Tag Archives: Data Protection

Capita faces class action over data breach.

Capita faces first legal letter over alleged data breach. Capita, a UK-based IT services company, has been served with its first legal letter over an alleged data breach that could have affected up to 9.5 million people. The letter, sent by Barings Law on behalf of a group of affected individuals, alleges that Capita failedRead More

“None of Your Business” they said

On May 20, 2023, the European Data Protection Board (EDPB) fined Meta (formerly Facebook) €1.2 billion for violating the General Data Protection Regulation (GDPR) by continuing to transfer European user data to the United States without adequate safeguards in place. For more background on this case, read our articles; META behavioural advertising – Why itRead More

Data Protection Training w/voiceover

With people working from home and online activities on the rise, remote training is an essential aspect of business operations. Increased data protection awareness needs to be at the forefront of your employee’s practices. Responsibility for data protection should not fall solely on your IT staff but should be spread throughout your operations. Knowledge isRead More

Deal done? Not adequacy!

Buried in the Brexit deal text, a six-month maximum time limitation creates a data bridge for the gap between the end of the transition period and negotiations on a UK adequacy decision. What does this mean for your organisation?  The UK has suspended its’ own data protection laws for this interim period, so EU-GDPR lawsRead More

Privacy Shield inadequate (Schrems Deux)

Follow-up on “Should Privacy Shield be suspended” (Update August 2020): The Schrems 2 case ruling press release from the 16th July (Courts of Justice EU” CJEU” press release here https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdf ), so what does it mean for your data? Firstly, the CJEU has ruled that your data, when used for commercial purposes, are subject to the sameRead More

A DPO for schools, SME’s and Charities

Most schools are too busy to give data protection their full attention. We have specialist data protection officers that are here to help! We also noticed that small businesses and charities do not have specialist data protection officers. We realise that the issue of compliance with data protection legislation can be daunting, and detract fromRead More

77% of charities named data loss as their biggest concern!

Previously. An astonishing 84% of UK small business owners and 43% of senior executives of large companies are not aware of the forthcoming GDPR – according to research-live.com. (1) The research has also revealed that 75% of data will be unusable following GDPR enforcement. According to w8data, only 25% of existing customer data meets the requirements of the GDPR. (2) That also appliesRead More

Do you know what data you’re capturing?

Following on from our article on “The Murky World of Consent and opt-in”, we thought we would issue some helpful guidance. Not only on consent itself but knowing what information you are capturing, what you are doing with this data and how you can prove the lifecycle of this data when it comes to a SubjectRead More

Responsibility: Personal or organisational?

  With new data protection laws coming into force, does this change the responsibility: Is it personal or organisational?  Is responsibility on the data controller or the data processor?   Ultimately, your organisation is responsible for the personal data it collects!  If you pass the information you have collected to a third party for processing,Read More

The Right(s)

Several areas within the GDPR1 concern rights of the individuals, most of which were included in the Data Protection Act (DPA2), which was based on an EU directive. The difference between EU directives and regulations is that “directives” set out goals for each member state to implement and adapt within their laws, whereas a “regulation” is a binding legislative act thatRead More

Retention of Data

“How long can we keep our data?”   Retaining data has always been a fragmented area of information security law. This article explores what personal data is, what constitutes processing data and for how long you should retain data, as it appears to be unclear within DPA and GDPR law!   First, a definition ofRead More

GDPR are you ready?

The media is awash with adverts about the EU General Data Protection Regulation; “Are you ready?”, because it is coming ready or not! What is the EU GDPR?” I hear you ask; the law itself is about Data Protection, and not as complicated as you might think, as it is a set of common-sense principles.Read More