that CMS had advised contractor Arkad on the completion of the Balkan Stream Gas Pipeline project. We reached out to CMS Sofia Managing Partner Kostadin Sirleshtov for more information about the deal.

Bulgaria’s accession to NATO in 2004 challenged the country’s army to modernize its armaments and replace obsolete military equipment. This is a multi-stage process, based on a series of political decisions and a consistent implementation of a long-term strategy. Bulgaria must catch up with the other CEE members of the Alliance, which have already completed or are in an advanced stage of modernizing their armies and are already in the capacity-building process. What Bulgaria is planning, how that plan is being executed, and what opportunities we should look forward to in the near future are critical considerations.

A year ago, Bulgaria took its first steps into a new world after several months of almost total lockdown following the outbreak of the COVID-19 pandemic.

The July 17, 2021 deadline for implementing Directive (EU) 2019/1023 of the European Parliament and of the Council of June 20, 2019, on preventive restructuring frameworks, on discharge of debt and disqualifications, and on measures to increase the efficiency of procedures concerning restructuring, insolvency, and discharge of debt, and amending Directive (EU) 2017/1132 is quickly approaching, leaving little time for EU Member States to adjust their national legislations to its requirements.

Looking at the past 18 months, as economies across CEE contracted, the technology, media, and telecom sector has been surging. A balancing factor for economies, it helped avoid a deeper recession. For CEE law firms, TMT’s solid performance brought in a steady amount of work, helping polish what might otherwise have been a lackluster year.

Before the democratic changes of 1990 lawyers worked independently but under the supervision of the Minister of Justice. Remunerations were limited, leading to an administrative distribution of work. Lawyers were mainly involved in family and inheritance law, sale-purchase of housing, and cooperative relations.

While mineral extraction in Ukraine has a high potential for development and attracting investment, it always entails ecological risks which must be properly mitigated. Recently adopted laws, as well as legislation currently considered by Parliament, are aimed at balancing economic development and environmental protection.

According to Arzinger Managing Partner Timur Bondaryev, competition investigations, investment disputes, and white-collar crime matters have been keeping his team particularly busy these last few months. CEE Legal Matters sat down with him to learn more about the driving forces behind these areas in Ukraine.