Kelly Hagedorn

Kelly Hagedorn

Alston & Bird

Contact
View Bio
RSS

Latest Posts › Data Protection

Share:

DSARs in 2025: Stay Ahead of Regulations

As data protection regulations evolve and employee rights awareness grows, organisations are seeing a significant uptick in Data Subject Access Requests (DSARs). Pursuant to Article 15 of the UK and EU General Data Protection...more

7/10/2025  /  Collaboration , Compliance , Data Privacy , Data Protection , Data Security , Data Subject Access Requests , Disclosure , Document Review , Employee Rights , Employment Litigation , General Data Protection Regulation (GDPR) , Innovative Technology , Legal Technology , Privacy Laws , Risk Management , Training

UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack

On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK...more

7/3/2025  /  23andMe , Cybersecurity , Data Breach , Data Privacy , Data Protection , Enforcement Actions , Fines , General Data Protection Regulation (GDPR) , Regulatory Requirements , UK

UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident

On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found...more

5/8/2025  /  Cyber Attacks , Data Breach , Data Protection , Data Security , Enforcement Actions , Penalties , Personal Data , Ransomware , UK GDPR , UK ICO

UK Government Publishes Cyber Governance Code of Practice for Boards and Directors

On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK’s data protection regulator is actively...more

4/11/2025  /  Board of Directors , Compliance , Corporate Governance , Cyber Attacks , Cybersecurity , Data Breach , Data Protection , Regulatory Requirements , Risk Management , UK

UK’s Data Protection Regulator Fines a UK SaaS Provider ~$4 Million Following a Ransomware Incident

On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered...more

4/7/2025  /  Cybersecurity , Data Breach , Data Protection , Data Security , Enforcement Actions , Personal Data , Ransomware , SaaS , UK , UK GDPR

European Commission Moves to Extend Free Flows of Personal Data to the UK

On March 18, 2025, the European Commission proposed to extend its adequacy decision in favor of the United Kingdom (‘UK’) for an additional six-month period. This would allow free flows of personal data from the EU to the UK...more

3/25/2025  /  Data Privacy , Data Protection , EU , European Commission , European Data Protection Board (EDPB) , General Data Protection Regulation (GDPR) , International Data Transfers , New Legislation , Personal Data , Regulatory Reform , UK

UK Government Proposes Targeted Ban on Ransom Payments and Increased Ransomware Incident Reporting

On January 14, 2025, the United Kingdom government published a consultation on ransomware proposing new measures to increase incident reporting and reduce ransom payments (the “Consultation”). The Consultation outlines three...more

2/6/2025  /  Cyber Incident Reporting , Cyber Threats , Cybersecurity , Data Privacy , Data Protection , National Security , Ransomware , Regulatory Agenda , UK

Green Light for the Enforcement of NIS 2 in Limited EU Countries Only

EU Member States had until today, October 17, 2024, to transpose the Network and Information Security (NIS) 2 Directive into their national laws. As Directives are not directly applicable in EU Member States, the EU...more

10/18/2024  /  Cyber Incident Reporting , Cybersecurity , Data Protection , Data Security , EU , European Commission , Member State , Regulatory Requirements

EDPB Adopts Opinion on the Use of Processors and Sub-processors

On October 7, 2024, the European Data Protection Board (“EDPB”) adopted an opinion on obligations following from the use of processors and sub-processors (the “Opinion”). The EDPB is the body that seeks to ensure harmonised...more

10/14/2024  /  Cybersecurity , Data Controller , Data Processors , Data Protection , Data Protection Authority , EU , European Data Protection Board (EDPB) , European Economic Area (EEA) , General Data Protection Regulation (GDPR)
9 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide