On 14 January 2025, the Home Office opened a public consultation (the "Consultation") on proposals seeking to address the growing threat and impact of ransomware in the UK.
The UK Government details three specific proposals...more
2/5/2025
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Popular ,
Ransomware ,
Risk Management ,
UK
For most large companies, a frictionless flow of information and the ability to transfer customer data, employee files, financial records and other information around the world quickly and cost-effectively is a critical...more
3/22/2023
/ Biometric Information ,
Board of Directors ,
Corporate Governance ,
Corporate Officers ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Disclosure Requirements ,
Environmental Social & Governance (ESG) ,
EU ,
International Data Transfers ,
Personal Data ,
Popular ,
Risk Assessment ,
Risk Management ,
Technology ,
UK
The Advocate General of the Court of Justice of the EU has issued an Opinion stating that mere "upset" is not sufficient to give rise to a claim for compensation under Article 82 of the GDPR....more
In a remarkable decision, the UK ICO has issued British Airways ("BA") with a £20m fine, in connection with a data breach affecting more than 400,000 customers. This is a significant reduction from the £183m the ICO had...more
The Court of Justice of the EU has declared that the European Commission's adequacy decision in respect of the EU-U.S. Privacy Shield is invalid. The Court's ruling effectively removes a key mechanism that had been widely...more
7/19/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Standard Contractual Clauses
In a decision that will come as a relief to many businesses, the UK Supreme Court has unanimously held that companies should not be held vicariously liable for the actions of rogue employees who leak personal data....more
Following the outbreak of COVID-19 and its development into a global pandemic, organisations have been implementing exceptional measures to safeguard employees, customers and others against the health threat that is being...more
3/28/2020
/ Coronavirus/COVID-19 ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Personally Identifiable Information ,
Privacy Notice Rule ,
Public Health Emergency ,
Sick Employees ,
UK ,
UK Data Protection Act ,
Virus Testing
The White Paper on Artificial Intelligence (the "AI White Paper"), recently released by the European Commission, provides the clearest indication yet that the EU is seriously considering regulating the development and...more
The CCPA took effect on 1 January 2020, introducing significant compliance burdens for most businesses that collect personal information about California residents. The reach of the CCPA extends beyond California and the US;...more
2/1/2020
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Protection Laws ,
Consumer Rights Directive ,
Corporate Liability ,
Data Collection ,
Data Sellers ,
Data Subjects Rights ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Personal Data ,
Personal Information ,
Risk Assessment ,
UK ,
UK Data Protection Act
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed.
Brexit Note: The GDPR will apply in...more
1/6/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions ,
UK ,
UK Brexit
The Court of Justice of the EU ("CJEU") is currently hearing a challenge against the validity of two key mechanisms that businesses use to transfer personal data internationally. In a move that will come as a relief to...more
12/24/2019
/ Advocate General ,
Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personally Identifiable Information ,
Prohibited Transactions ,
Safe Harbors ,
Standard Contractual Clauses
On 2 December 2019, the UK Information Commissioner's Office ("ICO") together with The Alan Turing Institute published1 a three-part consultation (with draft guidance) on explaining decisions made with Artificial Intelligence...more
Organisations offering certain digital services in the United Kingdom (UK) and European Union (EU) should consider the impact of Brexit and their obligations under applicable cybersecurity law....more
10/23/2019
/ Cloud Service Providers (CSPs) ,
Digital Service Providers ,
Digital Services ,
EU ,
Information Technology ,
Member State ,
Network Security ,
NIS Directive ,
Online Marketplace ,
Search Engines ,
UK ,
UK Brexit ,
UK ICO
The UK Information Commissioner's Office announced more than £280 million of fines last week, in connection with data protection breaches. It singled out the perceived failure of buyers to conduct proper data protection due...more
7/17/2019
/ Acquisitions ,
Buyers ,
Data Protection ,
Data Protection Authority ,
Due Diligence ,
Enforcement Actions ,
Fines ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sellers ,
Successor Liability ,
UK ,
UK ICO
The UK Information Commissioner's Office has announced its intention to issue a £183 million fine to British Airways, in respect of a personal data breach under the GDPR. The announcement has wide-ranging consequences for...more
7/10/2019
/ Administrative Proceedings ,
British Airways ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Fines ,
General Data Protection Regulation (GDPR) ,
Penalties ,
Personally Identifiable Information ,
Popular ,
UK ICO
Cyber attacks are a national security concern in the UK. While individuals can be victims of such attacks, private sector institutions are often the direct targets. Cyber attacks can critically damage a commercial reputation...more
7/2/2019
/ Bank of England ,
Cooperation Agreement ,
Cross-Border Transactions ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Financial Conduct Authority (FCA) ,
Financial Regulatory Agencies ,
Financial Services Industry ,
Memorandum of Understanding ,
Monetary Authority of Singapore ,
Popular ,
Singapore ,
UK
As businesses continue to digitise their assets and operations, the need to continually assess IT infrastructure and the technical measures in place to safeguard key information assets and data becomes ever more important....more
5/3/2019
/ Artificial Intelligence ,
Compliance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Security ,
Digital Service Providers ,
Encryption ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Internal Data Controls ,
IT-Departments ,
NCSC ,
NIS Regulations ,
Operators of Essential Services ,
Passwords ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Mitigation ,
Sanctions ,
Security Audits ,
Security Risk Assessments ,
Software ,
UK ,
UK ICO
Financial firms play an integral role in preventing, identifying, investigating and reporting criminal activity, including terrorist financing, money laundering, and many other finance-related crimes. It is a critical role...more
2/2/2019
/ Anti-Money Laundering ,
Artificial Intelligence ,
Bank Secrecy Act ,
Banking Sector ,
Confidentiality Policies ,
Distributed Ledger Technology (DLT) ,
EU ,
Financial Institutions ,
FinCEN ,
General Data Protection Regulation (GDPR) ,
Information Sharing ,
Innovative Technology ,
Money Laundering ,
Patriot Act ,
Privacy Laws ,
Suspicious Activity Reports (SARs) ,
Technology Sector ,
Terrorist Financing
On 29 March 2019, the UK will formally leave the EU unless an extension, or a negotiated solution, is agreed between the UK and the European Commission. There is currently no agreement regarding the UK's status from a data...more
1/31/2019
/ BCRs ,
Compliance ,
Consent ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Contracts ,
No-Deal Brexit ,
Personal Data ,
UK ,
UK Brexit ,
UK ICO