Search for:
Author

Francesca Gaudino

Browsing
Francesca Gaudino is a member of Baker McKenzie’s Information Technology & Communications Group in Milan. She focuses on data protection and security, advising particularly on legal issues that arise in the use of cutting edge technology. She has been recognized in Chambers Europe’s individual lawyer rankings from 2011 to 2014. Ms. Gaudino is a regular contributor on international publications such as World Data Protection ReviewDataGuidance, and others. She routinely holds lectures on data privacy and security at post-graduate courses of SDA – Manager Direction School of the Milan Bocconi University and Almaweb – University of Bologna. She regularly speaks at national and international conferences and workshops on the same topics.

The European Data Protection Board (EDPB) has published draft guidelines on the concepts of controller and processor in the GDPR (Guidelines). They replace the previous guidelines on the concepts of controllers and processors which the Art. 29 Working Party, i.e., basically the EDPB’s predecessor, had published in 2010. The Guidelines…

The European Data Protection Board (“EDPB”) has published draft guidelines on the concepts of controller and processor in the GDPR (“Guidelines”). They replace the previous guidelines on the concepts of controllers and processors which the Art. 29 Working Party, i.e. basically the EDPB’s predecessor, had published in 2010. The Guidelines are open for public consultation until October 19, 2020, after which the final version will be issued.

On 4 May 2020 the European Data Protection Board (EDPB) adopted updated guidelines on consent under the GDPR (“New Guidelines”). 

The New Guidelines supersede the guidelines on consent originally adopted by the EDPB’s predecessor, the Article 29 Working Party, on 10 April 2018 (the 2018 Guidelines), and subsequently endorsed by the EDPB.  

As the COVID-19 pandemic stretched across the globe, companies shifted to remote working environments and many reduced staff, all without much of an opportunity to prepare. The past two months have presented a serious threat to data security, including the most vulnerable financial data, personal data of employees and customers, and trade secrets. These risks cut across all sectors — financial services, industrial manufacturers, health care, and professional services. Recent experience confirms that an effective information security strategy should target these most-common threats: phishing, data sprawl, and employee mobility/redundancies.

Our latest edition covers 39 jurisdictions, answering five common data privacy and security questions employers may have in light of COVID-19. As the world grapples with the COVID-19 pandemic and its profound impact across regions and industries, many companies are facing difficult business and legal challenges and are required to…

Data Transfers: Derogations for specific situations (Art. 49 GDPR) In the context of the “Schrems II case,” we continue our analysis of alternative vehicles allowing the transfer of personal to third countries outside the European Economic Area. In previous papers, we focused on Binding Corporate Rules (BCR) as alternatives to…

April 3 update: Our latest edition includes updates for 12 jurisdictions in EMEA, Latin America and Asia Pacific. As COVID-19 continues to quickly spread across the globe and has officially been declared a pandemic, many companies are facing difficult business and legal challenges and are required to make some urgent…

Schrems II case – the data importer perspective Following our previous analysis of the consequences of the opinion of the advocate general Hendrik Saugmandsgaard Øe (a.g.) in the Schrems II case, from the data exporter perspective (available here), we now focus on the implications of the same with respect to…