UK Government endorses new data security standards and greater patient control over use of health data

The Department of Health published its Review of Data Security, Consent and Opt-Outs (the “Review”) earlier this year. Incidents such as WannaCry (refer to article above for more detail) have created awareness of the ease and speed with which cyber-attacks can cause widespread disruption and highlight the importance of ensuring that organisations implement strong security … Read more

Draft Data Protection Bill published – no major surprises for businesses

Following its Second Reading in the House of Lords, on 22 November 2017 the draft Data Protection Bill (the “Bill”) passed the Committee Stage and will next be considered at the Report Stage on 11 December 2017. The Bill was initially published on 14 September and once finalised it will repeal the current Data Protection … Read more

The GDPR: Practical European Guidance on personal data breach notification requirements

The GDPR introduces a new mandatory requirement for all controllers to notify the appropriate data protection authority of a “personal data breach” likely to result in a risk to people’s rights and freedoms, for example following a cyber-attack. This will include providing the regulator with a significant amount of information about the breach and marks … Read more

The GDPR: ICO issues draft guidance on data controller and processor liability

In the run up to the GDPR applying from next year, there has been a variety of practical guidance for compliance at the European level through the Article 29 Working Party (“WP29”) (which reflects the consolidated view of national supervisory data protection authorities in each member state) and at the national level through the UK … Read more

The GDPR: The “whole of business” issue at the top of your board agenda

Data has evolved in our digital economy to become the lifeblood  of global trade. It affects all businesses and industries and dealing  with it is a “whole of business” issue, affecting each and every team within an organisation. With innovation, comes regulation and Europe is on the cusp of overhauling its data protection laws. Despite … Read more

UK: Limits on employers’ ability to monitor private communications

The Grand Chamber of the European Court of Human Rights’ (ECtHR) ruling in Barbulescu v Romania (61496/08) is a timely reminder of the limits of employers’ ability to monitor their employees’ private activity on work IT systems. The case concerned an employee’s personal use of a Yahoo Messenger account set up at the employer’s request … Read more

UK Government Position Paper on International Transfers of Data – Key Points

The post below was first published on our Employment blog Last week the UK Government released its negotiating position paper on international transfers of personal data within the EEA (The Exchange and Protection of Personal Data). Once the UK leaves the EEA it will no longer be subject to the General Data Protection Regulation (the … Read more