GDPR stands for the General Data Protection Regulation and it comes into force on 25th May 2018. Quite simply, it’s a new, updated data protection law enabling consumers to take back control of who uses their personal information and when. For those with businesses you’ll need to make sure your data is managed correctly and comply else you face heavy penalties.
Here at Clayden Law this is a key area of expertise and we're working with organisations across the UK (and further afield) - helping them to prepare for this major legislative change. But it doesn't stop there... the ePrivacy Regulations are due at the same time...
We've collected together all of our blogs, guides and case studies, to give you a bit more information. If you'd like to speak to someone about this then you can contact us here. To keep up to date with all the news, you can sign up for our newsletter by clicking here.
Latest News
The data protection landscape has greatly changed over recent years, and in the last few months the rules surrounding international data transfers have been no exception. Following the departure of the UK from the EU, the issue of international data...
We recently wrote about the role of the representative within the context of EU GDPR legislation, now the UK is no longer part of the EU . To recap... As things stand the EU GDPR has been incorporated into UK data protection law. This means that...
In the wake of Brexit the UK has needed to establish a new arrangement with the European Union on the security and handling of personal data transferred from within the European Economic Area (EEA) to the UK. The European Union’s data protection...
Organisations in the UK and EU have been weathering a sea of changing legislation and uncertainty since the decision to leave the EU. In the case of data protection matters much remains undecided. As things stand the EU GDPR has been incorporated...
Two companies have been fined £330,000 by the Information Commissioner’s Office for sending nuisance text messages during the COVID-19 pandemic. West Sussex-based Leads Works Limited was fined £250,000 for sending over...
Plenty of businesses have been worrying about what will happen with regards to data flows, now we’ve left the EU. Under the EU’s GDPR certain circumstances need to be in place if personal data is to be transferred outside of the EEA. This is...
The European Data Protection Board has published its recommendations for supplementary measures required for international transfers of personal data. These include standard contractual clauses and recommendations on surveillance measures. As a...
On 13th November 2020 Ticketmaster was fined £1.25 million by the UK Information Commissioner’s Office for failing to keep its customers’ personal data secure. The ICO found that Ticketmaster had breached the requirements of Articles...
The European Commission has adopted draft standard contractual clauses to be used between controllers and processors in the EEA . These standard contractual clauses are designed to help organisations that rely on third-parties in the EEA to...
On 10th December 2020 the French Data Protection Authority (CNIL) announced that it was fining Google LLC €60 million, Google Ireland Limited €40 million and Amazon Europe Core €35 million. They found that, under the French cookie rules...
Back in July we wrote about the EU Court of Justice’s decision that one of the main methods for compliantly transferring personal data outside of the EEA to the US, commonly known as the “Privacy Shield” was no longer valid (due to the...
On 16th October 2020 the UK Information Commissioner’s Office announced that British Airways was to pay £20,000,000 for GDPR violations. This was a significant decrease (90%) of the originally proposed fine of £183,390,000 announced in...
While it can feel that the GDPR is now sufficiently embedded in the way we all work, those working with data will know that the terms within it continue to sometimes less than clear cut. On 7th September 2020 the European Data Protection Board published some...
Last Thursday, the EU’s Court of Justice, declared that one of the main methods for compliantly transferring personal data outside of the EEA to the US, commonly known as the “Privacy Shield” was no longer valid (due to the lack of...
Here is a round-up of recent activity from data protection bodies, governments and other organisations in the EU and UK in relation to data protection issues in the COVID-19 pandemic. ICO statement on its regulatory approach during the pandemic The ICO...
If, like us, staff in your business are working from home for the foreseeable future, your business is probably too busy dealing with immediate financial and resourcing concerns to be thinking much about data protection compliance right now. Unfortunately,...
Data protection compliance is probably the last thing on most people’s minds right now as businesses struggle to adapt to the financial and resourcing challenges brought by Covid-19. At the same time, most of us are probably processing more...
Description: In the first 9 months of 2019 there were 5,183 breaches world-wide, with an astounding 7.9 billion data records exposed. This is a 33% increase on 2018! It is inevitable that you will experience a data breach in your...
A recent case concerning Google’s use of cookies has had important implications for the development of UK class actions in privacy cases. This case will be of particular importance to those whose work involves processing and retaining clients’...
This article continues to look at how UK businesses will be affected by changes in data protection law arising from a no-deal Brexit. How can we comply with both EU and UK data protection law post-Brexit? Complying with the dual legal regime...
This article looks at how UK businesses will be affected by changes in data protection law arising from a no-deal Brexit. UK becomes a ‘third country’ The headline point is that once we’re out without a deal, the UK becomes a...
The management of employee, job applicant and staff data, under the GDPR, is a complex subject. Back in July 2018 we wrote about the subject with employment law specialists mpmlegal , to provide guidance on the ways ‘consent isn’t...
The Ministry of Justice has announced changes, coming in on 1st October 2019, to the Civil Procedure Rules. These relate to the rights of data subjects to claim damages for breaches of data protection and privacy legislation. Rather than only applying...
Many people unfamiliar with the concepts of adtech, or programmatic advertising, will nevertheless experience it online firsthand daily. Adtech is a collective term. It refers to digital tools that deliver targeted advertising to consumers...
The Fundraising Regulator has issued 59 UK charities with regulatory notices, as well as reporting matters to the ICO and the Charity Commission. You can view a full list of the charities that have breached the Code of Fundraising Practice here . A...