How to handle data subject access requests under the UK GDPR

- Posted in data protection by
This blog post is a short(ish) guide to the core issues in handling subject access requests under the UK GDPR. If you have received a request and you are not sure where to start, this will help you Read more

Personal data breach reporting for service outages (such as when your CDN is down)

- Posted in data protection by
(CDN: content delivery network. Such as Akamai.) Even though it is not obviously within the scope of the definition of "personal data breach", guidance from both the UK's regulator and the European Read more

The UK is adequate (for data protection purposes)

- Posted in data protection by
The long-running saga as to whether the United Kingdom will be considered "adequate" from a data protection point of view has reached an important, and probably welcome to many, point: today, the Read more

Five things to take from the European Parliament's response to the Commission on the GDPR

- Posted in privacy by
The European Parliament has published its report on the European Commission's report on the implementation of the GDPR, which the Commission published two years after its application. Yes, it's a Read more

The territorial scope of the GDPR, as applied by the High Court

- Posted in data protection by
1 This week saw what is, I believe, the first English judgment dealing with the territorial scope of the GDPR. This blogpost is a reminder of the rules on "territorial scope", and weaves in the High Read more

Four legal tips to keep your business running smoothly in 2021

- Posted in business by
1 The pandemic is getting worse, democracy in the USA seems to have collapsed, and if you have to say "you're still on mute" one more time, you'll explode. And it's only the 11th of January. Here are Read more

The UK/EU Trade and Cooperation Agreement and data protection: what you should do now

- Posted in data protection by
I know it's Christmas. And I know I'm supposed to be on holiday. But I also know that some of you have been planning for, or even just worrying about, what you need to do to prepare for the end of Read more

Privacy policy or privacy notice?

- Posted in data protection by
1 Occasionally I get asked "should I have a privacy policy or a privacy notice?". And the answer is usually "both" (or, at least, things which have the same effect). If you're not sure what the Read more

Targeted social media ads: new guidance on doing it lawfully

- Posted in data protection by
1 The European Data Protection Board has published draft guidelines, for feedback, on targeting of social media users. If you use targeting features offered by social media platforms, it's worth Read more

Your record of processing activity: what it is, and why having one will make your life so much easier

- Posted in data protection by
1 I've written before about the key steps you need to take to get your business in order from a GDPR point of view. One of those steps — the record of processing activty — is a key starting Read more