Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
Two new United Kingdom (“UK”) data transfer mechanisms, the International Data Transfer Agreement (“IDTA”) and the International Data Transfer Addendum (“UK Addendum”) to the European Union’s (“EU”) new standard contractual...more
The European Commission recently adopted new standard contractual clauses (SCCs) for transfers of personal data from the EU to “third countries” (the “new SCCs”). In this post, we highlight key developments in the UK’s data...more
FCA consults on updated mortgages tailored support guidance – Covid-19 On 5 March, the FCA published updated draft mortgages tailored support guidance for firms, to apply from 1 April at the expiration of the current...more
With the UK unambiguously out of the EU, this fourth and final installment of our Data & Brexit Digest explores the topic of appointed representatives under Article 27. What is an Article 27 representative? The...more
The UK has left the European Union (EU), the transition period is over, the UK and EU have agreed a new Trade and Cooperation Agreement (the TCA), so what now for data protection? We look at the key consequences of Brexit for...more
With the UK now unambiguously out of the EU, the EU General Data Protection Regulation (2016/679) (“EU GDPR”) has been replaced by the United Kingdom General Data Protection Regulation (“UK GDPR”). In this third instalment of...more
13 January 2021 – EU supervisory authorities response to UK cross-border transfers - Following the finalisation of the TCA, a number of supervisory authorities in the EU issued statements in response. In addition, on 13...more
After the political and constitutional upheaval of the last four years that has been Brexit, a trade deal - the EU-UK Trade and Cooperation Agreement - was finally reached between the United Kingdom (UK) and the European...more
Key Points The United States Securities and Exchange Commission (SEC) is able to make requests of U.K. firms (including U.K. branches of non-U.K. firms) to provide books and records and other documents of SEC regulated...more
The end of the Brexit transition period on 31 December 2020 means the UK now has full autonomy over its data protection policies. As of 1 January 2021 the UK is recognised as a ‘third country’ under EU General Data Protection...more
On December 31, 2020, the Brexit transition period ended and the United Kingdom’s (UK) domestic implementation of the GDPR, the UK Data Protection Act 2018, as amended (UK GDPR), now governs the processing of personal data in...more
In spite of the holiday period, few will have missed the fact that the UK and the EU concluded a Trade and Cooperation Agreement on 24 December 2020. The Agreement provides a framework under which trade will take place...more
With the end of the Brexit transition period rapidly approaching and the United Kingdom (UK) poised to become a “third country” after it leaves the European Union (EU), the UK and the EU have yet to reach any “deal” on how...more
Tell me more – ICO publishes detailed subject access guidance - The ICO has published detailed guidance for handling subject access requests. This is relevant to employers responding to subject access requests from...more
In this part of our briefing series, we look at how individual reactions to a data breach can shift the dial from a regulator’s perspective. Recent decisions have shown that the ICO will look behind a company’s public...more
In this part of our briefing series, we cover how prior regulatory enforcement action affects the assessment of sanctions and some pitfalls associated with undertaking internal security audits. Who is this relevant for?...more
What insights into cyber security norms can organisations glean from the UK ICO’s recent enforcement decisions, most of which have been released since the GDPR came into force? Final fines are still awaited on the UK’s...more
As the United Kingdom (UK) rapidly approaches a potential exit (BREXIT) from the European Union (EU), confusion abounds as to the applicability of the revolutionary data privacy rules of the EU’s General Data Protection...more
Our February 2020 update outlines key UK employment law developments from January. It includes cases on ethical veganism as a philosophical belief, equal pay and the difficulties in defending such claims, the impact of the...more
“Business as usual” for UK-EU data protection transition in 2020. On 29 January 2020, the EU Parliament approved the UK Withdrawal Agreement after the UK Parliament’s ratification via the EU Withdrawal Act 2020 on 23 January...more
The United Kingdom is no longer a member of the European Union and has entered into a transition period until December 31 2020, unless an extension of 1 or 2 years is agreed by July 1 2020 (the Brexit Long Stop Date). ...more
Some US companies who do business in the UK are wondering whether they need to update their GDPR notices or take other steps now that the UK has officially left the European Union. The answer is: Not yet. The threat of a...more
Now that Exit Day on 31st January is drawing close attention is focussing on what will happen during the transition period that will run from 31St January until the end of the year. ...more
BREXIT: DEAL OR NO-DEAL? DATA IS THE QUESTION - With the Brexit deadline looming ahead on 31 October 2019, the situation seemingly reaches new levels of uncertainty every day. Last week, the U.K. Supreme Court’s eleven...more
The Situation: The United Kingdom is due to leave the European Union ("EU") on 31 October 2019. Negotiations between member states of the EU excluding the United Kingdom ("EU27") and the United Kingdom are ongoing, but it is...more