The Supreme Court of the United Kingdom has delivered its long-awaited decision in the case of Lloyd [2021] UKSC 50, rejecting an attempt to bring a representative claim for compensation for "loss of control" over personal...more
11/11/2021
/ Appeals ,
Class Action ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Personal Data ,
Rules of Civil Procedure ,
UK ,
UK Data Protection Act ,
UK GDPR ,
UK Supreme Court
In a remarkable decision, the UK ICO has issued British Airways ("BA") with a £20m fine, in connection with a data breach affecting more than 400,000 customers. This is a significant reduction from the £183m the ICO had...more
In a decision that will come as a relief to many businesses, the UK Supreme Court has unanimously held that companies should not be held vicariously liable for the actions of rogue employees who leak personal data....more
The UK Information Commissioner's Office has announced its intention to issue a £183 million fine to British Airways, in respect of a personal data breach under the GDPR. The announcement has wide-ranging consequences for...more
7/10/2019
/ Administrative Proceedings ,
British Airways ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Fines ,
General Data Protection Regulation (GDPR) ,
Penalties ,
Personally Identifiable Information ,
Popular ,
UK ICO
Why does this topic matter to organisations?
Whereas the remedies and sanctions available to DPAs under the Directive were comparatively low (generally subject to a maximum of less than €1 million per infringement, with...more
4/24/2019
/ Administrative Fines ,
Civil Liability ,
Criminal Sanctions ,
Damages ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Subjects Rights ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Policies and Procedures ,
Privacy Laws ,
Remedies ,
Risk Management ,
Sanctions ,
Statutory Violations
Why does this topic matter to organisations?
Under the GDPR, the concept of a "processor" has not changed. Any entity that was a processor under the Directive likely continues to be a processor under the GDPR. However,...more
4/18/2019
/ Compliance ,
Confidentiality Policies ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
DPA ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Reporting Requirements
Why does this topic matter to organisations?
Each time an organisation processes personal data, it will do so as either a controller or a processor. These roles bear different responsibilities. Therefore, it is critically...more
4/16/2019
/ Compliance ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection Officers (DPOs) ,
Data Security ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Liability ,
Notification Requirements ,
Personal Data ,
Personally Identifiable Information ,
Reporting Requirements
Why does this topic matter to organisations?
The defined terms set out in this Chapter are of critical importance to understanding how EU data protection law applies to an organisation. For example, the question of whether...more
4/3/2019
/ Consent ,
Data Breach ,
Data Controller ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information