GDPR and ePrivacy

 

GDPR AND EPRIVACY

CIPL Recommendations for International Transfers Post-Schrems II

Back in July we wrote about the EU Court of Justice’s decision that one of the main methods for compliantly transferring personal data outside of the EEA to the US, commonly known as the “Privacy Shield” was no longer valid (due to the...

British Airways receives £20million fine from ICO for security breach

On 16th October 2020 the UK Information Commissioner’s Office announced that British Airways was to pay £20,000,000 for GDPR violations. This was a significant decrease (90%) of the originally proposed fine of £183,390,000 announced in...

Clarification: The concepts of controller and processor in GDPR

While it can feel that the GDPR is now sufficiently embedded in the way we all work, those working with data will know that the terms within it continue to sometimes less than clear cut. On 7th September 2020 the European Data Protection Board published some...

Schrems II: Privacy Shield invalidated - time to look at Data Export Mechanisms again

Last Thursday, the EU’s Court of Justice, declared that one of the main methods for compliantly transferring personal data outside of the EEA to the US, commonly known as the “Privacy Shield” was no longer valid (due to the lack of...

Covid-19 Data Protection update

Here is a round-up of recent activity from data protection bodies, governments and other organisations in the EU and UK in relation to data protection issues in the COVID-19 pandemic. ICO statement on its regulatory approach during the pandemic The ICO...

Data protection and working from home

If, like us, staff in your business are working from home for the foreseeable future, your business is probably too busy dealing with immediate financial and resourcing concerns to be thinking much about data protection compliance right now. Unfortunately,...

What happens to data protection in a global health pandemic?

Data protection compliance is probably the last thing on most people’s minds right now as businesses struggle to adapt to the financial and resourcing challenges brought by Covid-19.  At the same time, most of us are probably processing more...

Data Breach: An Investigation

    Description:   In the first 9 months of 2019 there were 5,183 breaches world-wide, with an astounding 7.9 billion data records exposed. This is a 33% increase on 2018! It is inevitable that you will experience a data breach in your...

iPhone users, the Data Protection Act and UK Class Actions

A recent case concerning Google’s use of cookies has had important implications for the development of UK class actions in privacy cases. This case will be of particular importance to those whose work involves processing and retaining clients’...

No-deal Brexit: data protection consequences for UK businesses - Part 2

This article continues to look at how UK businesses will be affected by changes in data protection law arising from a no-deal Brexit.   How can we comply with both EU and UK data protection law post-Brexit? Complying with the dual legal regime...

No-deal Brexit: data protection consequences for UK businesses - Part 1

This article looks at how UK businesses will be affected by changes in data protection law arising from a no-deal Brexit.   UK becomes a ‘third country’ The headline point is that once we’re out without a deal, the UK becomes a...

Greek Data Protection Authority fines PWC 150,000 Euro for GDPR breaches in connection with its processing of employee data

The management of employee, job applicant and staff data, under the GDPR, is a complex subject. Back in July 2018 we wrote about the subject with employment law specialists mpmlegal , to provide guidance on the ways ‘consent isn’t...

Changes to Civil Procedure Rules - privacy and data protection claims

The Ministry of Justice has announced changes, coming in on 1st October 2019, to the Civil Procedure Rules. These relate to the rights of data subjects to claim damages for breaches of data protection and privacy legislation.  Rather than only applying...

Adtech and the challenges it poses for data processing

Many people unfamiliar with the concepts of adtech, or programmatic advertising, will nevertheless experience it online firsthand daily.    Adtech is a collective term. It refers to digital tools that deliver targeted advertising to consumers...

59 charities issued with regulatory notices and referred to the ICO by the Fundraising Regulator

The Fundraising Regulator has issued 59 UK charities with regulatory notices, as well as reporting matters to the ICO and the Charity Commission. You can view a full list of the charities that have breached the Code of Fundraising Practice here . A...

Is there a right and a wrong way to use your customers' biometric data?

It stands to reason that organisations invest time and money in seeking out the best and most effective technologies for managing customer contact and, in particular, identification and authentication.  HMRC, for example - not known for its advanced or...

Commercial contracts - Preparing for a no-deal Brexit future

With the Prime Minister seemingly determined to take the UK out of the EU without a deal, the threat/promise of a no-deal Brexit is looking increasingly likely to become a reality on 31 October. The commercial and economic implications of a no-deal...

Latest news relating to UK collective actions

Over the last few months we have written about the increased chance of class actions relating to data breaches. You can read this in GDPR - one year on and GDPR - waiting for the flood . But how likely is this in a wider technology (and, in particular,...

What can we learn from GDPR fines?

In the last week there have been two significant fines signalled by the ICO under the GDPR. A complete list of fines issued under GDPR, since its introduction in May 2018, can be seen here .  Now we are a whole year on from its introduction what have...

Marriott facing nearly £100m over GDPR breach

Less than a day after the technology world was shocked to see British Airways face a potential £183m fine for a data breach, the ICO has issued a notice of its intention to  impose a £99.2m fine on international hotel group Marriott after...

British Airways faces a record fine for GDPR breach from ICO

The Information Commissioner’s Office has announced its intention to impose its biggest penalty to date and the first to be made public under the new GDPR rules. The proposed fine is £183m and relates to a data breach in 2018. In June 2018...

GDPR - one year on

With now over 1 year since the GDPR came into force and with the benefit of insight into early enforcement, it is a good time for organisations to carry out a review of their compliance with the new regulation. The big question which many have been asking is...

EU copyright directive passes with questions remaining over upload filters

On 15th April, 2019, the Directive on Copyright in the Digital Single Market was approved by all EU legislative bodies. This aims to “modern[ise] EU copyright rules for European culture to flourish and circulate”. Member states are required to...

European Commission takes action against online retailers

The European Commission has fined four consumer electronics manufacturers €110 million for forcing online retailers to adhere to fixed or minimum resale prices. Asus, Denon & Marantz, Philips and Pioneer have all been fined following a warning from...

2019 Cyber Security Breaches Survey

The Cyber Security Breaches Survey is a quantitative and qualitative survey by the DCMS of UK businesses and charities. It is designed to help organisations to understand the nature and significance of the cyber security threats they face, and what...