The EU and US have announced an “agreement in principle” of a new Privacy Shield that will allow the simpler movement of personal data between entities based in the respective jurisdictions. Since...
New UK International Data Transfer Mechanism to be used from March 2022
The UK has finalised a new International Data Transfer Agreement to be used for transfers of personal data abroad. Simultaneously, an addendum to the EU Standard Contractual Clauses, currently used fo...
Supreme Court’s decision in £3billion data privacy case may come as a relief for data controllers
The Supreme Court has handed down their eagerly awaited decision in the £3billion case of Lloyd v Google. The court blocked the claim by Richard Lloyd, representing 4 million iPhone users, from proce...
Children’s Privacy – New Requirements for Business providing Online Services
A statutory Code of Practice, the Age Appropriate Design Code, (known as ‘The Children’s Code’) has come into effect in the UK and, post 2 September 2021, businesses must ensure they comply with...
UK Data Protection Changes to Affect Doing Business Abroad
The UK government has unveiled plans for a new global data transfer regime, suggesting deviations will occur from the current EU-aligned practices. UK Digital Secretary, Oliver Dowden, has stated that...
Obtain valid consent for direct marketing to avoid fines
American Express has been fined £90,000 by UK data protection regulator, the ICO, for unlawfully sending more than 4 million unsolicited direct marketing emails, without having first obtained valid c...
EU grants data adequacy decision in favour of UK (for now)…
With the temporary bridging period ending, the EU has finally ruled that UK data protection laws are ‘adequate’ for the purposes of transfers of personal data across borders. This will come as a h...
Key Documents your Company Needs to Demonstrate GDPR Compliance
Under the UK General Data Protection Regulation (GDPR) there are hefty fines for non-compliance, of up to 4% of global annual turnover or £17.5 million, whichever is the higher. Data protection is th...
What to do in the event of a personal data breach (hint: you have 72 hours to act, but don’t panic)
A breach of security which leads to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, constitutes a data breach, whether accidental or deliberate. The breach ...
Replacement Standard Contractual Clauses Adopted for Personal Data Transfers
The European Commission (‘EC’) has announced its adoption of a new version of Standard Contractual Clauses (‘SCCs’) for use between entities transferring personal data to countries outside of ...