Error: Can't connect Warning: mysqli_query() expects parameter 1 to be mysqli, null given in /home/customer/www/hsfnotes.com/public_html/wp-content/themes/hsfnotes/template-parts/tpl_filters.php on line 186
Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null given in /home/customer/www/hsfnotes.com/public_html/wp-content/themes/hsfnotes/template-parts/tpl_filters.php on line 187
Alongside, and perhaps in the shadow of, the European Commission publishing its long-awaited draft new Standard Contractual Clauses (the “New SCCs”) to address the restrictions imposed by the GDPR in relation to making international transfers of personal data (for further details see our blog post here), the European Commission has also published a set of … Read more
Mid-October marked the start of the formal legislative approval process for China’s proposed new law on personal information protection. The milestone draft Personal Information Protection Law (PIPL) underwent is first reading by the Standing Committee of the 13th National People’s Congress and was released for public consultation on 22 October 2020. For further details on … Read more
Hot on the heels of the EDPB’s guidance on ‘supplementary measures’ with respect to international data transfers as a result of the Schrems II judgment (for further details see our blog post here), the European Commission has now published its long-awaited draft new Standard Contractual Clauses (the “New SCCs”) for consultation. Legal Background Chapter V … Read more
The Schrems II judgment from the Court of Justice of the European Union (read our blog post here) raised the bar for transfers of personal data to third countries by making clear that where Standard Contractual Clauses (“SCCs”) are being used, a level of due diligence needs to take place before any transfer can be … Read more
Summary The ICO has fined Marriott Inc (“Marriott”) £18.4 million in relation to a 2014 cyber-attack on Starwood Hotels. The ICO had previously issued a notice of its intention to fine Marriott £99.2 million. The Penalty Notice does not explain the reasons why the final fine is considerably lower than this amount. Following the ICO’s … Read more
Summary The ICO (the UK privacy regulator) has updated its guidance on data subject access rights, and the revised guidance appears to be aimed at giving organisations practical advice on managing and responding to subject access requests by including further detail and examples. Although the revised guidance has not changed dramatically, it is fair to … Read more
A recent CJEU judgment has found bulk data retention laws in the UK, France and Belgium to be incompatible with EU law. The judgment could have a negative impact on the UK’s efforts to obtain an adequacy decision from the EU Commission before the end of the year to enable to free flow of personal … Read more
The ICO has fined British Airways £20 million for breach of the GDPR in relation to its 2018 data breach. This is a significant reduction in the original proposed fine of £183 million. In the monetary penalty notice issued to British Airways, the ICO has confirmed that the reduction of almost 90% was only partially … Read more
The Information Commissioner’s Office in the UK (the “ICO”) has published for consultation its draft statutory guidance setting out how it will regulate and enforce data protection legislation in the UK. The document explains all of the ICO’s key powers (including information notices, assessment notices, enforcement notices and penalty notices). Perhaps most interestingly for organisations, … Read more
