The Advocate General of the Court of Justice of the EU has issued an Opinion stating that mere "upset" is not sufficient to give rise to a claim for compensation under Article 82 of the GDPR....more
In a remarkable decision, the UK ICO has issued British Airways ("BA") with a £20m fine, in connection with a data breach affecting more than 400,000 customers. This is a significant reduction from the £183m the ICO had...more
The Court of Justice of the EU has declared that the European Commission's adequacy decision in respect of the EU-U.S. Privacy Shield is invalid. The Court's ruling effectively removes a key mechanism that had been widely...more
7/19/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Standard Contractual Clauses
Following the outbreak of COVID-19 and its development into a global pandemic, organisations have been implementing exceptional measures to safeguard employees, customers and others against the health threat that is being...more
3/28/2020
/ Coronavirus/COVID-19 ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Personally Identifiable Information ,
Privacy Notice Rule ,
Public Health Emergency ,
Sick Employees ,
UK ,
UK Data Protection Act ,
Virus Testing
The CCPA took effect on 1 January 2020, introducing significant compliance burdens for most businesses that collect personal information about California residents. The reach of the CCPA extends beyond California and the US;...more
2/1/2020
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Protection Laws ,
Consumer Rights Directive ,
Corporate Liability ,
Data Collection ,
Data Sellers ,
Data Subjects Rights ,
EU ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Personal Data ,
Personal Information ,
Risk Assessment ,
UK ,
UK Data Protection Act
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed.
Brexit Note: The GDPR will apply in...more
1/6/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions ,
UK ,
UK Brexit
The Court of Justice of the EU ("CJEU") is currently hearing a challenge against the validity of two key mechanisms that businesses use to transfer personal data internationally. In a move that will come as a relief to...more
12/24/2019
/ Advocate General ,
Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personally Identifiable Information ,
Prohibited Transactions ,
Safe Harbors ,
Standard Contractual Clauses
On 2 December 2019, the UK Information Commissioner's Office ("ICO") together with The Alan Turing Institute published1 a three-part consultation (with draft guidance) on explaining decisions made with Artificial Intelligence...more
The UK Information Commissioner's Office announced more than £280 million of fines last week, in connection with data protection breaches. It singled out the perceived failure of buyers to conduct proper data protection due...more
7/17/2019
/ Acquisitions ,
Buyers ,
Data Protection ,
Data Protection Authority ,
Due Diligence ,
Enforcement Actions ,
Fines ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sellers ,
Successor Liability ,
UK ,
UK ICO
The UK Information Commissioner's Office has announced its intention to issue a £183 million fine to British Airways, in respect of a personal data breach under the GDPR. The announcement has wide-ranging consequences for...more
7/10/2019
/ Administrative Proceedings ,
British Airways ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Fines ,
General Data Protection Regulation (GDPR) ,
Penalties ,
Personally Identifiable Information ,
Popular ,
UK ICO
As businesses continue to digitise their assets and operations, the need to continually assess IT infrastructure and the technical measures in place to safeguard key information assets and data becomes ever more important....more
5/3/2019
/ Artificial Intelligence ,
Compliance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Security ,
Digital Service Providers ,
Encryption ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Internal Data Controls ,
IT-Departments ,
NCSC ,
NIS Regulations ,
Operators of Essential Services ,
Passwords ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Mitigation ,
Sanctions ,
Security Audits ,
Security Risk Assessments ,
Software ,
UK ,
UK ICO
Financial firms play an integral role in preventing, identifying, investigating and reporting criminal activity, including terrorist financing, money laundering, and many other finance-related crimes. It is a critical role...more
2/2/2019
/ Anti-Money Laundering ,
Artificial Intelligence ,
Bank Secrecy Act ,
Banking Sector ,
Confidentiality Policies ,
Distributed Ledger Technology (DLT) ,
EU ,
Financial Institutions ,
FinCEN ,
General Data Protection Regulation (GDPR) ,
Information Sharing ,
Innovative Technology ,
Money Laundering ,
Patriot Act ,
Privacy Laws ,
Suspicious Activity Reports (SARs) ,
Technology Sector ,
Terrorist Financing
On 29 March 2019, the UK will formally leave the EU unless an extension, or a negotiated solution, is agreed between the UK and the European Commission. There is currently no agreement regarding the UK's status from a data...more
1/31/2019
/ BCRs ,
Compliance ,
Consent ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Model Contracts ,
No-Deal Brexit ,
Personal Data ,
UK ,
UK Brexit ,
UK ICO