Data Protection
Data protection is quickly becoming one of the fastest growing areas of regulatory compliance that our clients are having to deal with. The pandemic has seen a vast increase in the amount of cyber-attacks on businesses and individuals, and with tight timescales to report such breaches to the ICO, knowing what to do if the worst happens is more important than ever.
Our team provides practical, tailored advice on all aspects of data protection law. We have experience in advising on compliance issues such as documenting data controlling and processing and dealing with requests from data subjects to assisting clients with the legal and regulatory aspects of data breaches and communication with and reporting to the ICO.
Providing compliance documentation
Drafting documents such as privacy notices and data protection policies to assist clients with demonstrating that they are taking sufficient steps to comply with the law
International transfers
Assisting clients with the compliance issues arising out of data transfers outside the UK
Queries around subject access requests
Advising on timescales and data excluded from the scope of subject access requests
Advice on data breaches
Practical advice on steps to take once a breach is discovered, reporting to the ICO and data subjects where appropriate, and record keeping
Training for DPOs and other staff
Assisting clients with training their data protection officers and other members of staff who regularly deal with personal data to ensure they know how to deal with requests from data subjects, and with data breaches should they arise
Key Contacts
To make an enquiry, please contact a member of staff below or call 01224 845 845
David Chalmers
Annika Neukirch
Data Protection News & Insights
Data Protection Breach – Seminar
We have become used to hearing stories of data breaches caused by hacking and ransomware, including the news last week that there has been a security breach of the electoral register in which names and addresses of voters have been accessed, potentially as far back as August 2021. However, the recent news from Northern Ireland has served as a reminder that human error can also result in significant data breaches.
Big fine for Meta shines spotlight on standard contractual clauses
When the GDPR first came into force five years ago, the big headline-grabber was the potential for large fines – up to €20m or 4% of annual global turnover, whichever is higher. In recent months we have seen some significant penalties being applied by UK and EU supervisory authorities, and the news this week from the Irish Data Protection Commission was that it had concluded its investigation into Facebook parent company Meta and decided to issue it with an administrative fine of €1.2billion in respect of its data transfers to the US.
A large fine to TikTok but ICO’s power doesn’t end there
The ICO has issued another headline-grabbing fine to a social media company – this time to TikTok, who have been fined £12.7 million for misusing children’s data, in particular by processing personal data of children aged under 13 without parental consent and taking insufficient steps to check the age of those using their platform and removing those underage.
Data Protection and Digital Information (No2) Bill
On 8 March 2023, the government withdrew its previous data protection bill, which had been scheduled for a second reading, and instead published a revised new bill, the Data Protection and Digital Information (No. 2) Bill.
