On 1 July 2027, the Act amending Kentucky Revised Statutes on data privacy (HB 692) enters into force. The Act amends KRS 367.3617 to require controllers to establish, implement, and maintain reasonable administrative, technical, and physical data s…
On 1 July 2027, the Act amending Kentucky Revised Statutes on data privacy (HB 692) enters into force. The Act amends KRS 367.3611 to introduce definitions of "automatic content recognition data" and "smart monitor." "Automatic content recognition d…
On 1 July 2027, the amended Article 32-2(1) proviso and Article 75(2) item 15 of Act No. 21445, amending the Personal Information Protection Act, entered into force. Under the amended Article 32-2(1) proviso, personal information processors meeting …
On 2 April 2027, the Regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679 enters into force. The regulation aims to harmonise the criteria for assess…
On 1 April 2027, the Information Security Level Evaluation obligations in the Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force. The Korea Ministry of Science and ICT m…
On 1 April 2027, the final rule on personal financial data rights came into force for depository institutions that hold at least USD 10 billion in total assets but less than USD 250 billion or non-depository institutions that did not generate USD 10…
On 27 March 2027, Regulation Number 17 of 2025 concerning Governance of Electronic System Implementation in Child Protection enters into force following the conclusion of the two-year transition period that began on 27 March 2025. Under this regulat…
On 26 March 2027, specific provisions of the European Health Data Space (EHDS) Regulation (2025/327) come into force. These include the adoption of common specifications for EHR systems, which will set requirements for interoperability, security and…
On 18 March 2027, the guidance on operational incident reporting for firms with Part 4A permission, payment service providers (PSPs), credit rating agencies, and other financial firms enters into force. The guidelines establish a standardised proces…
On 18 March 2027, the guidance on material third-party arrangements (FG26/4) comes into force. It applies to designated investment firms, authorised electronic money or payment institutions, and other financial institutions. The guidance requires fi…