The ICO’s Regulatory Action Policy: What to expect in the new GDPR era
The Information Commissioner’s Office (ICO) has begun consulting on a new Regulatory Action Policy (“the Policy”). This new policy is intended to provide “direction and focus” for those the ICO...
View ArticleGDPR: The significance of the new principle of accountability
The GDPR has introduced a new accountability principle: the data controller “shall be responsible for, and be able to demonstrate compliance, with” each of the six principles of the GDPR. For a...
View ArticleSome welcomed guidance for data controllers: Court of Appeal confirms the...
Mixed data cases present a particular challenge for data controllers and, as Adam Chapman noted in his previous commentary of this case in the High Court, “in ‘three way’ cases such as these, the data...
View ArticleJoint data controllers – yet more data protection uncertainty
In two recent decisions the CJEU has adopted a maximalist, and probably to many people a counter-intuitive, approach to the issue of the identification of joint data controllers – the effect the...
View ArticleData breach reporting – the only way is up
The Information Commissioner’s recently published Annual Report for 2017/18 reveals a substantial – 29% - increase in the number of self- reported data breaches. In light of the fact that the GDPR...
View ArticleThe Data Protection Act 2018: new criminal offences for data breaches
The Data Protection Act 2018 (“the Act”) repeals and replaces the UK’s existing data protection laws to keep them up to date for the digital age to ensure that United Kingdom “retains its world-class...
View ArticleData Protection Act 2018 and law enforcement: an introduction
Two months ago, the introduction of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”) significantly changed our data protection landscape (see our related blogs)....
View ArticleDisclosure of Suspicious Activity Reports may not amount to Tipping-off, says...
The High Court has held that suspicious activity reports may amount to “personal data” for the purposes of the Data Protection Act 1998 (“DPA 1998”) and are potentially disclosable following a subject...
View ArticleGDPR and Brexit: the draft withdrawal agreement and data transfers from the EU
International transfers of personal data are instantaneous and constant. Everyday business functions such as uploading data files to the cloud or sending emails potentially involve transferring...
View ArticleCare homes take heed: if you have failed to pay the ICO data protection fee...
The Information Commissioner’s Office (ICO) has commenced formal enforcement action against care homes that have failed to pay the data protection fee.
View ArticleGDPR for the UK: Brexit and international transfers of personal data
With the UK due to leave the EU on 29 March 2019, UK Parliament is working towards creating new regulations to ensure that the UK’s data protection standards will be equivalent to EU law post-Brexit....
View ArticleBrexit Update: EU-US Privacy Shield
On 20 December 2018, the US Department of Commerce issued updated standards of compliance for participants in the EU-US Privacy Shield Framework (“Privacy Shield”) to continue receiving personal data...
View ArticleGDPR Compliance for US Companies
Focussing upon US companies considering their privacy policies and procedures in Silicon Valley and beyond, in this blog we consider the geographic scope of GDPR and the core business functions it...
View ArticleOur current Brexit options and the consequences for UK data protection law
EU leaders are due to meet today (1700 GMT) for an emergency summit dedicated to Brexit at which it is rumoured that they will grant an extension to the UK’s departure from the EU. The infographic...
View ArticleInnovation and data protection compliance: when opposites attract
Getting your black letter law data protection specialists to join your post-it wielding innovators on their bean bags might be challenging but it is important. Perhaps try breaking the ice with some...
View ArticleHow to respond to a subject access request: a step by step guide for...
Any individual dissatisfied with the speed or content of an organisation’s response to a SAR will find it quick and easy to complain to your organisation or the ICO. This guide is intended to make...
View ArticleWhatsApp messages: a treasure trove of evidence in team moves
The Court of Appeal’s judgement in Forse & ors v Secarma Ltd & ors is an important case on springboard injunction applications in employee competition and team move cases. It is also a prime...
View ArticleOverhaul of SARS regime to be welcomed
The Law Commission has this week made an important intervention in the world of anti-money laundering with its report on the Suspicious Activity Report (SARs) regime, including an analysis of...
View Article“WhatsApp” with Dominic Grieve’s motion for Brexit communications?
Monday night’s marathon session in Parliament saw a number of issues debated into the small hours and further defeats for the government. While many raised important political and legal issues, one of...
View ArticleData protection for your business after a no-deal Brexit
At the time of writing, it is possible that the UK could exit the EU on 31 October 2019 (“exit date”) without a deal which means immediately leaving EU institutions such as the European Court of...
View Article
