Tag Archives: GDPR

EDPB finally issues draft guidelines on GDPR extra-territoriality

On 23 November 2018, the European Data Protection Board (the “EDPB“) published its draft guidelines on Article 3 of the GDPR, being the provision that sets out the territorial scope of Europe’s data protection legislation. The guidelines are only in … Continue reading

Leave a Comment

Filed under Data Protection & Privacy, EU Law, GDPR, Guidance

Brexit Withdrawal Agreement: Impact for data protection

Following a UK Cabinet meeting on 14 November 2018, the UK Government has announced support for the text of a draft Withdrawal Agreement and an outline of the Political Declaration on the Future Relationship agreed with EU negotiators. The Withdrawal … Continue reading

Leave a Comment

Filed under Brexit, Data Protection & Privacy, Regulation, UK Law

General Data Protection Regulation: first enforcement notice shows extra-territorial reach

The UK data protection regulator, the Information Commissioner’s Office (ICO), has issued its first enforcement notice under the EU’s new strict data protection law, the General Data Protection Regulation (679/2016/EU) (GDPR). The notice is particularly noteworthy because it has been … Continue reading

Leave a Comment

Filed under Data Protection & Privacy, GDPR

Court of Appeal confirms Morrisons vicariously liable for employee’s deliberate actions in first successful UK class action for data breach

The Court of Appeal has today dismissed an appeal against the High Court’s decision that Morrisons was vicariously liable for its employee’s misuse of data, despite: (i) Morrisons having done as much as it reasonably could to prevent the misuse; … Continue reading

Leave a Comment

Filed under Cyber Security, Data Protection & Privacy, Digital, News, UK Law

Compliant or not: the GDPR is here

The GDPR came into force on 25 May 2018 and brought with it additional rights for individuals and additional obligations for organisations. It also extends its reach beyond European borders and applies not just to companies within the EEA but … Continue reading

Leave a Comment

Filed under Cyber Security, Data Protection & Privacy

Internet of Things – ICO’s six reasons why businesses should be thinking about data protection and the DCMS’s Secure by Design Report

In light of the booming market of the Internet of Things (“IoT”) and of the General Data Protection Regulation (“GDPR”), the Information Commissioner’s Office (“ICO”) has published an article focusing on the key factors manufacturers and retailers of IoT devices … Continue reading

Leave a Comment

Filed under Data Protection & Privacy, Digital, Technology

Risk of a “Meltdown”? Recent authority guidance and practical tips to mitigate the risk of organisations falling victim to the latest cyber exploits

Significant vulnerabilities that could allow cyber attackers to compromise data have been found in common processors in almost all modern devices. What are “Meltdown” and “Spectre”? The vulnerabilities, known as “Meltdown” and “Spectre”, are two related so-called “side-channel” attacks that … Continue reading

Leave a Comment

Filed under Cyber Security, Technology

Outsourcing to the Cloud: EBA issues Final Report on Recommendations

On 20 December 2017 the European Banking Authority (“EBA”) published its Final Report: Recommendations on Outsourcing to Cloud Service Providers (“CSPs“). The Recommendations will apply from 1 July 2018 to credit institutions as well as investment firms (i.e. not solely … Continue reading

Leave a Comment

Filed under Outsourcing, Technology

Public Sector IT Procurement Update: UK Government publishes updated Model Services Contract, guidance on GDPR re-papering and extends “G-Cloud 9” framework for cloud services procurement

Model Services Contract: On 1 January 2018, the Cabinet Office, Crown Commercial Service (“CCS“) and the Government Legal Service (“GLS“) published an updated version of the Model Services Contract (“MSC“). This version is stated to reflect developments in government policy, … Continue reading

Leave a Comment

Filed under GDPR, Outsourcing

The GDPR: ICO issues draft guidance on data controller and processor liability

In the run up to the GDPR applying from next year, there has been a variety of practical guidance for compliance at the European level through the Article 29 Working Party (“WP29”) (which reflects the consolidated view of national supervisory … Continue reading

Leave a Comment

Filed under Data Protection & Privacy