GDPR and ePrivacy

 

GDPR AND EPRIVACY

Free guide: International Transfers - where are we now?

The data protection landscape has greatly changed over recent years, and in the last few months the rules surrounding international data transfers have been no exception. Following the departure of the UK from the EU, the issue of international data...

Dutch DPA fines company for failure to designate an EU representative

We recently wrote about the role of the representative within the context of EU GDPR legislation, now the UK is no longer part of the EU . To recap... As things stand the EU GDPR has been incorporated into UK data protection law. This means that...

EU gives draft approval to UK's data protection regime

In the wake of Brexit the UK has needed to establish a new arrangement with the European Union on the security and handling of personal data transferred from within the European Economic Area (EEA) to the UK. The European Union’s data protection...

Understanding the role of a representative under EU and UK GDPR after Brexit

Organisations in the UK and EU have been weathering a sea of changing legislation and uncertainty since the decision to leave the EU. In the case of data protection matters much remains undecided.   As things stand the EU GDPR has been incorporated...

2.7 million spam text messages sent during the pandemic - latest major ICO fines

Two companies have been fined £330,000 by the Information Commissioner’s Office for sending nuisance text messages during the COVID-19 pandemic.    West Sussex-based Leads Works Limited was fined £250,000 for sending over...

European Commission publishes draft adequacy decision for UK

Plenty of businesses have been worrying about what will happen with regards to data flows, now we’ve left the EU. Under the EU’s GDPR certain circumstances need to be in place if personal data is to be transferred outside of the EEA. This is...

Recommendations for transfer of personal data outside of EEA, following Schrems II decision, adopted

The European Data Protection Board has published its recommendations for supplementary measures required for international transfers of personal data. These include standard contractual clauses and recommendations on surveillance measures.   As a...

Ticketmaster fined £1.25 million by ICO for security fails

On 13th November 2020 Ticketmaster was fined £1.25 million by the UK Information Commissioner’s Office for failing to keep its customers’ personal data secure. The ICO found that Ticketmaster had breached the requirements of  Articles...

Standard contractual clauses for Article 28 Data Processing Agreements set out by the European Commission

The European Commission has adopted draft standard contractual clauses to be used between controllers and processors in the EEA .  These standard contractual clauses are designed to help organisations that rely on third-parties in the EEA to...

French Data Protection Authority (CNIL) fines Google and Amazon 135 million euros for alleged cookie violations

On 10th December 2020 the French Data Protection Authority (CNIL) announced that it was fining Google LLC €60 million, Google Ireland Limited €40 million and Amazon Europe Core €35 million. They found that, under the French cookie rules...

CIPL Recommendations for International Transfers Post-Schrems II

Back in July we wrote about the EU Court of Justice’s decision that one of the main methods for compliantly transferring personal data outside of the EEA to the US, commonly known as the “Privacy Shield” was no longer valid (due to the...

British Airways receives £20million fine from ICO for security breach

On 16th October 2020 the UK Information Commissioner’s Office announced that British Airways was to pay £20,000,000 for GDPR violations. This was a significant decrease (90%) of the originally proposed fine of £183,390,000 announced in...

Clarification: The concepts of controller and processor in GDPR

While it can feel that the GDPR is now sufficiently embedded in the way we all work, those working with data will know that the terms within it continue to sometimes less than clear cut. On 7th September 2020 the European Data Protection Board published some...

Schrems II: Privacy Shield invalidated - time to look at Data Export Mechanisms again

Last Thursday, the EU’s Court of Justice, declared that one of the main methods for compliantly transferring personal data outside of the EEA to the US, commonly known as the “Privacy Shield” was no longer valid (due to the lack of...

Covid-19 Data Protection update

Here is a round-up of recent activity from data protection bodies, governments and other organisations in the EU and UK in relation to data protection issues in the COVID-19 pandemic. ICO statement on its regulatory approach during the pandemic The ICO...

Data protection and working from home

If, like us, staff in your business are working from home for the foreseeable future, your business is probably too busy dealing with immediate financial and resourcing concerns to be thinking much about data protection compliance right now. Unfortunately,...

What happens to data protection in a global health pandemic?

Data protection compliance is probably the last thing on most people’s minds right now as businesses struggle to adapt to the financial and resourcing challenges brought by Covid-19.  At the same time, most of us are probably processing more...

Data Breach: An Investigation

    Description:   In the first 9 months of 2019 there were 5,183 breaches world-wide, with an astounding 7.9 billion data records exposed. This is a 33% increase on 2018! It is inevitable that you will experience a data breach in your...

iPhone users, the Data Protection Act and UK Class Actions

A recent case concerning Google’s use of cookies has had important implications for the development of UK class actions in privacy cases. This case will be of particular importance to those whose work involves processing and retaining clients’...

No-deal Brexit: data protection consequences for UK businesses - Part 2

This article continues to look at how UK businesses will be affected by changes in data protection law arising from a no-deal Brexit.   How can we comply with both EU and UK data protection law post-Brexit? Complying with the dual legal regime...

No-deal Brexit: data protection consequences for UK businesses - Part 1

This article looks at how UK businesses will be affected by changes in data protection law arising from a no-deal Brexit.   UK becomes a ‘third country’ The headline point is that once we’re out without a deal, the UK becomes a...

Greek Data Protection Authority fines PWC 150,000 Euro for GDPR breaches in connection with its processing of employee data

The management of employee, job applicant and staff data, under the GDPR, is a complex subject. Back in July 2018 we wrote about the subject with employment law specialists mpmlegal , to provide guidance on the ways ‘consent isn’t...

Changes to Civil Procedure Rules - privacy and data protection claims

The Ministry of Justice has announced changes, coming in on 1st October 2019, to the Civil Procedure Rules. These relate to the rights of data subjects to claim damages for breaches of data protection and privacy legislation.  Rather than only applying...

Adtech and the challenges it poses for data processing

Many people unfamiliar with the concepts of adtech, or programmatic advertising, will nevertheless experience it online firsthand daily.    Adtech is a collective term. It refers to digital tools that deliver targeted advertising to consumers...

59 charities issued with regulatory notices and referred to the ICO by the Fundraising Regulator

The Fundraising Regulator has issued 59 UK charities with regulatory notices, as well as reporting matters to the ICO and the Charity Commission. You can view a full list of the charities that have breached the Code of Fundraising Practice here . A...