In this update, we provide you with a brief summary of two recent developments in relation to sanctions imposed under the General Data Protection Regulation (“GDPR”). Firstly, the Berlin Data Protection Authority (“Berlin DPA”) recently announced its willingness to impose multimillion-euro fines for breaches of the GDPR. This shows that also in Germany significant fines … Read more
A recent test DSAR has demonstrated companies’ differing approaches to DSAR compliance Despite the DSAR being made by a third party on behalf of the data subject, it is clear companies are uncertain regarding when or how they should ask for ID verification ICO guidance urges data controllers to be satisfied that any third party … Read more
Cyber-attacks are a continuous threat to both businesses and charities. From the Cyber Security Breaches Survey 2019 (available here as a PDF), we can see that fewer businesses are identifying breaches than in previous years, but the ones that are identifying breaches are typically experiencing more of them. Approximately 32% of businesses and 22% of … Read more
A recent post on the ICO’s AI Auditing Framework blog explores human bias and discrimination in AI systems, together with some of the technical and organisational measures which can be implemented to mitigate the legal risks associated with these issues. Read more
The UK’s data protection authority, the ICO, has announced twice in two days this week that it proposes to levy significant fines on organisations for breaches of the General Data Protection Regulation (GDPR), which took effect in May 2018. First it announced that it intends to fine British Airways some £183 million for a data … Read more
The introduction of the GDPR on 25 May 2018 caused a widespread re-think about data protection and privacy rights. From individuals being more aware of their rights, to corporate institutions working hard to ensure compliance and avoid the hefty new penalties the regulations can impose, data protection has undoubtedly been at the forefront of people’s … Read more
Just one day after its notice of its intent to fine British Airways £183.39 million, the ICO has issued a further notice of intent to fine Marriott International £99.2 million for its own data breach; The systems of the Starwood hotel group were originally compromised in 2014, prior to the acquisition of Starwood by Marriott … Read more
The Court of Justice of the European Union (“CJEU“) has heard oral submissions in the latest case questioning the legal validity of international data transfer mechanisms under the GDPR, such as Standard Contractual Clauses and the EU-US Privacy Shield; The Irish Data Protection Commissioner (“DPC“) is seeking a ruling that would find the so-called Standard … Read more
