15 June 2018
GDPR: The significance of the new principle of accountability
The GDPR has introduced a new accountability principle: the data controller “shall be responsible for, and be able to demonstrate compliance, with” each of the six principles of the GDPR. For a principle summarised in 10 words, there is a significant amount of work required by organisations to ensure accountability. And there may be significant consequences if this work is not undertaken.
20 February 2018
GDPR & Brexit: Data transfers from the EU and the UK’s new status as a “third country”
The GDPR is coming into force on 25 May 2018. The UK is leaving the EU at 11pm on 29 March 2019. No doubt these dates are engraved into the minds of most business owners. But while these deadlines are enough on their own to leave you with plenty to worry about, it is also important to consider the interplay between the two – that is to say, what will Brexit mean in terms of the GDPR?
13 February 2018
Getting Personal – Key Terms of a Personal Guarantee, What is it and When Should You Sign One?
A personal guarantee is an agreement by a third party individual (the “guarantor”) to satisfy the contractual obligations of another party, in the event that party fails to do so.
5 February 2018
Cryptocurrencies - tread carefully before trading
Bitcoin, Ehtereum, Litecoin... cryptocurrencies are all over the press. Most of us are now broadly aware that cryptocurrencies are digital currencies which use blockchain technology. But how many people actually understand how the underlying technology works, what it means to ‘invest’ in a cryptocurrency, and appreciate the risks behind them? For anyone thinking about investing in cryptocurrencies, set out below is a summary of the main concerns, which should hopefully encourage you to stop and think before jumping on the crypto band wagon.
24 January 2018
The £17 million Question - What will the ICO’s enforcement powers be under the GDPR, and how will they be used?
The General Data Protection Regulation (“GDPR”) coming into force in May 2018 empowers national supervisory authorities to issue fines of up to €20 million, or 4% of an organisation’s annual global turnover for certain data protection infringements. These figures have generated headlines and news stories around the globe, many of them misleading. The Information Commissioner, in her post of December last year, warned of ‘scaremongering because of misconceptions’. We seek to put the headline grabbing figures in context, by examining the range of administrative sanctions available to national supervisory authorities for dealing with infringements of GDPR and the criteria they will use when selecting them. In doing so we shed light on how organisations can prepare for, and react to, any data protection infringements to reduce the risk of a heavy fine.
