Judgment handed down in landmark Morrisons data breach appeal
The Supreme Court has allowed Morrisons’ appeal, finding that the supermarket was not vicariously liable for data breaches caused by a disgruntled employee
02 April 2020
Outsourcing? Don’t forget about operational resilience
We outline what the FCA’s new operational resilience rules mean for regulated financial services firms’ outsourcing and third party risk management
21 July 2021
Stop scrolling: EDPB adopts guidelines on targeting of social media users
In April 2021, the European Data Protection Board ('EDPB') adopted final guidelines on the targeting of social media users (the 'Guidelines')
21 May 2021
Data Protection and Cyber Security: A Survey of Recent Developments and of What May Lie Ahead
In this article, our BCRI team reviews recent developments within the data protection and cyber security landscape, whilst also considering what may lie ahead
04 June 2021
ICO releases draft guidance on how it will calculate financial penalties
The ICO has published draft guidance on its proposed regulatory approach when enforcing data protection law in the UK
23 October 2020
EDPB update on international data transfers following the Schrems II judgment
The European Data Protection Board has published guidance on the implications of the Schrems II judgment, and its relevance for international data transfers
04 August 2020
CJEU ruling on Privacy International case; could it frustrate UK’s GDPR Adequacy Decision?
Data transfers to the UK could be affected by a recent ruling on state surveillance measures and the EDPB’s recently updated European Essential Guarantees following Schrems II
09 December 2020
CJEU issues verdict on EU-US Privacy Shield and Model Clauses
Privacy Shield invalid but the Model Clauses remain effective. Focus is now on supervising authorities to control and monitor data flows to third countries
17 July 2020
UK-US data sharing poses risk to UK’s GDPR adequacy decision application
With the Brexit transition period fast approaching, obstacles to the UK’s adequacy decision application remain
27 July 2020
ICO issues Q&A on the UK's data protection landscape after the Brexit transition period
Ahead of the end of the Brexit transition period, the ICO has issued a guidance note on the key impacts of the expiry of the transition period
14 August 2020
Group litigation for personal data breaches – where are we now?
A new wave of group litigation under data protection legislation means that businesses need to be increasingly vigilant when negotiating data protection indemnities
14 February 2020
EasyJet suffers large scale data breach and faces potential group litigation
In April EasyJet reported that it had been targeted in a sophisticated cyber-attack, affecting approximately nine million customers
26 June 2020