In part one of our series "FemTech: how this growing industry can build trust, protect privacy and redress healthcare inequity… one app at a time", we take an introductory look at the industry, and offer some...more
3/11/2024
/ Data Privacy ,
Data Security ,
Data-Sharing ,
Health Care Providers ,
Information Commissioner's Office (ICO) ,
Mobile Health Apps ,
Personal Data ,
Personalized Medicine ,
PHI ,
Privacy Laws ,
Reproductive Healthcare Issues ,
UK
On 18 January 2023, the European Data Protection Board (the “EDPB”) announced the adoption of a report on the work undertaken by the Cookie Banner Task Force (the “Task Force”). The Task Force was formed in September 2021 for...more
2/9/2023
/ Consent ,
Cookie Banners ,
Cookies ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NGOs ,
Schrems I & Schrems II ,
UK
Though perhaps falling short of being a universally accepted one, it is a truth that any organisation processing personal data needs a privacy programme. But how best should an internal compliance framework be structured...more
Over the past few years there has been significant growth in the use of technology for monitoring workers, especially following the onset of the COVID-19 pandemic. Global demand (based on the number of internet searches...more
11/4/2022
/ CCTV ,
CNIL ,
Consultation ,
Data Protection Impact Assessments (DPIAs) ,
Electronic Communications ,
Employee Monitoring ,
Employee Privacy Rights ,
Employment Policies ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
UK
The Age Appropriate Design Code (“AADC”) - more commonly known as the Children’s Code - has been heralded as the world’s first code to protect children online. Compliance with the AADC became mandatory for in-scope businesses...more
In a joint letter this summer, the UK’s data protection regulator (the ICO) and the UK’s National Cyber Security Centre (the NCSC) sought to convey some key messages to the legal profession relevant to advising clients...more
8/22/2022
/ Australia ,
Client Services ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection Authority ,
ENISA ,
FBI ,
Information Commissioner's Office (ICO) ,
NCSC ,
Popular ,
Ransomware ,
Reporting Requirements ,
Risk Mitigation ,
UK ,
UK GDPR
On 28 January 2022 (Data Protection Day), the UK’s International Data Transfer Agreement (“IDTA”) and International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses (the “EU Addendum”) were...more
On 11 August, the UK Information Commissioner’s Office launched a consultation paper on “International transfers under UK GDPR”. The documents released alongside the paper include a draft International Data Transfer Agreement...more
8/16/2021
/ Consultation ,
Corporate Counsel ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK
The European Commission recently adopted new standard contractual clauses (SCCs) for transfers of personal data from the EU to “third countries” (the “new SCCs”). In this post, we highlight key developments in the UK’s data...more
7/9/2021
/ Data Controller ,
Data Processors ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Member State ,
Personal Data ,
Standard Contractual Clauses ,
UK ,
UK Brexit
This article explores the topic of appointed representatives under Article 27 of the GDPR. What are they? When do you need one? How is regulatory enforcement starting to play out in the EU and in the UK on this issue?...more
6/21/2021
/ Appointed Public Officials ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Enforcement Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Registered Representatives ,
Regulatory Requirements ,
UK
With the UK unambiguously out of the EU, this fourth and final installment of our Data & Brexit Digest explores the topic of appointed representatives under Article 27.
What is an Article 27 representative?
The...more
With the UK now unambiguously out of the EU, the EU General Data Protection Regulation (2016/679) (“EU GDPR”) has been replaced by the United Kingdom General Data Protection Regulation (“UK GDPR”). In this third instalment of...more
1/28/2021
/ Commercial Contracts ,
Contract Drafting ,
Data Breach ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Notice Requirements ,
Privacy Policy ,
Regulatory Requirements ,
UK ,
UK Brexit ,
UK GDPR
In spite of the holiday period, few will have missed the fact that the UK and the EU concluded a Trade and Cooperation Agreement on 24 December 2020. The Agreement provides a framework under which trade will take place...more
12/30/2020
/ EU ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Member State ,
Personal Data ,
Trade Agreements ,
Transitional Arrangements ,
UK ,
UK Brexit ,
Withdrawal Agreement
Recent M&A deals the teams have worked on involving insolvent corporates have highlighted the challenges which exist around the transfer of customer lists and databases, which are often a significant asset for the...more
11/16/2020
/ Change in Control ,
Data Controller ,
Data Transfers ,
Direct Marketing ,
Electronic Communications ,
Email ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Insolvency ,
International Data Transfers ,
Marketing ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Reorganizations ,
Sale of Assets ,
Text Messages ,
UK
From the ICO’s standpoint, the steps you elect to take post-breach and the speed with which you implement them are key. Demonstrating readiness to learn lessons from a breach incident by making investments in post-breach...more
In this part of our briefing series, we look at how individual reactions to a data breach can shift the dial from a regulator’s perspective. Recent decisions have shown that the ICO will look behind a company’s public...more
When the regulator has decided to investigate your organisation following a data breach, the remit for the investigation will be wide-ranging and go beyond the narrow circumstances of the breach. Recent decisions shed useful...more
Key to recent ICO decisions has been the ICO’s assessment of the extent and quality of communications with affected individuals and the regulator itself. It is clear the ICO sees certain behaviours (such as the setting up of...more
In this part of our briefing series, we cover how prior regulatory enforcement action affects the assessment of sanctions and some pitfalls associated with undertaking internal security audits.
Who is this relevant for?...more
3/20/2020
/ Corporate Fines ,
Corporate Liability ,
Cybersecurity ,
Data Protection Authority ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internal Audit Functions ,
PCI-DSS Standard ,
Security and Privacy Controls ,
Security Audits ,
UK ,
UK Brexit
What insights into cyber security norms can organisations glean from the UK ICO’s recent enforcement decisions, most of which have been released since the GDPR came into force?
Final fines are still awaited on the UK’s...more
We are now over a year on from the major changes made to the European data protection regime by the GDPR so it is time to revisit what the changes mean now for the hospitality sector and investment in it, given increased...more
11/6/2019
/ Amended Regulation ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processing Rules ,
Data Processors ,
e-Privacy Directive ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Hospitality Industry ,
Hotels ,
Information Commissioner's Office (ICO) ,
Member State ,
Popular ,
Regulatory Standards ,
Risk Management ,
Technology ,
UK
The interaction between the General Data Protection Regulation (2016/679) (“GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) (“PECR”) has been vexing for some time now.
As a...more
Ready for the Inevitable?
Barely a day goes by without a data breach hitting the headlines. It is becoming a fact of life for any firm holding data that, from time to time, some of that data might be lost, stolen,...more
5/14/2019
/ Cyber Incident Reporting ,
Data Breach ,
Data Protection ,
Data Protection Officers (DPOs) ,
Financial Conduct Authority (FCA) ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Information Commissioner's Office (ICO) ,
Insurance Claims ,
Notice Requirements ,
Prudential Regulation Authority (PRA) ,
Risk Management ,
UK
On 17 December 2018, new Regulations came into force meaning that company directors and other corporate officers may be personally fined up to £500,000 for their company’s nuisance calls and similar serious breaches of the...more
4/1/2019
/ Data Protection ,
Direct Marketing ,
Electronic Communications ,
EU ,
EU Directive ,
Information Commissioner's Office (ICO) ,
Marketing ,
New Regulations ,
Personal Liability ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
UK