With many employees starting to return to the office, employers must consider how to manage this effectively and in accordance with the law. The Information Commissioner’s Office (ICO) has published...
Obtain valid consent for direct marketing to avoid fines
American Express has been fined £90,000 by UK data protection regulator, the ICO, for unlawfully sending more than 4 million unsolicited direct marketing emails, without having first obtained valid c...
EU grants data adequacy decision in favour of UK (for now)…
With the temporary bridging period ending, the EU has finally ruled that UK data protection laws are ‘adequate’ for the purposes of transfers of personal data across borders. This will come as a h...
Key Documents your Company Needs to Demonstrate GDPR Compliance
Under the UK General Data Protection Regulation (GDPR) there are hefty fines for non-compliance, of up to 4% of global annual turnover or £17.5 million, whichever is the higher. Data protection is th...
What to do in the event of a personal data breach (hint: you have 72 hours to act, but don’t panic)
A breach of security which leads to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, constitutes a data breach, whether accidental or deliberate. The breach ...
Replacement Standard Contractual Clauses Adopted for Personal Data Transfers
The European Commission (‘EC’) has announced its adoption of a new version of Standard Contractual Clauses (‘SCCs’) for use between entities transferring personal data to countries outside of ...
Check whether you need to appoint a Data Protection Representative post-Brexit and avoid fines
Earlier this month, a company based outside of the EU, Locatefamily.com, was fined €525,000 for failing to appoint a Data Protection Representative (DPR). This highlights the importance of not overl...
One step closer to personal data flowing freely between the EU and UK
The UK is eagerly awaiting an ‘adequacy decision’ by the EU Commission (EC) to confirm that UK laws provide an adequate level of protection of personal data. If this is not granted, businesses wil...
Personal data implications of working from home during COVID (and beyond…)
Since the first national lockdown in the UK in March 2020, millions of people around the country have been working from home. Currently the government asks that we work from home unless it is impossib...
EU – UK Personal Data to keep on flowing freely post Brexit
On Friday 19 February 2021, the European Commission published a draft adequacy decision in favour of the UK. If adopted, this will allow the continued free flow of personal data from the EU to the UK....