The end of the Brexit transition period on 31 December 2020 means the UK now has full autonomy over its data protection policies. As of 1 January 2021 the UK is recognised as a ‘third country’ under EU General Data Protection Regulation (GDPR) rules. The EU-UK Trade and Cooperation Agreement, which is an agreement in principle between the EU and UK, does not yet include a provision for the vast flow of personal data being transferred between the two jurisdictions. The transfer of personal data will be subject to a separate adequacy decision from the EU due in early 2021. This separate adequacy decision will determine whether the EU will allow the ongoing free flow of data from EU/EEA countries to the UK. If an adequacy decision is not granted, then organizations who transfer personal data from the EU/EEA to the UK will have to take additional steps to ensure data being transferred is provided equivalent protections to those under the EEA. The UK has already determined that it considers all EEA/ EU states to be adequate which means that personal data flows from the UK to the EU/EEA will remain unaffected.

As discussed in a previous McGuireWoods alert, the Department of Health and Human Services (HHS) published final rules, effective Jan. 19, 2021, that significantly amend the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute (AKS) and the Civil Monetary Penalties (CMP) Law. This client alert, the latest in McGuireWoods’ summary series on these

NovaQuest Private Equity has announced it has acquired CoreRx.

CoreRx, based in Clearwater, Fla., is a contract development and manufacturing organization that serves small to mid-sized pharmaceutical and biotech organizations. Founded in 2006, the company offers preformulation, formulation, analytical and stability, clinical manufacturing, commercial manufacturing and packaging services.

NovaQuest Private Equity is the private

Once again, the Virginia legislature is set to consider comprehensive data privacy legislation.  In the 2020 regular session of the Virginia General Assembly, the House of Delegates referred several bills dealing with privacy issues, including a proposed data privacy law, to the Virginia Joint Commission on Science and Technology for study.

This year, it appears Virginia is poised to seriously consider adoption of a broad consumer data privacy framework.  Senate Bill 1392 , sponsored by Senator David Marsden (D-Fairfax), was introduced on January 13, 2021. House Bill 2307, sponsored by Delegate Cliff Hayes, Jr. (D-Chesapeake), was introduced on January 20, 2021. The bills create the “Consumer Data Protection Act.”

Virginia does not currently have a comprehensive data privacy law governing consumer data.  Like most states, it has a data breach notification law and various protections for specific types of data in certain contexts.

In Part II of this series, California-based Ali Baiardo, and London-based Alice O’Donovan, continue their comparison of the GDPR and California privacy law. To view Part I in the series, click here.

NEW DATA PROTECTION PRINCIPLES AND OBLIGATIONS ON BUSINESSES
a. Key data protection principles
The GDPR revolves around seven key data protection principles:

  • Lawfulness, fairness and transparency;
  • Purpose limitation;
  • Data minimisation;
  • Accuracy;
  • Storage limitation;
  • Integrity and confidentiality (security); and
  • Accountability

    • Heritage Group has announced the closing of its oversubscribed third fund with more than $300 million.

    Heritage Group, based in Nashville, Tenn., makes control and minority equity investments exclusively in the healthcare industry. Founded in 1986, the firm has flexibility on investment size, including interest in pre-EBITDA businesses, as it pursues provider services companies

    As discussed in a previous McGuireWoods alert, the U.S. Department of Health and Human Services (HHS) published final rules expected to be effective Jan. 19, 2021, that significantly amend the Physician Self-Referral Law (Stark Law) and the federal Anti-Kickback Statute (AKS). This client alert, the latest in McGuireWoods’ summary series on these final rules,

    On January 1, 2021, the United States Senate joined the House of Representatives in overriding President Trump’s veto, and the National Defense Authorization Act (NDAA) became law. The NDAA was passed chiefly to authorize appropriations for military activities of the Department of Defense. The NDAA also includes a provision codifying the U.S. Securities and Exchange Commission’s (SEC) authority to seek in federal court actions disgorgement up to five years after the occurrence of securities laws violations, and expands that authority to ten years where those violations involve scienter-based (intentional) fraud. The new law resolves the much debated issues regarding the SEC’s disgorgement authority and the extended period during which the SEC now may seek disgorgement will have an immediate, significant impact on individuals and entities involved in SEC investigations and litigation.

    As discussed in a previous McGuireWoods alert, the U.S. Department of Health and Human Services (HHS) published final rules expected to be effective Jan. 19, 2021, that significantly amend the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute (AKS) and the Civil Monetary Penalties (CMP) Law. This client alert, the first in McGuireWoods’