Data Protection Blog

2 November 2018

Disclosure of Suspicious Activity Reports may not amount to Tipping-off, says High Court

The High Court has held that suspicious activity reports may amount to “personal data” for the purposes of the Data Protection Act 1998 (“DPA 1998”) and are potentially disclosable following a subject access request.

Mellissa Curzon-Berners

6 August 2018

Data Protection Act 2018 and law enforcement: an introduction

Two months ago, the introduction of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”) significantly changed our data protection landscape (see our related blogs). Reference to “GDPR” became a daily occurrence in shops and offices, and received daily attention on social media and in the press.

Ed Smyth

6 August 2018

The Data Protection Act 2018: new criminal offences for data breaches

The Data Protection Act 2018 (“the Act”) repeals and replaces the UK’s existing data protection laws to keep them up to date for the digital age to ensure that United Kingdom “retains its world-class regime protecting personal data”.

Ed Smyth

27 July 2018

Data breach reporting – the only way is up

The Information Commissioner’s recently published Annual Report for 2017/18 reveals a substantial – 29% - increase in the number of self- reported data breaches. In light of the fact that the GDPR introduced new mandatory reporting of serious breaches, it is to be anticipated that the 2018/19 Annual Report will show an even greater increase.

Adam Chapman

24 July 2018

Joint data controllers – yet more data protection uncertainty

In two recent decisions the CJEU has adopted a maximalist, and probably to many people a counter-intuitive, approach to the issue of the identification of joint data controllers – the effect the decisions is that a body can be a joint data controller of personal data even through it has no access to, and no right of access to, the personal data in question. Both cases were decided under pre-GDPR law, but changes introduced by the GDPR mean that they are likely to have a significant impact.

Adam Chapman

Skip to content Home About Us Insights Services Contact Accessibility