News and Articles | 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011     RSS Feed

10/11/2016 Article: Subject Access Requests – recent cases and the GDPR

The last couple of years has seen a steady increase in enforcement action and prominent court cases involving subject access requests (“SARs”) under the Data Protection Act 1998 (“DPA”).

Organisations are also starting to prepare for the new EU General Data Protection Regulation (“GDPR”), which will change some key aspects of how SARs need to be handled as from May 2018.

This article therefore provides a summary of the recent cases and the upcoming GDPR changes, with some guidance to assist data controllers in deciding how to deal with some of the tricky issues arising.


26/08/2016 Article: Business use of social media – protecting your intellectual property

Business use of social media leads to increased challenges for organisations in protecting their proprietary content, business information, brand and reputation.


29/06/2016 Article: ICO publishes annual report 2015/2016

On 28 June 2016, the ICO launched its annual report, containing details of its activities and financial statements between April 2015 and March 2016.


16/06/2016 Article: Lessons from recent direct marketing penalties

Over the last year, the Information Commissioner’s Office (ICO) has stepped up enforcement action for breaches of data protection and privacy rules relating to direct marketing. Action has arisen from unlawful marketing by telephone (live or automated), SMS and email, and from the unlawful sale of marketing lists. This article highlights some key themes arising from these cases.


10/05/2016 Article: Alphabetical guide to the new EU data protection law

Following four years of deliberation, the EU General Data Protection Regulation (“GDPR”) was published in the EU’s Official Journal on 4 May 2016, coming into force 20 days later. Organisations will need to comply with the new law by 25 May 2018. This article is an alphabetical guide to some key provisions of the GDPR.


11/02/2016 Article: EU–US Privacy Shield

On 2 February 2016 the EU Commission announced that it had reached political agreement with the US Department of Commerce on new EU-US data transfer arrangements. The new framework is called the EU–US Privacy Shield and is a substitute for the previous Safe Harbour scheme which was declared invalid on 6 October 2015.

Related Articles:


02/02/2016 Newsflash: EU–US Privacy Shield

New EU–US data transfer arrangements have today (2 February 2016) been approved by the EU Commission. The new framework is known as the “EU-US Privacy Shield” and is a substitute for the previous “Safe Harbour” scheme which was declared invalid on 6 October 2015.


21/01/2016 Publication: Privacy Impact Assessments and the EU General Data Protection Regulation

The compromise text of the EU General Data Protection Regulation (GDPR) was published on 15 December 2015. At the time of writing, it is expected to have final approval soon, and then come in force into two years. Article 33(1) contains the new obligation for conducting impact assessments.

Read Olivia’s article: “Privacy Impact Assessments and the GDPR” published by SCL (www.scl.org)