Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
The DUAA introduces several reforms to UK data protection law, but their implications are relatively limited in practice. The Data (Use and Access) Act 2025 (the DUAA) was enacted on 19 June 2025 and amends rather than...more
The dramatic increase in global reach that the internet provides U.S.-based companies comes as a double edge sword. While it significantly increases a company’s potential customer pool, it also subjects companies to...more
What new guidance on anonymisation from the UK Information Commissioner’s Office (ICO) means for healthcare and life sciences companies....more
The guidelines specify the requirements for data controllers to conduct risk assessments related to the transfer or disclosure of personal data outside the Kingdom. ...more
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), has recently announced investigations into three companies in connection with the use of children’s personal information. In a statement on...more
The UK Information Commissioner’s Office (the ICO) has published guidance to help firms take steps to protect customers’ personal information when data is shared between firms to prevent fraud and scams....more
This is the final note in a three-part series on the regulation of artificial intelligence in the financial services sector in the United States, the European Union and the United Kingdom. Our first note, we provided a...more
Though perhaps falling short of being a universally accepted one, it is a truth that any organisation processing personal data needs a privacy programme. But how best should an internal compliance framework be structured...more
Whether it’s through mobile gaming or live streaming, young people are spending more time than ever participating in the virtual world. Yet, in-game chat functionality, online trolls, loot boxes and advertising are posing...more
This article explores the topic of appointed representatives under Article 27 of the GDPR. What are they? When do you need one? How is regulatory enforcement starting to play out in the EU and in the UK on this issue?...more
With the UK unambiguously out of the EU, this fourth and final installment of our Data & Brexit Digest explores the topic of appointed representatives under Article 27. What is an Article 27 representative? The...more
With the UK now unambiguously out of the EU, the EU General Data Protection Regulation (2016/679) (“EU GDPR”) has been replaced by the United Kingdom General Data Protection Regulation (“UK GDPR”). In this third instalment of...more