GDPR

Data Protection Predictions 2019

2018 was a landmark year for data protection and privacy; the EU General Data Protection Regulation (“GDPR“) came into effect on 25 May 2018 and implemented a comprehensive reform of the EU data protection regime. So what could 2019 possibly have in store for … Continue reading

Leave a Comment

Filed under Brexit, Data Protection, Enforcement, ePrivacy, GDPR, Guidance, Uncategorized

UK Government note clarifies “no deal” and data protection

The UK Government has published a “no deal” note to clarify how data protection law will work in the event that the UK leaves the EU without a deal. The note confirms that separate draft regulations and more detailed guidance … Continue reading

Leave a Comment

Filed under Brexit, Contractual clauses, Data Protection, Extra-territoriality, GDPR, Guidance

Brexit Withdrawal Agreement: Impact for data protection

Following a UK Cabinet meeting on 14 November 2018, the UK Government has announced support for the text of a draft Withdrawal Agreement and an outline of the Political Declaration on the Future Relationship agreed with EU negotiators. The Withdrawal … Continue reading

Leave a Comment

Filed under Brexit, Data Protection, GDPR, Guidance

General Data Protection Regulation: first enforcement notice shows extra-territorial reach

The UK data protection regulator, the Information Commissioner’s Office (ICO), has issued its first enforcement notice under the EU’s new strict data protection law, the General Data Protection Regulation (679/2016/EU) (GDPR). The notice is particularly noteworthy because it has been … Continue reading

Leave a Comment

Filed under Enforcement, Extra-territoriality, GDPR

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, Data subject rights, Enforcement, GDPR, News

Data protection if there’s no Brexit deal

On 13 September 2018, the UK Government published a series of technical notes setting out the implications in various sectors and areas of a ‘no deal’ scenario (i.e. a scenario in which the UK leaves the EU without an agreement), … Continue reading

Leave a Comment

Filed under Brexit, Contractual clauses, Data Protection, Extra-territoriality, GDPR, Guidance

New reciprocal adequacy decision allows free flow of personal data between Japan and the EEA

On 17 July 2018, the EU Commission (“Commission”) and Japan concluded the negotiations on a reciprocal finding of an adequate level of data protection by both sides. Under the General Data Protection Regulation (“GDPR”) which became effective across Europe on … Continue reading

Leave a Comment

Filed under Brexit, Data Protection, Data subject rights, Extra-territoriality, GDPR

Data breaches: new Article 29 Working Party guidance

In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article … Continue reading

Leave a Comment

Filed under Controllers, Data breach, Data Protection, GDPR, Guidance, National privacy law

Internet of Things – ICO’s six reasons why businesses should be thinking about data protection and the DCMS’s Secure by Design Report

In light of the booming market of the Internet of Things (“IoT”) and of the General Data Protection Regulation (“GDPR”), the Information Commissioner’s Office (“ICO”) has published an article focusing on the key factors manufacturers and retailers of IoT devices … Continue reading

Leave a Comment

Filed under Data Protection, DPIAs, GDPR, Guidance, IT and Technology, National privacy law, Uncategorized

Compliant or not: the GDPR is here

The GDPR came into force on 25 May 2018 and brought with it additional rights for individuals and additional obligations for organisations. It also extends its reach beyond European borders and applies not just to companies within the EEA but … Continue reading

Leave a Comment

Filed under Cyber Security, Data breach, Data Protection, Extra-territoriality, GDPR, Guidance