The UK data protection regulator, the Information Commissioner’s Office (ICO), has issued its first enforcement notice under the EU’s new strict data protection law, the General Data Protection Regulation (679/2016/EU) (GDPR). The notice is particularly noteworthy because it has been… Read more

The Court of Appeal has today dismissed an appeal against the High Court's decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse;… Read more

On 13 September 2018, the UK Government published a series of technical notes setting out the implications in various sectors and areas of a 'no deal' scenario (i.e. a scenario in which the UK leaves the EU without an agreement),… Read more

On 17 July 2018, the EU Commission (“Commission”) and Japan concluded the negotiations on a reciprocal finding of an adequate level of data protection by both sides. Under the General Data Protection Regulation (“GDPR”) which became effective across Europe on… Read more

In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article… Read more

In light of the booming market of the Internet of Things (“IoT”) and of the General Data Protection Regulation (“GDPR”), the Information Commissioner’s Office (“ICO”) has published an article focusing on the key factors manufacturers and retailers of IoT devices… Read more

The GDPR came into force on 25 May 2018 and brought with it additional rights for individuals and additional obligations for organisations. It also extends its reach beyond European borders and applies not just to companies within the EEA but… Read more

With increased outsourcing to the cloud or other third party external service providers and an increasingly complex supply chain for businesses, modern strategies for leveraging data can bring significant business efficiencies, competitive edge and growth opportunities, but also a range… Read more

We are living in an increasingly inter-connected digital society where the services of many organisations are global in nature, and yet internet activities are still being tackled by national laws and regulations. The online world does not respect physical or… Read more

Described by some as the “new oil” for the digital economy, there is no doubt that data are now seen as critical for organisations to succeed. Data are a powerful and lucrative fuel for productivity. If not adequately protected, data… Read more

This briefing is the second in our multi-disciplinary GDPR series which aims to help you successfully navigate the GDPR as 25 May 2018 approaches. Here we place the spotlight on key compliance considerations in the employment sphere. Data is ubiquitous… Read more

The Department of Health published its Review of Data Security, Consent and Opt-Outs (the “Review”) earlier this year. Incidents such as WannaCry (refer to article above for more detail) have created awareness of the ease and speed with which cyber-attacks… Read more

Following its Second Reading in the House of Lords, on 22 November 2017 the draft Data Protection Bill (the “Bill”) passed the Committee Stage and will next be considered at the Report Stage on 11 December 2017. The Bill was… Read more

The GDPR introduces a new mandatory requirement for all controllers to notify the appropriate data protection authority of a “personal data breach” likely to result in a risk to people’s rights and freedoms, for example following a cyber-attack. This will… Read more

In the run up to the GDPR applying from next year, there has been a variety of practical guidance for compliance at the European level through the Article 29 Working Party (“WP29”) (which reflects the consolidated view of national supervisory… Read more

Data has evolved in our digital economy to become the lifeblood  of global trade. It affects all businesses and industries and dealing  with it is a "whole of business" issue, affecting each and every team within an organisation. With innovation,… Read more

The post below was first published on our Employment blog Last week the UK Government released its negotiating position paper on international transfers of personal data within the EEA (The Exchange and Protection of Personal Data). Once the UK leaves… Read more

Last month the Council of the European Union published its progress report on the first draft of the ePrivacy Regulation (the "Draft Regulation"). The Draft Regulation was issued by the EC in January of this year and focuses on the… Read more

On 21 June 2017 the Queen's Speech was delivered in the Houses of Parliament and announced a number of measures relevant to the TMT sector. ... Read more

On 18 July 2017 the House of Lords European Union Committee (the "Committee") published a report covering the impact of Brexit on four aspects of the EU Data Protection Package: the General Data Protection Regulation (the "GDPR") which will become… Read more

The European Commission published its first draft of the EU General Data Protection Regulation ("GDPR") in January 2012, which set out a comprehensive reform of the current existing EU regime. The reform was designed to give citizens more control and… Read more

The new report referenced in the article above, follows comprehensive guidelines (the "Guidelines") published by ENISA in February 2017 for Member States and the European Commission on how to implement incident notification for "digital service providers" ("DSPs") across the EU,… Read more

In one of the most dramatic and widespread cyber attacks to date, on Friday 12 May 2017, a worldwide ransomware attack known as "WannaCrypt" or "WannaCry" began infecting hundreds of thousands of computers in over 150 countries. Starting in the… Read more

On 15 May 2017, the Council of the European Union published its progress report (the "Report") on the first draft of the ePrivacy Regulation (the "Draft Regulation"). The Draft Regulation focuses on the processing of personal data and protection of… Read more

It is fair to say the European data protection and privacy framework is currently undergoing a full overhaul. The European General Data Protection Regulation ("GDPR") and the current proposed reforms to the e-privacy regime have been firmly in the spotlight… Read more

The Financial Times recently referred to Big Data as "a vague term for a massive phenomenon that has rapidly become an obsession with entrepreneurs, scientists, governments and the media". And it does seem to appear from the headlines that there… Read more

The UK Digital Minister Matt Hancock has confirmed in a written statement that the General Data Protection Regulation (the "GDPR") will come into force in the UK in May 2018 despite the UK's move towards Brexit. ... Read more

The EU General Data Protection Regulation has finally been approved and published in the Official Journal. The countdown to its application date of 25 May 2018 has therefore begun. The European Commission published its first draft of the EU General… Read more