Tag

Data Protection

Browsing

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

Managing risk and crisis in an information-driven digital worldData is a critical asset as businesses seek to stay afloat and remain competitive in today’s globally connected economy in light of COVID-19. The global pandemic and corresponding economic disruptions have increased the value of remote servicing and teleworking, and reinforced the focus on data and the macro trends associated with digitalization. Adopting these new technologies for both remote working and business continuity mechanisms give rise to…

On 15 April 2020 the ICO published a statement on its regulatory approach during the coronavirus pandemic. Recognising that operational and financial pressures caused by the coronavirus may impact organisations’ ability to fully comply with aspects of data protection laws, the ICO has stated it intends to apply an empathetic, “flexible and pragmatic” approach in its enforcement of data protection laws during the crisis, as well as any enforcement under the Freedom of Information Act…

The UK Supreme Court has today allowed two appeals which provide some welcome relief for UK employers in relation to the treatment of vicarious (secondary) liability under English law generally, but leave a sting in the tail when considering data breaches committed by employees: Morrisons v Various Claimants – a significant and long running employment and data protection case in which the lower courts had found Morrisons to be vicariously liable for a data breach…

On March 2, 2020, the Dutch Data Protection Authority (DDPA) published its notice of a monetary penalty notice, issued under the General Data Protection Regulation against the Dutch National Tennis Association. A fine in the amount of € 525,000 was imposed for the – allegedly – unauthorized sale of member data to the Association’s sponsors. This decision is relevant as it is the first monetary fine issued by the DDPA which relates to (direct) marketing…

In this edition of the Data Protection Download, Benjamin Slinn and Zelander Gray cover the latest UK and Europe-wide updates in data protection. Topics covered in this month’s update include: Brexit ICO’s new age appropriate design code European Data Protection Board guidelines on connected vehiclesEDPB Guidance on processing personal data through video devices Met Police use of live facial recognition EUR 27.8 million fine imposed by Italian SAAviva v Oliver: Breach of confidence Click here…

In this episode, your host Brian Hengesbaugh is joined by Benjamin Slinn, a senior associate in our London office, to discuss how data protection may look in a post-Brexit Europe. In this episode, you will learn about: What to expect during the transition period, which lasts until December 31, 2020Potential changes in international data transfers after the transition period expiresPractical steps from a data protection perspective that companies should consider taking to prepare for the end…

After January 31, 2020 the UK ceases to be a Member State of the European Union and, under the terms of the Withdrawal Agreement agreed between the UK and the EU-27, a transition period applies until December 31, 2020. From a data protection perspective, this has a number of implications. We have summarised the key points below, including what happens after the UK leaves the EU on January 31, the implications for international data transfers,…

Following our previous alerts, the Personal Data Protection Act, B.E. 2562 (2019) (“PDPA”) has been published in the Government Gazette on 27 May 2019. With very few exceptions, companies and organizations collecting, using, disclosing, and/or transferring personal data will have preparation time for a period of one year to become fully compliant with key provisions on personal data protection before the penalties kick in. The sub-regulations should be completely issued within the next two years.…

After numerous attempts over almost two decades (please see our series of client alerts below), the Thailand Personal Data Protection Act was finally approved and endorsed by the National Legislative Assembly on 28 February 2019 (PDPA). The PDPA will be submitted for royal endorsement and subsequent publication in the Government GazetteThis PDPA will change the landscape of personal data protection in Thailand. While the Thai Constitution upholds the right to privacy, Thailand did not have…