GDPR and ePrivacy

GDPR stands for the General Data Protection Regulation and it comes into force on 25th May 2018. Quite simply, it’s a new, updated data protection law enabling consumers to take back control of who uses their personal information and when. For those with businesses you’ll need to make sure your data is managed correctly and comply else you face heavy penalties.

Here at Clayden Law this is a key area of expertise and we're working with organisations across the UK (and further afield) - helping them to prepare for this major legislative change. But it doesn't stop there... the ePrivacy Regulations are due at the same time...

We've collected together all of our blogs, guides and case studies, to give you a bit more information. If you'd like to speak to someone about this then you can contact us here.  To keep up to date with all the news, you can sign up for our newsletter by clicking here

 

Latest News

Surprise Court of Appeal judgment leaves Morrisons vicariously liable for huge data breach

The increase of large-scale civil litigation is one undeniable consequence of the recent changes in data protection law. One of the most significant recent actions has followed the data breach by Morrisons supermarket, where a disgruntled former employee...

GDPR new password and encryption guidance published

The Information Commissioner’s Office (ICO) has published guidance about passwords and encryption under GDPR. Where passwords are concerned, the guidance gives comprehensive advice on deciding whether password protection is the best option and, if...

ICO brings criminal prosecution for data misuse

In the first case of its kind, the Information Commissioner’s Office (ICO) has successfully prosecuted a man, Mustafa Kasim, under the Computer Misuse Act 1990 (CMA 1990). Mr Kasim, a motor repair technician, has been jailed for six months. He used a...

UK ICO issues warning to Washington Post over cookie consent practices

In a recent report in The Register it was revealed that the Information Commissioner’s Office (ICO) has warned The Washington Post newspaper about infringing the EU General Data Protection Regulation (GDPR) through it’s cookie policy. The ...

No deal Brexit means no data adequacy decision

On 13th November 2018 the European Commission announced that making an adequacy decision in the UK’s favour (i.e. making an official ruling that the UK’s data protection laws were adequate for it to be permitted full rights to continue processing...

Fines escalate over unsolicited emails and data breaches

The Information Commissioner’s Office (ICO) has fined UK marketing firm Everything DM Ltd. £60,000 for sending well over a million marketing emails without sufficient consent. The emails were sent on behalf of clients and appeared to have come...

What about international data transfers if there is a no-deal Brexit?

The UK government’s Department for Digital, Culture, Media & Sport (DCMS) has published guidance on how our laws will work with EU law once Brexit is complete . The guidance does not cover sector-specific requirements such as law enforcement and...

Majority of UK firms not insured against security breaches and data loss

Current estimates are that annual losses to UK businesses from cybercrime exceed £29 billion. Yet research published in the recent Risk:Value report from NTT Security shows that, whilst 81% of the senior executives surveyed believed that adequate...

CYBERSECURITY SERIES: DATA ANONYMISATION

With the increasing concerns around the data held by organisations, questions around how the new GDPR legislation will be interpreted and the impact that this could have on both customer and supplier, many organisations are turning towards anonymisation...

CYBERSECURITY SERIES: INSURANCE

Organisations can typically take steps to “lay off” cyber risk by a combination of the following: Take preventative mitigation measures – pre-event mitigation Lay off risk to third parties under contract – for example, making...

CYBERSECURITY SERIES: RECEIVING A BREACH NOTIFICATION FROM A SUPPLIER - COMMUNICATING WITH CUSTOMERS

Even if you determine that you don’t have to tell your customers about a data breach, you may still wish to do so for practical/relational/reputational reasons. Under the various laws mentioned above, regulators can in some circumstances compel...

CYBERSECURITY SERIES: RECEIVING A BREACH NOTIFICATION FROM A SUPPLIER - COMPLYING WITH NOTIFICATION OBLIGATIONS

So you’ve received a breach notification from a supplier and have limited information about what’s happened,. You have limited time to determine whether you need to notify regulators / affected organisations and individuals and make those...

Cybersecurity Series: Receiving a breach notification from a supplier - Obtaining information

Having a cyber breach is most organisations’ worst nightmare. It’s considered the number 1 risk in the US, with UK businesses typically listing it in their top two. What’s becoming more apparent is the level of control our suppliers...

Data security breach at Butlin's

Butlin’s has admitted to a data breach that has resulted in the possibility of some 34,000 booking reference numbers, guest names, holiday dates, postal addresses, email addresses and telephone numbers having been accessed inappropriately. Managing...

Updating the ICO's Code of Practice on Data Sharing

The 2011 Information Commissioner’s Office Code of Practice on Data Sharing is to be updated following the introduction in 2018 of the new GDPR rules. As part of the initial process the Information Commissioner wishes to hear opinion from trade...

Privacy shield under pressure

Privacy Shield, the mechanism governing trans-Atlantic data flow essential to many companies, is being challenged by EU lawyers who have backed MEP’s calls for its suspension. The Council of Bars and Law Societies of Europe (CCBE), which represents...

What GDPR requires following a data breach?

The GDPR has introduced a mandatory breach notification procedure for organisations that suffer certain security breaches that leads to the accidental or unlawful destruction (or loss or disclosure) of personal data. Here are the headline facts. One of...

GDPR - is everyone struggling with breach notification?

The GDPR has introduced a mandatory breach notification procedure for organisations that suffer certain security breaches that leads to the accidental or unlawful destruction (or loss or disclosure) of personal data. We discussed the headline facts in a...

GDPR - video guides

Working in partnership with e-learning specialists, Me Learning , experts from Clayden Law have developed a suite of 11 modules on GDPR and Data Privacy, spanning more than five hours of training.  The course is broken down into key topics,...

GDPR for the marketer

Online training expert, Me Learning , working with leading data privacy legal team at Clayden Law and in collaboration with The Chartered Institute of Marketing (CIM) , has today launched ‘GDPR for the Marketer’ – a must for anyone...

Does GDPR work for Blockchain and Distributed Ledger Technologies?

The business world has talked of little else but GDPR over the last few months. In the technology sector, however - and in particular those involved in blockchain technology -  some legal commentators believe there are “irreconcilable”...

Company Directors could be held personally liable and fined for PECR breaches

In all of the GDPR talk over the last month you can be forgiven for forgetting that the Privacy and Electronic Communication Regulations 2003 (PECR) also require consideration. As we explained in an earlier article , there are two pieces of legislation...

Webinar - GDPR - How the changes affect CRM and how to prepare your workforce

In this recorded webinar Nick Richards ( Me Learning ) and Piers Clayden (Clayden Law) cover the changes affecting CRM, as a result of the GDPR, and the ways in which you need to prepare your workforce. ...

Webinar - GDPR - The impact on the Education sector and how to prepare your workforce

In this recorded webinar from 6th December 2017, Nick Richards ( Me Learning ) and Piers Clayden (Clayden Law) cover the following: Background of GDPR The changes and who is going to be affected How GDPR will impact the Education sector Why e-learning...

Webinar - GDPR - The impact on Small Businesses and how to prepare your workforce

In this recorded webinar from 28th September 2017, Nick Richards ( Me Learning ) and Piers Clayden (Clayden Law) cover the following: Background of GDPR The changes and who is going to be affected How GDPR will impact Small Businesses Why e-learning is...