In a remarkable decision, the UK ICO has issued British Airways ("BA") with a £20m fine, in connection with a data breach affecting more than 400,000 customers. This is a significant reduction from the £183m the ICO had...more
In a decision that will come as a relief to many businesses, the UK Supreme Court has unanimously held that companies should not be held vicariously liable for the actions of rogue employees who leak personal data....more
Following the outbreak of COVID-19 and its development into a global pandemic, organisations have been implementing exceptional measures to safeguard employees, customers and others against the health threat that is being...more
3/28/2020
/ Coronavirus/COVID-19 ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Personally Identifiable Information ,
Privacy Notice Rule ,
Public Health Emergency ,
Sick Employees ,
UK ,
UK Data Protection Act ,
Virus Testing
Q1/ Applicable legislation -
(a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation?
New legislation has been passed.
Brexit Note: The GDPR will apply in...more
1/6/2020
/ Compliance ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Subjects Rights ,
Decedent Protection ,
Employee Privacy Rights ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Economic Area (EEA) ,
Exemptions ,
Fines ,
Freedom of Expression ,
Freedom of Information ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
International Harmonization ,
Joint Control ,
Minor Children ,
National Identification Numbers ,
Nonprofits ,
Penalties ,
Personally Identifiable Information ,
Prior Authorization ,
Prior Express Consent ,
Public Interest ,
Regulatory Standards ,
Sanctions ,
UK ,
UK Brexit
The Court of Justice of the EU ("CJEU") is currently hearing a challenge against the validity of two key mechanisms that businesses use to transfer personal data internationally. In a move that will come as a relief to...more
12/24/2019
/ Advocate General ,
Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personally Identifiable Information ,
Prohibited Transactions ,
Safe Harbors ,
Standard Contractual Clauses
The UK Information Commissioner's Office has announced its intention to issue a £183 million fine to British Airways, in respect of a personal data breach under the GDPR. The announcement has wide-ranging consequences for...more
7/10/2019
/ Administrative Proceedings ,
British Airways ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Fines ,
General Data Protection Regulation (GDPR) ,
Penalties ,
Personally Identifiable Information ,
Popular ,
UK ICO
As businesses continue to digitise their assets and operations, the need to continually assess IT infrastructure and the technical measures in place to safeguard key information assets and data becomes ever more important....more
5/3/2019
/ Artificial Intelligence ,
Compliance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Security ,
Digital Service Providers ,
Encryption ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Internal Data Controls ,
IT-Departments ,
NCSC ,
NIS Regulations ,
Operators of Essential Services ,
Passwords ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Mitigation ,
Sanctions ,
Security Audits ,
Security Risk Assessments ,
Software ,
UK ,
UK ICO