Data protection and privacy

WP29 guidelines on personal data breach notification under GDPR

Anita Anand

The Article 29 Working Party this week published draft Guidelines on personal data breach notification under GDPR.  The relevant GDPR provisions are often misrepresented, and in many respects leave matters open to interpretation – a good or bad thing depending on the day.  Many are now asking what further clarity the draft guidelines bring for companies Read More

No Comments

A first look at the New UK Data Protection Bill

Praveeta Thayalan

The new UK Data Protection Bill (the Bill) was published on 14 September 2017 and, once enacted, will repeal the Data Protection Act 1998 (the DPA). The Bill preserves parts of the DPA and implements the standards of the General Data Protection Regulation (the GDPR) across the categories of data processing within the scope of Read More

No Comments

A deep dive into data processing at work: DPA advice on GDPR

LaurieAnne Ancenys

Laurie-Anne Ancenys of Allen & Overy looks at the recently adopted DPA guidance, which states that employers are unlikely to be able to rely on employee consent in the future. This article was first published in Privacy Laws & Business International Report, August 2017, www.privacylaws.com. You can read the full article here: A deep dive into data Read More

No Comments

Do we learn anything new from the UK Government’s Statement of Intent?

Charlotte Mullarkey

On 7 August the UK Government’s Department of Digital, Culture, Media and Sport published a Statement of Intent in relation to the new Data Protection Bill. This comes only a month before we were led to expect to see the draft Bill itself. At first glance, notwithstanding some of the headlines in the press, it Read More

No Comments

ICO investigation into the Royal Free’s use of patient data used as an opportunity to educate

Charlotte Mullarkey

In a case which has wide implications for the health care sector, the ICO has ruled that the Royal Free NHS Foundation Trust failed to comply with the UK Data Protection Act when it provided personal data of about 1.6 million patients to Google DeepMind. The personal data was provided as part of a trial Read More

No Comments

A29 Working Party Opinion on Data Processing at Work

Nigel Parker

  The boundaries between work and home are increasingly blurred.  This means employee monitoring activities can inadvertently extend to monitoring employees in a private context. The Article 29 Working Party recently published a new opinion concerning data processing at work. It covers a wide range of topics, including the processing of employee data on social Read More

No Comments