Tag Archives: ICO

Brexit Withdrawal Agreement: Impact for data protection

Following a UK Cabinet meeting on 14 November 2018, the UK Government has announced support for the text of a draft Withdrawal Agreement and an outline of the Political Declaration on the Future Relationship agreed with EU negotiators. The Withdrawal … Continue reading

Leave a Comment

Filed under Brexit, Data Protection, GDPR, Guidance

General Data Protection Regulation: first enforcement notice shows extra-territorial reach

The UK data protection regulator, the Information Commissioner’s Office (ICO), has issued its first enforcement notice under the EU’s new strict data protection law, the General Data Protection Regulation (679/2016/EU) (GDPR). The notice is particularly noteworthy because it has been … Continue reading

Leave a Comment

Filed under Enforcement, Extra-territoriality, GDPR

Data breaches: new Article 29 Working Party guidance

In anticipation of the GDPR, various guidance has been published by the Article 29 Working Party, the body of national EU data regulators. Of most relevance in the cyber context is the guidance on personal data breach notifications; the Article … Continue reading

Leave a Comment

Filed under Controllers, Data breach, Data Protection, GDPR, Guidance, National privacy law

Internet of Things – ICO’s six reasons why businesses should be thinking about data protection and the DCMS’s Secure by Design Report

In light of the booming market of the Internet of Things (“IoT”) and of the General Data Protection Regulation (“GDPR”), the Information Commissioner’s Office (“ICO”) has published an article focusing on the key factors manufacturers and retailers of IoT devices … Continue reading

Leave a Comment

Filed under Data Protection, DPIAs, GDPR, Guidance, IT and Technology, National privacy law, Uncategorized

The GDPR: Practical European Guidance on personal data breach notification requirements

The GDPR introduces a new mandatory requirement for all controllers to notify the appropriate data protection authority of a “personal data breach” likely to result in a risk to people’s rights and freedoms, for example following a cyber-attack. This will … Continue reading

Leave a Comment

Filed under Controllers, Data breach, Data Protection, Data subject rights, GDPR

The GDPR: ICO issues draft guidance on data controller and processor liability

In the run up to the GDPR applying from next year, there has been a variety of practical guidance for compliance at the European level through the Article 29 Working Party (“WP29”) (which reflects the consolidated view of national supervisory … Continue reading

Leave a Comment

Filed under Controllers, Data Protection, GDPR, Processors

UK Government Position Paper on International Transfers of Data – Key Points

The post below was first published on our Employment blog Last week the UK Government released its negotiating position paper on international transfers of personal data within the EEA (The Exchange and Protection of Personal Data). Once the UK leaves … Continue reading

Leave a Comment

Filed under Brexit, Cyber Security, Data Protection, Data subject rights, Disclosures, Extra-territoriality, GDPR

Google DeepMind trial failed to comply with data protection law

On 3 July 2017 the Information Commissioner’s Office (“ICO“) determined that the Royal Free NHS Foundation Trust (the “Trust“) had breached the Data Protection Act 1998 (the “Act”) when it provided patient details to Google’s DeepMind. The Trust provided personal … Continue reading

Leave a Comment

Filed under Data breach, Data Protection, Data subject rights, Enforcement, IT and Technology, News

Big Data Regulation: Coming soon to a business like yours?

The Financial Times recently referred to Big Data as “a vague term for a massive phenomenon that has rapidly become an obsession with entrepreneurs, scientists, governments and the media“. And it does seem to appear from the headlines that there … Continue reading

Leave a Comment

Filed under Data Protection, GDPR, Guidance, IT and Technology

Full Steam Ahead: GDPR confirmed to apply in the UK despite Brexit

The UK Digital Minister Matt Hancock has confirmed in a written statement that the General Data Protection Regulation (the “GDPR“) will come into force in the UK in May 2018 despite the UK’s move towards Brexit.

Leave a Comment

Filed under Brexit, Data Protection, GDPR, Guidance