HOW TO CALCULATE A GDPR FINE – THE PROPOSED ICO WAY

The Information Commissioner’s Office in the UK (the “ICO”) has published for consultation its draft statutory guidance setting out how it will regulate and enforce data protection legislation in the UK. The document explains all of the ICO’s key powers (including information notices, assessment notices, enforcement notices and penalty notices). Perhaps most interestingly for organisations, … Read more

High GDPR fine issued but not for a data security breach

The Hamburg data protection regulator in Germany has issued a fine of €35.3 million against retail firm H&M for breaches of the GDPR relating to the excessive and unlawful collection of employee data. Interestingly, although the fine is the highest yet levied by a German regulator, it did not relate to a data security breach, … Read more

German Regulator Publishes Schrems II ‘Checklist’

The Baden-Württemberg data protection authority (“LfDI”) has issued guidance to controllers and processors following the Schrems II judgement.  The guidance includes helpful, practical tips which entities can take with respect to their current and future international transfers. Whilst aimed primarily at organisations subject to the jurisdiction of the LfDI, the guidance may be helpful for … Read more

SCHREMS II FALLOUT CONTINUES: NEW SCCS AND EDPB GUIDANCE COMING SOON

On 3 September 2020, members of the European Parliament together with Max Schrems, the Commissioner for Justice and the Chairwoman of the European Data Protection Board (“EDPB”) met to discuss the future of EU-US data transfers in light of European Court of Justice’s (“ECJ”) decision in Schrems II. Read more

European Commission Publishes GDPR Roadmap

On 1 April 2020, almost two years after the General Data Protection Regulation (GDPR) entered into force, the European Commission published a roadmap for evaluating its application. The roadmap specifically asks for feedback on the Commission’s strategy in dealing with the issue of international transfer of personal data to third countries, focussing on existing adequacy … Read more

COVID-19 PEOPLE: DATA PRIVACY ISSUES

In these unprecedented times, COVID-19 has forced organisations to quickly put in to place measures with the aim of ensuring both business continuity and the protection of employees. In many instances, this has involved increased processing of health data, in ways that were not envisaged a short time ago. Organisations across the globe are also … Read more

It’s too soon to change the GDPR says EDPB

Summary The EDPB has reviewed implementation of the GDPR so far and has declared the first year and a half a success. The EDPB did note areas for improvement, including the impact of implementation on SMEs and issues with cooperation across different jurisdictions. However, notwithstanding these difficulties, the EDPB considers that it would be premature … Read more

Could the UK move away from GDPR to help foster innovation?

Publicly the UK government is pursuing an adequacy decision from Europe regarding data protection and privacy regulations, but recent comments from ‘Number 10’ could be interpreted as saying the UK may be comfortable pursuing a different privacy path to the EU from the end of December 2020. The issue is about more than making changes … Read more