Blog
Civil Fraud Quarterly Round-Up: Q4 2025
Mary Young
27 November 2018
GDPR and Brexit: the draft withdrawal agreement and data transfers from the EU
International transfers of personal data are instantaneous and constant. Everyday business functions such as uploading data files to the cloud or sending emails potentially involve transferring personal data across international borders. This is particularly relevant in today’s global economy where business functions are often outsourced overseas for operational and cost efficiencies.
15 November 2018
ICO secures first prosecution under Computer Misuse Act
In a move which demonstrates that it has real teeth as a criminal prosecutor, the Information Commissioners’ Office has secured its first prosecution under the Computer Misuse Act 1990.
6 August 2018
Data Protection Act 2018 and law enforcement: an introduction
Two months ago, the introduction of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”) significantly changed our data protection landscape (see our related blogs). Reference to “GDPR” became a daily occurrence in shops and offices, and received daily attention on social media and in the press.
27 July 2018
Data breach reporting – the only way is up
The Information Commissioner’s recently published Annual Report for 2017/18 reveals a substantial – 29% - increase in the number of self- reported data breaches. In light of the fact that the GDPR introduced new mandatory reporting of serious breaches, it is to be anticipated that the 2018/19 Annual Report will show an even greater increase.
24 July 2018
Joint data controllers – yet more data protection uncertainty
In two recent decisions the CJEU has adopted a maximalist, and probably to many people a counter-intuitive, approach to the issue of the identification of joint data controllers – the effect the decisions is that a body can be a joint data controller of personal data even through it has no access to, and no right of access to, the personal data in question. Both cases were decided under pre-GDPR law, but changes introduced by the GDPR mean that they are likely to have a significant impact.