GDPR and ePrivacy

GDPR stands for the General Data Protection Regulation and it comes into force on 25th May 2018. Quite simply, it’s a new, updated data protection law enabling consumers to take back control of who uses their personal information and when. For those with businesses you’ll need to make sure your data is managed correctly and comply else you face heavy penalties.

Here at Clayden Law this is a key area of expertise and we're working with organisations across the UK (and further afield) - helping them to prepare for this major legislative change. But it doesn't stop there... the ePrivacy Regulations are due at the same time...

We've collected together all of our blogs, guides and case studies, to give you a bit more information. If you'd like to speak to someone about this then you can contact us here.  To keep up to date with all the news, you can sign up for our newsletter by clicking here

 

Latest News

GDPR - one year on

With now over 1 year since the GDPR came into force and with the benefit of insight into early enforcement, it is a good time for organisations to carry out a review of their compliance with the new regulation. The big question which many have been asking is...

EU copyright directive passes with questions remaining over upload filters

On 15th April, 2019, the Directive on Copyright in the Digital Single Market was approved by all EU legislative bodies. This aims to “modern[ise] EU copyright rules for European culture to flourish and circulate”. Member states are required to...

European Commission takes action against online retailers

The European Commission has fined four consumer electronics manufacturers €110 million for forcing online retailers to adhere to fixed or minimum resale prices. Asus, Denon & Marantz, Philips and Pioneer have all been fined following a warning from...

2019 Cyber Security Breaches Survey

The Cyber Security Breaches Survey is a quantitative and qualitative survey by the DCMS of UK businesses and charities. It is designed to help organisations to understand the nature and significance of the cyber security threats they face, and what...

Cybersecurity - industry insights from the FCA

The Financial Conduct Authority has just published an Industry Insights document on cyber security . Whilst not containing any formal guidance or rules, the Insights highlight the risks of cyber attacks to FCA regulated firms and confirms industry best...

Shorter sales cycles for GDPR compliant organisations

Cisco has just published a report stating that GDPR compliant companies experience shorter delays in their sales cycle, as it relates to customer data and fewer data breaches. Cisco’s Director of Privacy, Robert Waitman explained this trend, in...

GDPR breach leads to transatlantic enforcement action and more to come

When GDPR first came into force firms around the world stated that ‘time would tell’ in terms of enforcement and how it would work in practice. Starting in October 2018 the message has been clear - the ICO intends to come down hard on those...

Adequacy ruling from EU in relation to Japan

The European Commission announced that it has adopted an ‘adequacy decision ’ concerning Japan in relation to private sector organisations. This simplifies the process for transferring personal data between the EU and Japan. The GDPR applies...

PART 4: GDPR : where we are now

Having reviewed the changing role of the processor and controller, post GDPR, we look at some of the other changes and challenges, since May 2018.   Panic over? Remember the GDPR-related emails that kept pinging up in your inbox throughout May 2018...

PART 3: GDPR : where we are now

In the previous articles we examined the changing landscape of processors and controllers under GDPR and then some of the challenges facing processors, post GDPR. We continue our examination of why the introduction of the GDPR has encouraged service...

PART 2: GDPR : where we are now

In the last article we examined the changing landscape of processors and controllers under GDPR. We continue our examination of why the introduction of the GDPR has encouraged service providers to re-brand themselves as controllers.   Processing...

PART 1: GDPR: where we are now

On 25 May 2018 the EU General Data Protection Regulations (GDPR) came into force, reshaping the way personal data is handled across every sector, and impacting boardrooms and consumers alike. A few months on, with GDPR now bedded in, some surprising...

Rehearsing for cyber attacks - what does Tesco's fine teach us?

In November 2016 cyber attackers in Brazil used the authentic debit card details of some Tesco Personal Finance PLC customers to perform thousands of transactions in a 48 hour period. Now, in a Final Notice of 1st October 2018, the FCA has fined Tesco...

GDPR - waiting for the flood

When the GDPR entered into force in May 2018 it was expected to unleash a torrent of group litigation as individuals became more aware of  their greater rights as ‘data subjects’ against organisations that process their personal data,...

Facebook could be liable for millions in compensation following ICO report

The announcement by the Information Commissioner’s Office (ICO) that it has fined Facebook the maximum penalty of £500,000 under the Data Protection Act 1998 (DPA) for breaching the DPA by enabling an app to harvest personal data from 87 million...

Surprise Court of Appeal judgment leaves Morrisons vicariously liable for huge data breach

The increase of large-scale civil litigation is one undeniable consequence of the recent changes in data protection law. One of the most significant recent actions has followed the data breach by Morrisons supermarket, where a disgruntled former employee...

GDPR new password and encryption guidance published

The Information Commissioner’s Office (ICO) has published guidance about passwords and encryption under GDPR. Where passwords are concerned, the guidance gives comprehensive advice on deciding whether password protection is the best option and, if...

ICO brings criminal prosecution for data misuse

In the first case of its kind, the Information Commissioner’s Office (ICO) has successfully prosecuted a man, Mustafa Kasim, under the Computer Misuse Act 1990 (CMA 1990). Mr Kasim, a motor repair technician, has been jailed for six months. He used a...

UK ICO issues warning to Washington Post over cookie consent practices

In a recent report in The Register it was revealed that the Information Commissioner’s Office (ICO) has warned The Washington Post newspaper about infringing the EU General Data Protection Regulation (GDPR) through it’s cookie policy. The ...

No deal Brexit means no data adequacy decision

On 13th November 2018 the European Commission announced that making an adequacy decision in the UK’s favour (i.e. making an official ruling that the UK’s data protection laws were adequate for it to be permitted full rights to continue processing...

Fines escalate over unsolicited emails and data breaches

The Information Commissioner’s Office (ICO) has fined UK marketing firm Everything DM Ltd. £60,000 for sending well over a million marketing emails without sufficient consent. The emails were sent on behalf of clients and appeared to have come...

What about international data transfers if there is a no-deal Brexit?

The UK government’s Department for Digital, Culture, Media & Sport (DCMS) has published guidance on how our laws will work with EU law once Brexit is complete . The guidance does not cover sector-specific requirements such as law enforcement and...

Majority of UK firms not insured against security breaches and data loss

Current estimates are that annual losses to UK businesses from cybercrime exceed £29 billion. Yet research published in the recent Risk:Value report from NTT Security shows that, whilst 81% of the senior executives surveyed believed that adequate...

CYBERSECURITY SERIES: DATA ANONYMISATION

With the increasing concerns around the data held by organisations, questions around how the new GDPR legislation will be interpreted and the impact that this could have on both customer and supplier, many organisations are turning towards anonymisation...

CYBERSECURITY SERIES: INSURANCE

Organisations can typically take steps to “lay off” cyber risk by a combination of the following: Take preventative mitigation measures – pre-event mitigation Lay off risk to third parties under contract – for example, making...