GDPR
On 25 May 2018, data protection law changed significantly with the introduction of the EU General Data Protection Regulation (GDPR) and UK Data Protection Act 2018.
Key changes under these laws affect almost all businesses. The rights of EU citizens to control their personal details have been enhanced and new unified obligations have been placed on those dealing with personal data. However, even though the deadline has passed, this is not the end of the compliance journey and organisations must continuously act to ensure they fully comply with the rules.
Previous data protection legislation (the Data Protection Act 1998 in the UK) was based on the Data Protection Directive of 1995 (the 1995 Directive) which set out key legal principles for dealing with personal data. For the past 15 to 20 years, these principles have been adopted in national legislation throughout the EU Member States in different ways, resulting in a disjointed approach to data protection in Europe. The GDPR replaced the 1995 Directive and is directly applicable in every EU Member State. This means there is now a single set of rules to avoid contradictory approaches across the EU.
Data Breach Response Helpline
Data breach reporting is now mandatory in many cases. If you believe your business may have suffered a personal data breach and/or something goes wrong, MacRoberts' Data Breach Response Team is on hand to guide you through the response process. For fast and effective assistance, please call our helpline on 0300 303 1019.
-
-
GDPR An indigestible cookie: pre-ticked box cookie consent ruled invalid Website operators should take steps to ensure that they do not fall foul of a recent preliminary ruling on cookies by the Court of Justice of the European Union (CJEU). On 01 October 2019, the CJEU held that a user’s consent to the use of cookies is not valid if consent is given by way of a pre-ticked box.
-
GDPR Proposed Extension of Freedom of Information in Scotland: Third Sector and Public Service Providers Beware! On 30 August 2019, The Scottish Government launched a consultation on the coverage of freedom of information legislation in Scotland. The potential for reform in this area should be cause for concern for businesses and organisations operating in the public sector.
-
GDPR Consent under the GDPR: What do employers need to know? The GDPR has been in force for just over a year and we are now starting to see evidence of Data Protection Authorities across the EU issuing fines for non-compliance.
-
GDPR How much time do you have to respond to a subject access request? Perhaps less than you thought! The ICO has updated its guidance on subject access request (SAR) timescales and organisations now have slightly less time than they did previously to respond.
-
GDPR ICO's second GDPR fine in as many days highlights importance of due diligence in acquisitions With a second fine in as many days, the ICO proposes to fine travel giant Marriott International Inc £99 million and, in the process, identifies how critical due diligence is when acquiring any business.
-