General Commercial

 

General Commercial

Cybersecurity Series: Startups & Acquisitions

More and more companies are being built with the expectation of acquisition within 5-10 years. Increasing numbers of entrepreneurs are taking a fail-fast, fail-well approach to innovation, focusing on rapid growth and extremely high risk… and...

Article 30, GDPR and documentation - what you need to know

The facts Article 30 of the General Data Protection Regulation ( GDPR), which comes into force on 25 May 2018, states that data controllers and processors need to keep internal records of data processing activities. The Information...

Fees: Yes... more changes are coming on 25th May

We’ve spoken a great deal about the forthcoming GDPR and the steps your organisations need to take to best prepare. Included within this is the fact that, as of 25th May, data controllers will no longer need to register with the ICO, each year....

Commercial contracts and cyber insurance requirements

We don’t need to tell you that cybersecurity is in the news. In fact, you’ve probably seen our popular Cybersecurity Series , discussing everything from passwords to training , encryption to how to identify and manage a breach . If we...

Brexit and adequacy... is a decision possible?

A recent Court of Appeal case has highlighted that, whatever the UK Government might say and wish for, getting an “adequacy decision” to allow free sharing of data once the UK leaves the EU is not a slam-dunk. As with most things Brexit-related,...

Cyber-attack results in £400,000 fine for Carphone Warehouse

The Information Commissioner’s Office (ICO) has fined the Carphone Warehouse for major inadequacies in its data security, which resulted in a cyber-attack that lasted for over a week. More than 18,000 customers were compromised in the breach,...

Article 29 Working Party reviews EU-US Privacy Shield

The Privacy Shield, a framework which governs and legitimises transatlantic data flows between the EU and the US, has been accused of not providing sufficient protection to the rights and freedoms of EU citizens. The European Commission recently completed...

Facing a future of more privacy and group action claims

We mentioned, in a number of our previous posts, that the coming GDPR changes present an increased risk of privacy litigation and ‘group actions’. The focus, to date, has tended to be on the significant fines, for non-compliance. However, the...

Morrisons ruled as vicariously liable for employee's data breach

It’s the story everyone in data protection is talking about. The High Court has ruled that an employer can be vicariously liable for an employee’s misuse of data, even when they can demonstrate that they’ve done as much as reasonably...

SQN Viewpoint: Opportunity or Threat? - Privacy, GDPR and Marketing

In this guest post Chris Ritchie, COO, SQN  offers his views. First published on the European Sponsorship Association blog  on 15th December 2017. As with many things in life, the answer to this question depends on your perspective. It...

PWC Global State of Information Security Survey Report - what you need to know

“Massive cybersecurity breaches have become almost commonplace, regularly grabbing headlines that alarm consumers and leaders. But for all of the attention such incidents have attracted in recent years, many organizations worldwide still struggle to...

Website privacy notices "too vague and generally inadequate"

A review of 30 UK websites, by the Information Commissioner’s Office, has found that the majority of data protection and privacy notices were inadequate. The study looked at organisations across the retail, banking, lending, travel and finance price...

What challenges does GDPR pose to the marketing list industry

Even without the advent of GDPR in May 2018, it is clear that the marketing list industry, which for many years had operated without much in the way of regulatory scrutiny, had caught the information commissioner’s attention. In 2016, the ICO handed...

GDPR and employment law - If employees cannot consent, how can you process their data?

In a previous blog , we looked at the impact of the General Data Protection Regulation (GDPR) on employee consent as a valid processing ground, and how it is, in effect, nullified under the new rules at least so far as the employment relationship is...

Launching our new Cybersecurity content

Cybersecurity may now be the most common buzzword we hear.  If it’s not popping up at work, we’re reading about the consequences of a cybersecurity breach, or a new vulnerability, in the press.  Business leaders are expected to know...

LAUNCHING E-LEARNING: Helping to prepare workforces for the biggest change to data protection legislation in 20 years

We're delighted to announce the launch of a comprehensive solution of training, audit and support packages for organisations preparing for the General Data Protection Regulation (GDPR) .  This offering spans all levels of commercial need, from...

How to write a GDPR compliance 'white paper'

A white paper is an information document used by businesses to inform customers about an issue relevant to their business and present their perspective on that issue, with a view to encouraging customers and potential customers to learn more about and/or...

Snooping on employee emails breaches the right to a private life

In the case of Bărbulescu v Romania, a case in which an employee was fired for using his workplace instant messenger to send personal messages, the Grand Chamber of the Court of Human Rights has ruled that the Romanian domestic authorities’ failure to adequately protect Mr Bărbulescu (B) from the monitoring of his workplace communications by his employer was in violation of his right to respect for private and family life under Article 8 of the Convention.

JD Wetherspoon deletes database

The news that JD Wetherspoon has deleted their email database of 750,000+ names has received wide-spread coverage. The multi-million pound pub chain stated “we won’t be emailing you anymore and we have deleted your details” and “from now on you can contact us and find out about events and news here,” pointing to their Facebook page and Twitter profile… a bold move from this major brand. But why would they make such a move?

UK Government publishes plans for data protection reforms

The UK Government has published its plans to reform the UK’s data protection laws in a Statement of Intent. For those already preparing for the EU’s new GDPR (you can read our handy guide here).  Some of these proposals will apply to the UK only, however.

Getting ready for GDPR - chapter 2

Part Two – external issues In Part One of this series, we looked at some of the internal issues organisations need to come to terms with in their efforts to comply with the GDPR. In this Part Two, we look at the outward-facing, public or third...

Getting ready for GDPR

Introduction With less than 1 year to go until the GDPR comes into force, there is no end of information out there on what organisations need to do to get themselves ready for GDPR compliance. But in this 2-part series, we aim to draw it all together...

GDPR and employment law - consent is no longer consent

‘The Employee consents to the Company processing data relating to the Employee for legal, personnel, administrative and management purposes and in particular to the processing of any sensitive personal data (as defined in the Data Protection Act 1998)...

Investigatory Powers Bill in 'Ping Pong'

The Investigatory Powers Bill (also known as the “Snooper’s Charter”) on 2nd November again made its way back to the House of Commons, following a rejection of an amendment inserted by Parliament following a majority vote in the House of...