In this issue, we cover:
The European General Court upheld the EU–US Data Privacy Framework, confirming that US laws allow only targeted data collection and that the DPRC meets EU independence standards. This provides certainty for over 3,000 US companies, though further challenges are expected. Organisations should still consider SCCs and DTIAs as alternatives.
Effective from 12 September, the EU Data Act sets rules for fair access and sharing of data from connected devices. It applies to manufacturers, service providers and cloud providers, giving users rights to access and share data. Businesses should review obligations under the Act.
The UK has introduced changes to UK GDPR, including a new lawful basis for “recognised legitimate interests”, broader research consent and updated SAR rules. International transfer provisions and enforcement fines have also been revised. Organisations should review compliance in these areas.
Proposed amendments aim to ease compliance for small and mid-cap enterprises by extending record-keeping exemptions and updating codes of conduct and certification schemes. Organisations should continue operating under current GDPR until changes are confirmed.
The DPC fined CDETB €125,000 for breach notification failures, TikTok €530 million for unlawful transfers to China, and DSP €550,000 for biometric data issues. These cases highlight the need for strong breach management, transparency and robust DPIAs.
From January 2026, MyFutureFund will automatically enrol eligible employees into pension schemes. Employers and employees will contribute equally, with government top-ups. Employers must register with NAERSA in December 2025 and prepare payroll systems now.
On the 19th of November the European Commission released the Digital Omnibus Proposal and the AI Omnibus Proposal designed to reform and simplify digital rules and regulations in Europe.
Welcome to our latest Data Protection Newsletter, where we explore key data protection and AI developments. This edition covers essential updates and insights to help your organisation stay compliant and informed.
Consulting partner Liam McKenna and director David O’Sullivan contributed to an Irish Times special report on Gen AI and its use within the Irish workforce. They talked about the risks and responsibilities and the role of strong governance combined with a clear strategy. The following is a summary of their points.
Amplify your business with innovative solutions.
Forvis Mazars supports you in achieving and maintaining data protection and privacy compliance
End of the era of technology self regulation
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.
