Category GDPR & Data Protection

Keep up to date with our blog articles, latest news and industry developments. See below for the latest posts or use the category listings to hone your search for stories of interest.

The Right to be Informed & Forgotten

A practical approach to GDPR compliance (written by Alex Matheson) This is the first blog in a series that reviews the new data rights with particular detail given on the right to be informed & the right to be forgotten. The spirit of the regulation As you probably know, the GDPR regulates the…

Data protection liability: Full compliance isn’t enough

The actions of rogue employees in data breaches may leave even GDPR-compliant businesses facing huge damages claims Wm Morrisons Supermarket PLC (Morrisons) has been found vicariously liable for the actions of a rogue employee in breach of data protection legislation, even though the company itself was held to be compliant.…

Guidelines on Profiling and Automated Individual Decision Making

Article 29 Working Party issues much anticipated guidance on automated decision making under the GDPR. The Article 29 Working Party (WP29) has published draft guidance on the activities of profiling and automated individual decision-making (Guidance) in light of the incoming General Data Protection Regulation (GDPR). The Guidance clarifies the differences…

Standard Contractual Clauses At Risk After Schrems II Decision

Following the upheaval caused by the invalidation of the Safe Harbour agreement by the Court of Justice of the European Union (CJEU) in the 2015 Schrems Case (Schrems I) (see our previous blog post here), the use of standard contractual clauses (SCCs) has become the favoured method of enabling personal…

Data Processing at Work

The Article 29 Working Party considers the impact of the GDPR and the changing face of technology as it refreshes its guidance for data processing in the workplace. In their latest Opinion 2/2017 (Opinion), the Article 29 Working Party (WP29)- tasked by the European Commission to provide independent advice on…

ICO clarifies registration and fee requirements under GDPR

Data controllers will continue to pay fees to ICO after GDPR comes into effect. Despite the GDPR abolishing the need for data controllers to register with supervisory authorities, the ICO has announced that the requirement to pay a registration fee will remain due to a provision in the UK’s Digital…