Data Protection Blog

28 November 2017

The real impact of the GDPR… new notification obligations

To date, GDPR headlines have mainly focused on the threat of heavy fines. However, the Information Commissioner’s Office (the ‘ICO’) has made it clear that issuing fines has always been, and will continue to be under the GDPR, a last resort. Rather, the most immediate impact of the GDPR following a data breach is the new obligation under Article 29 to notify both the ICO and those individual data subjects affected by data breaches. These individuals are most likely to be the clients, customers, suppliers and other contacts upon which your organisation relies and, following any significant data breach, notification may lead to that breach becoming public. 

Josephine Burnett

21 November 2017

An introduction to Data Protection Officers under the GDPR: Should you appoint one?

There is currently no legal requirement for companies to appoint a dedicated officer responsible for data protection; the Information Commissioner’s Office merely encourages this as good practice.  However, this will change when the General Data Protection Regulation (“GDPR”) comes into force in May 2018 and introduces a requirement for certain organisations to appoint a Data Protection Officer (“DPO”).

Kirsty Churm

23 October 2017

The EU-US Privacy Shield – One Year On and Still Going Strong

The EU-US Privacy Shield was established by the EU Commission in August 2016 to replace the previous ‘Safe Harbour’ system, which was ruled unlawful by the European Court of Justice (to read the ECJ’s decision, see here).

Josephine Burnett

6 September 2017

Data Protection – can employers still monitor employees’ communications in light of Barbulescu v Romania?

Can employers still monitor employees’ communications in light of Barbulescu v Romania? Don’t panic, they can. But, the decision in Barbulescu v Romania from the appeal chamber of the European Court of Human Rights (ECtHR) shows that, in future, they must apply their mind in a much more rigorous way to how they go about it.

30 August 2017

Block chain: Is the GDPR out of date already?

The General Data Protection Regulation (“GDPR”) amounts to a significant overhaul of existing data protection regulation and is designed to be ‘technology neutral’. However, how the GDPR will cope with emerging block chain technology and a move towards the decentralisation of data storage remains to be seen. 

Skip to content Home About Us Insights Services Contact Accessibility