Data protection

Key data protection challenges for 2021

Data globalisation after Schrems II Browsing the web. Using apps. Communicating electronically. Shopping online. Working from home. Life as we know it relies on data flowing across geographical borders throughout the world. However, international data transfers have never been more scrutinised. Following the ruling by the Court of Justice of the European Union (CJEU) in […]

Read More

Information Rights: A Practitioner’s Guide to Data Protection, Freedom of Information and other Information Rights

Retaining the position it has held since first publication, the fifth edition of this leading practitioner text on information law has been thoroughly re-worked to provide comprehensive coverage of the Data Protection Act 2018 and the GDPR. Information Rights has been cited by the Supreme Court, Court of Appeal and others, and is used by […]

Read More

Max Schrems: the return

In the wake of growing data protection concerns around the turn of the century, a framework dubbed “Safe Harbor” was agreed between the EU and the US in 2000, which essentially permitted transatlantic free-flow of personal data. Towards the end of 2015, as a result of one of several legal challenges brought by prolific Austrian […]

Read More

First GDPR level fines in the UK

One of the key changes brought about by the General Data Protection Regulation (GDPR), which came into force on 25 May 2018, was a substantial increase in the maximum fines available for data protection breaches, to the higher of €20 million or 4% of global annual turnover. Any breaches which occurred prior to this date […]

Read More

GDPR – the dust is settling

The panic has receded. The frantic drafting has slowed down. The GDPR – widely regarded as the most ambitious data protection legal framework ever created – is in place and life goes on. As the dust left by the dramatic coming into effect of the GDPR settles, we are beginning to see what the GDPR […]

Read More

Re-consenting to marketing under GDPR?

One of the questions we’ve most commonly been asked in recent months is “does the GDPR mean we have to get fresh consents from our entire marketing database?” In many (indeed, perhaps most) cases, the answer is “no” – though the explanation for this is not all that straightforward, and so the confusion here is easy to understand.

Read More

Thinking strategically about Brexit and data protection

To date, the main legacy of the Brexit referendum of 2016 appears to be a country split in half: some badly wish the UK would continue to be a member of the EU and some are equally keen on making a move. Yet, there seems to be at least one thing on which Remainers and […]

Read More

A GDPR impact assessment for websites

GDPR by Descrier

The General Data Protection Regulation (GDPR) comes into effect in 25 May 2018. It replaces the Data Protection Directive (implemented in the UK as the Data Protection Act 1998). This document addresses GDPR with the narrow focus of websites. For a broader discussion on the impact of GDPR on law firms, you might like to start with this article from the Law Society.

Read More

GDPR – beyond the panic

“So, have I missed the boat to get ready for the GDPR?” “Will I get fined for not being fully up to speed?” “What is the worst thing that can happen if I am not complying by May 2018?” These are some of the most frequently asked questions currently accompanying the efforts (or lack of […]

Read More

Privacy in 2017

After all of the 2016 drama, the start of a brand new year is a welcome development in itself – a clean sheet for a script yet to be written. However, 2017 will not be without challenges and the same applies to the world of privacy and data protection. Many of the big issues that […]

Read More

Confidently confidential


This article considers two recent developments relating to data protection and trade secrets: two sides of the same coin perhaps.

Read More

Introducing the GDPR


Towards the end of 2015, the EU institutions reached agreement on a new General Data Protection Regulation (GDPR) which will replace the 1995 Data Protection Directive, seeking to implement a stricter and more harmonised data privacy regime. The new GDPR, which was published in the Official Journal of the European Union on 4 May 2016 and is expected to come into force on 25 May 2018, is considered to be one of the most comprehensive overhauls of EU privacy legislation.

Read More