About Stephan Grynwajc

This author has not yet filled in any details.
So far Stephan Grynwajc has created 41 blog entries.

The IR35 legislation and what it means for employers in the private sector

NEWSLETTER Issue July 2019 SPECIAL EDITION ON IR35 AND EMPLOYMENT STATUS Your guide on and how to prepare for the IR35 reforms The tax law reforms to be implemented from 6th April 2020 will have a huge implication for employers in the private sector. The reforms are designed to tackle even further "disguised employment" where an employee tries to exploit the tax benefits of working through a personal services company (PSC). Background to legislation The IR35 legislation (IR 35) was introduced in 2000 with the main purpose of removing the tax advantages for individuals providing their services via PSCs (such [...]

By |2019-08-06T12:45:56+00:006 August 2019|UK|0 Comments

GDPR – what are the requirements for a Data Protection Officer?

The GDPR makes it mandatory for certain companies that control and process the personal data of EU residents to appoint a Data Protection Officer (DPO). However, even when the GDPR does not impose the appointment of a DPO you may find it useful to designate a DPO on a voluntary basis. When do you have to appoint a DPO? The GDPR makes it mandatory to designate a DPO if, in particular, your core activity consists of processing operations which require regular and systematic monitoring of data subjects on a large scale. This might concern you. But what does this really [...]

By |2019-02-12T21:14:10+00:0012 February 2019|European Union|0 Comments

GDPR for U.S.-based law firms – what are the obligations?

Much has already been written about the new General Data Protection Regulation (GDPR) and how it applies to organizations that collect or otherwise access the personal information of EU residents, irrespective of whether those organizations maintain a physical presence in the European Union. However, much less if anything, has been written about our own obligations as lawyers under the GDPR whenever our activities lead us to collect the personal data of EU-residents directly or through our U.S.-based clients. This is the purpose of this article. Before I dive into the core obligations of law firms under EU law, I would [...]

By |2019-02-12T21:10:42+00:0012 February 2019|European Union|0 Comments

So, Is Privacy Shield GDPR Compliant?

In the first edition of this article published on this blog on March 3, 2018, I explained how the Privacy Shield fits within the overall question of compliance with GDPR, and whether it is deemed sufficient in documenting a company’s compliance with the new EU law on privacy. Indeed, one of the most common questions I continue to get asked  about the Privacy Shield is, “Is Privacy Shield GDPR compliant?”. This question needed to be clarified , as it could mean one of two things in the mind of the person asking it: Is the Privacy Shield a mechanism that meets the [...]

By |2019-02-12T21:08:00+00:0012 February 2019|European Union|0 Comments

Alleging “legitimate interests” to process data for marketing purposes

If legitimate interest is often seen as the most convenient method relied upon by organizations for processing data, it is also one of the most litigated areas at both the European level and the national level in the EU. In this article we explore the particular use of legitimate interest to justify the processing of personal data for marketing purposes. […]

By |2018-07-26T03:05:29+00:0026 July 2018|European Union|0 Comments

Want to Comply with GDPR? Hire EU counsel!

Since GDPR was announced there has been no shortage of “experts” offering GDPR services. However, how many of these consultants are really experts in EU law? In this article, we explain why getting the right lawyer on board – and ensuring that that lawyer is admitted to practice in the EU – is key to maximizing your chances of complying with GDPR and the “national derogations“. […]

By |2018-06-24T16:36:35+00:0023 June 2018|European Union|0 Comments

So You think You Comply with GDPR? Introducing the National Derogations

We’re just about to celebrate the one month anniversary of the entry in force of the General Data Protection Regulation (GDPR) and you believe you’ve done your part to comply with the next text. Yet, if you think this means you comply with EU privacy laws, think twice. In this article we’re introducing the “National Derogations”. Background: Regulations v. Directives We already discussed in a previous article on this blog the difference between regulations and directives when we first introduced the GDPR. For those of you who are not familiar with the ins and outs of EU lawmaking, the EU [...]

By |2018-06-23T13:37:55+00:0023 June 2018|European Union|0 Comments

Does the Privacy Shield Replace the GDPR?

In a previous article written in this blog (“Is Privacy Shield GDPR Compliant?”) I explained the purpose of the Privacy Shield and how it needs to be interpreted in the context of one’s documenting obligations under the GDPR. In this new article, I draw some conclusions as to its sufficiency against the Adequacy Principle, one of the GDPR’s foundational principles. […]

By |2018-06-21T13:27:35+00:0021 June 2018|European Union|0 Comments