Blog, News, and Views
News and articles on Data Protection Compliance, Competence Management Systems, Assessors and Internal Quality Assurer Development, Performance Management, Behavioural and Psychometric Profiling, General Intelligence Assessment, and more.
Information and guidance within these articles are provided in good faith and do not constitute legal advice.
Data Transfers from the EU to the UK; We’re Adequate… for now
Data Transfers from the EU to the UK; We’re Adequate… for nowUpdating our previous article regarding ‘EU to UK Personal Data Transfers Post the BREXIT Transition Period’, the European Commission finally issued their formal decision on 28 June 2021, to adopt two adequacy decisions for the UK[1]. One related to the Law Enforcement Directive and […]
EU to UK Personal Data Transfers Post the Brexit Transition Period (part 3)
EU to UK Personal Data Transfers Post the Brexit Transition Period In Gary Payne’s third article on the effect of the end of the Brexit transition period on personal data transfers between the European Economic Area (EEA), the European Union (EU), and the United Kingdom (UK), he looks in closer detail at the likely consequences […]
Personal Data Transfers to and from the EU after the Brexit Transition Period (Post Transition Update)
Personal Data Transfers to and from the EU after the Brexit Transition Period (Post Transition Update) Note: This article updates our article of 19 December 2020 ‘Personal Data Transfers to and from the EU Post Brexit’. Now that the United Kingdom (UK) has moved beyond the Brexit Transition Period, the European Union (EU) and the […]
Personal Data Transfers to and from the EU after the Brexit Transition Period
Personal Data Transfers to and from the EU Post Brexit Important, at the time of publishing this article (19 December 2020), the United Kingdom and European Union had not agreed any ‘trade deal’ for the end of the transition period, neither had the UK been deemed by the EU as a country on the Adequacy […]
Striking Down of EU-US Privacy Shield – What do organisations need to do to maintain data protection compliance?
STRIKING DOWN OF EU-US PRIVACY SHIELD – WHAT DO ORGANISATIONS NEED TO DO TO MAINTAIN DATA PROTECTION COMPLIANCE? Before you read this article, you may benefit from reading our article about the CJEU / ECJ’s landmark judgement (C-311/18, ECLI:EU:C:2020:559) striking down the EU-US Privacy Shield. This judgement affects the transfer of personal data of EU […]
European Court of Justice Landmark Judgement Strikes Down EU-US Privacy Shield
EUROPEAN COURT OF JUSTICE LANDMARK JUDGEMENT STRIKES DOWN EU-US PRIVACY SHIELD For the second time in nearly five years, the European Commission’s adequacy decision relating to the United States has been invalidated, the EU-US Privacy Shield has been struck down. On 16 July 2020 in the CJEU (Court of Justice of the European Union) / […]
COVID-19 – Requirements for maintaining Personal Data records in restaurants, pubs, bars, and takeaway services on Re-opening after Lockdown
COVID-19 – REQUIREMENTS FOR MAINTAINING PERSONAL DATA RECORDS IN RESTAURANTS, PUBS, BARS, AND TAKEAWAY SERVICES ON RE-OPENING AFTER LOCKDOWN On 23 March 2020, the UK government introduced restrictions on businesses and venues requiring many to close to assist in containing the COVID-19 virus. During May and June, the ‘lockdown’ has started to be eased and […]
A Warning to all Organisations – the outcome of the WM Morrisons Supermarkets Ltd Data Breach announced in the Supreme Court
A WARNING TO ALL ORGANISATIONS – THE OUTCOME OF THE WM MORRISONS SUPERMARKETS LTD DATA BREACH ANNOUNCED IN THE SUPREME COURT The judgement of the UK Supreme Court on the WM Morrison Supermarkets Ltd Data Breach case and subsequent claims by various claimants has been announced on Wednesday, 01 April 2020. On reviewing the judgement […]
Coronavirus: Working from Home and Compliance with the Protection of Personal Data
CORONAVIRUS: WORKING FROM HOME AND COMPLIANCE WITH THE PROTECTION OF PERSONAL DATA In our previous article ‘Coronavirus and Compliance with the Protection of Personal Data’, we focused on likely issues arising from recording additional health information (special category data) as a result of the Coronavirus (COVID-19) outbreak. In this, we respond to requests about the […]
Coronavirus: Compliance with the Protection of Personal Data
With the Coronavirus (COVID-19) both posing and being declared by the UK Government and World Health Organisation (WHO) as a ‘serious risk to public health’[1], it is likely that employers will be feeling the need to record additional information about their staff such as, travel, contacts with others, meetings attended and whom was present, any […]
GDPR: Personal Data Transfers to and from the EEA/EU Post-Brexit
GDPR: Personal Data Transfers to and from the EEA/EU Post-Brexit It is August 2019 and it finally looks like the UK will leave the European Union within a few months and until the UK has formally left the EU (Brexit), UK organisations who are data controllers and/or data processors remain subject to the EU General […]
What do you do when a government agency comes asking for access to personal data? EU GDPR / UK Data Protection 2018
WHAT DO YOU DO WHEN A GOVERNMENT AGENCY COMES ASKING FOR ACCESS TO PERSONAL DATA? EU GDPR / UK DATA PROTECTION 2018 A UK based company contacts us for guidance as the police have contacted them asking for access to the personal data of a customer. The company believes it is compliant with data protection […]
Is Anonymised Digital Personal Data Truly Anonymised?
IS ANONYMISED DIGITAL PERSONAL DATA TRULY ANONYMISED? Over the past few decades, the volume of digital data has grown significantly[1] and amongst that data is a high proportion of personal data[2] which makes useful and valuable information to organisations, public and commercial, and researchers. Anonymisation of data is not a new process and has historically […]
Consent or No Consent, that is the Lawful Processing Question.
We have recently had the misfortune of having to advise a number of clients that their websites may not or do not comply with the UK Data Protection Act 2018 (DPA 2018), the EU General Data Protection Regulation (GDPR) or the Privacy and Electronic Communication Regulations (PECR) 2003, as amended 2011 and 2018. Their websites have been delivered […]
GDPR Article 30 – Maintaining Record of Processing Activities
GDPR – We Employee Less than 250, we’re Exempt from Keeping Records of Data Processing Activities, right? This question pops up in discussion forums and from clients quite a bit and deserves a good examination of the new data protection laws, particularly Article 30 (5) of the General Data Protection Regulation (GDPR)[i], as there appears […]
Will Brexit Change the Application of GDPR in the UK?
When the UK formerly leave the EU (European Union) on 29th March 2019 will it mean yet another change to Data Protection legislation i.e., the GDPR (General Data Protection Regulation) element of the DPA 2018 (Data Protection Act) after all, it comes from EU Legislation, right? Well sort of. The GDPR is an EU Regulation […]
