GDPR
The General Data Protection Regulation (GDPR) took effect across the EU on 25 May 2018. The GDPR constitutes the biggest change to the data protection regime in the EU since the 1995 Data Protection Directive. There are some significant changes that have the potential to have a profound impact on many organisations that collect and use information about individuals, even (in some cases) on organisations with no establishment in the EU but who collect and use personal data of EU based individuals.
The importance of preparing and ensuring compliance with the new law cannot be overstated, not least because of the huge fines of up to €20m or 4% of worldwide turnover that could be levied for breaches.
But there are also business benefits for those organisations that use the opportunity to adopt a fresh approach to data privacy and protection. Compliance with the GDPR is not just an additional burden – it is also a way to build and strengthen trust with customers and employees, enhance business reputation, grow the value of data assets and enhance risk mitigation.
Article list
GDPR for HR | ICO enforcement and the new data protection audit framework, and data privacy risks in pre-employment vetting
The UK Data (Use and Access) Bill – what businesses should be aware of
GDPR for HR | ICO enforcement, DSARs, and what UK data law changes to expect
Decoding penalty notices: UK ICO clarifies its methodology for issuing fines in new guidance
Data Law | UK Regulatory Outlook March 2024
UK Binding Corporate Rules: are updates a reason to reconsider the 'gold standard' transfer tool?
ICO and CMA clamp down on dark patterns in the UK
Data protection | UK Regulatory Outlook July 2023
GDPR for HR | Pay gaps, data access and IT security
What does the new Data Privacy Framework adequacy decision mean for US data flows?
Data Protection | UK Regulatory Outlook June 2023
Data Protection | UK Regulatory Outlook May 2023
How to assess UK data privacy risk in artificial intelligence use
GDPR for HR | Data protection guidance on artificial intelligence
Data protection | UK Regulatory Outlook April 2023
GDPR for HR Newsletter March 2023 | Data protection guidance on processing health data
UK government reignites data protection reform
UK Employment Law Coffee Break: Employment trends webinar, menopause and GDPR for HR
GDPR for HR | A glance back at 2022 and look forwards to 2023
Biden paves way for EU-US Data Privacy Framework and UK-US adequacy agreement
GDPR for HR | The gig economy, DSAR tips and data protection abroad
GDPR for HR | AI in recruitment, EU employee transparency legislation, data privacy legislation in the US and more
UK government formalises data protection reform following consultation
UK government proposes clamp down on use of data subject access requests as a litigation tactic
Consultation response suggests that an inappropriate 'purpose' for making a DSAR could soon be a reason to refuse to respond
Employment Law Coffee Break | GDPR for HR, drafting employment contracts and a round-up of recent developments
GDPR for HR | Accessing employees' non-work related emails, Brexit, DSARs and more
How to respond to a ransomware attack – an illustrative example
How employers should prepare for data subject access requests
Ten top tips for handling data subject access requests
The Queen's Speech - Data Reform Bill announced
Sport looks to artificial intelligence to deliver competitive edge
UK international data transfer agreements laid before Parliament
Legislators worldwide move to adopt regulation by design
New guidance emerging on cross-border data transfers: an overview
Businesses wondering what they need to do to ensure their cross-border data transfers remain compliant will welcome new European-level guidance...
Cookies and other trackers: the CNIL publishes new recommendations and launches a public consultation
On 4 July 2019, the French data protection authority (the “CNIL”) adopted new guidelines on cookies and other trackers. Also...
ICO signals its intentions on cyber security: large companies need to lead by example
The ICO has issued DSG Retail Limited, the owner of Currys PC World and Dixons Travel stores, with a sizeable...
Privacy, piracy and protectionist agendas | Barriers to enabling digital trade in a 4.0 world
Industrial revolution has always gone hand-in-hand with international trade, and the barriers that can create. So, it is no surprise...
The AP imposes its first GDPR fine on a Dutch hospital
Following a lengthy investigation, the Dutch Data Protection Authority (AP) concluded that a Dutch hospital did not take adequate technical...
GDPR one year on | What have we learned and what's next for data protection?
At a recent series of events, we shared learnings from the UK and beyond, one year on from the implementation...
One year on: GDPR for EU HR
The first year of the GDPR has kept HR teams busy. From HR data mapping and audits, contract of employment...
Dutch DPA published GDPR-fining structure
Under the GDPR, the amount of potential fines are substantially increased (up to maximum EUR 20 million). The Dutch Data...
Blockchain and GDPR: beyond the right to be forgotten
In September 2018, the French data protection authority (CNIL) issued a report considering Blockchain technology from a personal data protection...
New Deal for Consumers: European Data Protection Supervisor concerned reforms could undermine GDPR
In an Opinion published on 5 October 2018, the European Data Protection Supervisor has raised concerns and made some significant...
Criminal convictions checks under the GDPR
Following the implementation of the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA), UK...
100 days of GDPR | Session 5: Security and data incidents
With increased fines for data breaches under GDPR, how have companies responded to potential data security issues?
100 days of GDPR | Session 4: HR risk
Consent, data and diversity - how has GDPR been applied in HR?
GDPR | The practical impact on internal investigations
All businesses will be aware that the EU General Data Protection Regulation (GDPR), which took effect on 25 May 2018...
GDPR for HR | UK ICO audits AI recruitment tools and the English High Court defines controllers in DSARs
GDPR for HR | ICO enforcement and the new data protection audit framework, and data privacy risks in pre-employment vetting
The UK Data (Use and Access) Bill – what businesses should be aware of
GDPR for HR | ICO enforcement, DSARs, and what UK data law changes to expect
Decoding penalty notices: UK ICO clarifies its methodology for issuing fines in new guidance
Data Law | UK Regulatory Outlook March 2024
UK Binding Corporate Rules: are updates a reason to reconsider the 'gold standard' transfer tool?
ICO and CMA clamp down on dark patterns in the UK
Data protection | UK Regulatory Outlook July 2023
GDPR for HR | Pay gaps, data access and IT security
What does the new Data Privacy Framework adequacy decision mean for US data flows?
Data Protection | UK Regulatory Outlook June 2023
Data Protection | UK Regulatory Outlook May 2023
How to assess UK data privacy risk in artificial intelligence use
GDPR for HR | Data protection guidance on artificial intelligence
Data protection | UK Regulatory Outlook April 2023
GDPR for HR Newsletter March 2023 | Data protection guidance on processing health data
UK government reignites data protection reform
UK Employment Law Coffee Break: Employment trends webinar, menopause and GDPR for HR
GDPR for HR | A glance back at 2022 and look forwards to 2023
Biden paves way for EU-US Data Privacy Framework and UK-US adequacy agreement
GDPR for HR | The gig economy, DSAR tips and data protection abroad
GDPR for HR | AI in recruitment, EU employee transparency legislation, data privacy legislation in the US and more
UK government formalises data protection reform following consultation
UK government proposes clamp down on use of data subject access requests as a litigation tactic
Consultation response suggests that an inappropriate 'purpose' for making a DSAR could soon be a reason to refuse to respond
Employment Law Coffee Break | GDPR for HR, drafting employment contracts and a round-up of recent developments
GDPR for HR | Accessing employees' non-work related emails, Brexit, DSARs and more
How to respond to a ransomware attack – an illustrative example
How employers should prepare for data subject access requests
Ten top tips for handling data subject access requests
The Queen's Speech - Data Reform Bill announced
Sport looks to artificial intelligence to deliver competitive edge
UK international data transfer agreements laid before Parliament
Legislators worldwide move to adopt regulation by design
New guidance emerging on cross-border data transfers: an overview
Businesses wondering what they need to do to ensure their cross-border data transfers remain compliant will welcome new European-level guidance...
Cookies and other trackers: the CNIL publishes new recommendations and launches a public consultation
On 4 July 2019, the French data protection authority (the “CNIL”) adopted new guidelines on cookies and other trackers. Also...
ICO signals its intentions on cyber security: large companies need to lead by example
The ICO has issued DSG Retail Limited, the owner of Currys PC World and Dixons Travel stores, with a sizeable...
Privacy, piracy and protectionist agendas | Barriers to enabling digital trade in a 4.0 world
Industrial revolution has always gone hand-in-hand with international trade, and the barriers that can create. So, it is no surprise...
The AP imposes its first GDPR fine on a Dutch hospital
Following a lengthy investigation, the Dutch Data Protection Authority (AP) concluded that a Dutch hospital did not take adequate technical...
GDPR one year on | What have we learned and what's next for data protection?
At a recent series of events, we shared learnings from the UK and beyond, one year on from the implementation...
One year on: GDPR for EU HR
The first year of the GDPR has kept HR teams busy. From HR data mapping and audits, contract of employment...
Dutch DPA published GDPR-fining structure
Under the GDPR, the amount of potential fines are substantially increased (up to maximum EUR 20 million). The Dutch Data...
Blockchain and GDPR: beyond the right to be forgotten
In September 2018, the French data protection authority (CNIL) issued a report considering Blockchain technology from a personal data protection...
New Deal for Consumers: European Data Protection Supervisor concerned reforms could undermine GDPR
In an Opinion published on 5 October 2018, the European Data Protection Supervisor has raised concerns and made some significant...
Criminal convictions checks under the GDPR
Following the implementation of the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA), UK...
100 days of GDPR | Session 5: Security and data incidents
With increased fines for data breaches under GDPR, how have companies responded to potential data security issues?
100 days of GDPR | Session 4: HR risk
Consent, data and diversity - how has GDPR been applied in HR?
GDPR | The practical impact on internal investigations
All businesses will be aware that the EU General Data Protection Regulation (GDPR), which took effect on 25 May 2018...