Skip to main content

Insights & News

Search for Insights & News

  • Schrems II - what are the implications for UK and EU data transfers to India?

    01 April 2021

    Everyone knows the important role India plays in the global digital economy; in fact the Harvard Business Review estimates the digital economy in India “is expected to reach a valuation of $1 trillion dollars (USD) by 2022”. With new Indian legislation on the horizon in the form of the Personal Data Protection Bill, 2019 (PDP Bill) and the Schrems II decision from last year we’ve joined forces with our colleagues at J. Sagar Associates to bring you this article setting out the issues you need to consider and sharing some top tips.

  • Industry prepares for Apple Tracking restrictions

    12 March 2021

    In June 2020 Apple sent shockwaves through the ad industry by announcing that it would require iOS apps to obtain user consent to track the user or access their Apple device’s advertising identifier (i.e. the ‘IDFA’) for targeted advertising or advertising measurement purposes.

  • US privacy update what UK and EU businesses need to know

    08 March 2021

    In February 2021, Lewis Silkin welcomed back “very accomplished and expert” (Legal 500 2020) Gary Kibel of US firm Davis & Gilbert LLP to talk through major changes in the US privacy landscape in the past 12 months, how those changes affect UK and EU businesses, and how the changes compare to the General Data Protection Regulation (GDPR).

  • Brazil’s Lei Geral de Proteção de Dados (LGPD) – what do UK and EU companies need to know?

    04 February 2021

    September 2020 saw the official entrance on the scene of the LGPD - Brazil’s first comprehensive data law, which consolidates existing legislation in order to regulate the use and processing of personal data.

  • “It wasn’t our fault! …” 10 lines unlikely to get much regulatory sympathy following a data breach

    02 February 2021

    2020 saw four major data breach-related fines issued by regulators in the UK and Ireland in the aviation, hospitality and media & entertainment sectors, with GDPR security and breach notification obligations as their focus. This piece paraphrases the 10 excuses commonly raised by data controllers when challenging the initial amounts of those fines, as well as the regulatory response rejecting them. That's because advance knowledge of lines of argument which aren’t likely to get much sympathy from regulators will help organisations better understand regulators’ expectations when it comes to cybersecurity – especially as these early fines are likely to shape future enforcement activity.

  • Happy Data Protection Day!

    28 January 2021

    Today is the 15th Data Protection Day - and for those of you who are interested, it is also the 40th anniversary of Convention 108 which, along with Convention 108+, is credited with influencing and shaping data protection and privacy in Europe.

  • Graduating from the ICO Sandbox - a look at the first four exit reports: Ali Vaziri writes for PDP Journal

    Press

    26 January 2021

    Ali Vaziri mines the first four exit reports from the ICO's regulatory Sandbox for actionable insights.

  • Personal Data transfers between Ireland and the UK post Brexit – what you need to know and do

    15 January 2021

    The EU-UK Trade and Cooperation Agreement (Agreement) was signed on 30 December and governs the trading relationship between those parties after Brexit.

  • Tech Predictions 2021

    11 January 2021

    Yes, it’s that time of year to grab a cuppa and immerse yourself in learning about how tech might change your 2021. Now, we know it’s easy to be a little glum if stuck working from home, but amazing businesses thrive on a bold vision, focus, drive and positivity. That’s our spirit as we go into 2021. We hope you will join us on the tech discovery journey.

  • Brexit – what’s the deal with data?

    29 December 2020

    The EU-UK Trade and Cooperation Agreement (“the Deal”) is sparse on detail on data however crucially it does grant pseudo adequacy to the UK for a period of 4 months (which can be extended to 6 months) from 1 January 2021 to allow the European Commission more time to make its formal Adequacy Assessment under Article 45 GDPR.

  • Schrems II - what guidance for international transfers? Victor Timon writes for PDP Journal

    Press

    16 December 2020

    In an article for PDP Journal, Victor Timon comments on the recently issued guidance from the EDPB on Schrems II.

  • Learning from others’ mistakes: two common security failings in five data breaches - Ali Vaziri and Tamsin Hoque write for PDP journal

    Press

    06 November 2020

    In an article for PDP journal Ali Vaziri and Tamsin Hoque mine five Penalty Notices issued in recent years by the UK ICO for insight into how organisations can avoid making the same mistakes, and comment on the recent BA fine.

  • The ICO takes action in the offline data broking sector

    02 November 2020

    The UK Information Commissioner’s Office (‘ICO’) has issued an enforcement notice to Experian giving it nine months to remedy non-compliant personal data processing that it considers to be in breach of data protection legislation.

  • Cybersecurity and remote working - One person's risk is another's opportunity: Victor Timon comments for the Irish Examiner

    30 October 2020

    In this article for the Irish Examiner, Victor Timon comments on how Covid-19 and home working have caused cybercrime to spiral, providing an easier route into corporate systems.

  • Dealing with Data Subject Access Requests

    27 October 2020

    Receiving a Data Subject Access Request (a ‘DSAR’) can be tricky for any organisation. In addition to the additional work created for overstretched IT, HR and data privacy personnel, the potentially thousands of documents that a DSAR can cover need to be analysed, redacted and reproduced for the data subject, all within the deadline of a calendar month.

  • ICO publishes updated Data Subject Access Request guidance

    23 October 2020

    Two and a half years after the GDPR came into force, the ICO have published their long awaited guidance on Data Subject Access Requests (“DSARs”).

  • BA’s jumbo fine significantly reduced

    21 October 2020

    In what has so far been a torrid year for British Airways (“BA”), the ICO decision to significantly reduce the level of fine it intended to issue following their data breach in 2018 is likely to be seen by BA as a glimmer of hope.

  • Record €35 million fine for excessive employee monitoring

    08 October 2020

    An employer in Germany has been fined over €35 million under the General Data Protection Regulation for unlawfully monitoring its employees. What impact could this have on employers in the UK?

  • Schrems II – The Wall Street Journal reports that the Irish DPC will order Facebook to stop transfers of personal data to the United States

    11 September 2020

    In the first major supervisory authority action The Wall Street Journal reports that “Ireland to Order Facebook to Stop Sending User Data to U.S.”. We have previously written that the key to dealing with the fallout from Schrems II is to have a calm head, and not to panic; does this decision change things?

  • Sports Q&A - Is there trouble on the horizon for algorithms in sport?

    10 September 2020

    Algorithms have featured heavily in the news lately, albeit for the wrong reasons. The algorithms used to determine UK school examination results were eventually abandoned after a chorus of derision and condemnation over their apparent discriminatory bias against students from disadvantaged backgrounds and some questionable outcomes.

Back To Top
This website uses cookies for a range of purposes. To find out more please visit our Cookie Policy. Please click OK to consent to our use of all non-essential cookies described in our Cookie Policy.
OK