Paulo Sampaio Neves, Principal Associate at Eversheds Sutherland FCB, is the author of the article "From TOMs to ESG, 2023 is proving to be eventful!"

"Companies in general, and DPOs and Compliance Officers in particular, are experiencing eventful days in 2023, and all indications are that this trend will continue.

In January , the National Data Protection Commission (CNPD) issued Guideline 2023/1 "On organizational and security measures applicable to the processing of personal data," in other words, on the "technical and organizational measures" provided for in the GDPR, which we abbreviate as TOMs."

The article provides a summary analysis of the general baseline established by the CNPD, which applies to all entities processing data, as well as the new challenge of Environmental, Social, and Governance (ESG) compliance.

"On January 1st, the German Supply Chain Due Diligence Act (GSCA) came into effect, currently applicable to organizations with more than 3,000 employees, a threshold that will be lowered to over a thousand by 2024. However, in February 2022, the proposal for the EU Directive on Corporate Sustainability Due Diligence was approved, and once it becomes final and transposed into all Member States, it will apply to organizations with more than 500 employees (or more than 250 in highly impacted sectors)."

The article is part of edition number 146 of Advocatus Magazine and can and can be fully read, in Portuguese, here.