Notification: Facebook - you have a £500,000 fine from the Information Commissioner's Office 16/07/2018 Facebook is set to be fined £500,000, the maximum amount possible, for two breaches of the Data Protection Act 1998 (DPA 1998). Happy #GDPRday 25/05/2018 Well this is the start of the regulated journey to compliance. Much has been achieved in the just over two years since the GDPR was published in the Official Journal of the European Union, but the data protection landscape is an evolving one. Consent: Double-edged sword and the progression towards other legal bases for processing 12/04/2018 The GDPR sets out six lawful 'bases' for processing, consent being one of them. However, consent has historically been the favoured basis as genuine consent puts individuals in control, building customer trust as well as enhancing your reputation. Data retention - what impact does the GDPR have for employers? 06/03/2018 The GDPR will undoubtedly involve a shake-up of the way businesses approach and, crucially, evidence their data protection compliance, not least in terms of how they retain personal data. We consider the implications of GDPR on data retention below. ICO publishes draft data protection fees guidance 22/02/2018 A new registration scheme for data controllers will come in from 25 May 2018, the same day the GDPR is introduced across the EU, the ICO has announced. Covert CCTV at work. Is this ever possible? 22/02/2018 The European Court of Human Rights recently held that covert CCTV infringed a worker's right to a private life. A previous decision of the same court permitted use of covert CCTV. So where do employers stand? GDPR - 100 days and counting: Are you ready? 14/02/2018 With just 100 days to go until the General Data Protection Regulation (GDPR) comes into force, many employers are still grappling with the requirements of the new regime. What steps should employers be taking to ensure they are ready for 25 May 2018? Liability ruling in UK data leak class action 05/12/2017 Last week the High Court ruled a large retail company to be vicariously liable for a leak of its employees' data, in the first US-style class action in the UK involving a personal data breach. Cyber Insurance v GDPR - The Myths, the Maths and the Law 29/11/2017 We rarely switch on our computers without an email containing the latest guidance, opinions, dos and don'ts, risks, or the undeniable fact that the harsh penalties which are likely to flow from the GDPR from 25 May 2018 could be eye-watering. GDPR - less than 6 months left... 28/11/2017 With 177 days to go until The General Data Protection Regulation kicks in, what should businesses be doing when faced with this deadline? The Data Protection Bill: Are you ready? 15/09/2017 The government published the Data Protection Bill on 14 September 2017, which will implement and supplement the General Data Protection Regulation ('GDPR') in the UK. GDPR - A general overview 08/09/2017 The General Data Protection Regulation ('GDPR') takes effect from 25 May 2018 and was introduced to further harmonise and modernise data protection procedures. HR and GDPR: Data Protection Impact Assessments (DPIA) 24/08/2017 This article is the final one in our series on HR and the General Data Protection Regulation (GDPR). In it we look at what a DPIA is, when one is needed and what information it must include. A guide to consent for electronic marketing in 2018 - Part 1 08/08/2017 Risk and reward. 2018 will see the intermingled fields of privacy, data protection and electronic direct marketing face dramatic and comprehensive change. HR and GDPR: New Concepts 02/08/2017 This article is the penultimate one in our series on HR and the General Data Protection Regulation (GDPR); in it we look at some of the new concepts and principles that the GDPR creates and expands. HR and the GDPR: Changing employment contracts and policies 25/07/2017 As part of our series of articles providing tips for employers ahead of the introduction of the General Data Protection Regulation (GDPR), we consider what changes may be required to policies and procedures. HR and GDPR: How will data subjects' rights change? 11/07/2017 UK data protection law will change in May 2018 when the EU's General Data Protection Regulation (GDPR) comes into force. Cloud providers: How the forthcoming GDPR will affect you 13/06/2017 The forthcoming General Data Protection Regulation (GDPR) heralds large-scale change for business, not least for those entities who process personal data on behalf of others. HR and the GDPR: how is consent changing? 22/05/2017 In this article we examine what will be required for valid consent to processing data under the General Data Protection Regulation (GDPR) and how employers should be preparing for that. HR and the GDPR: how do employers carry out a DP audit? 16/05/2017 The General Data Protection Regulation (GDPR) is coming and soon and will bring a significant amount of upheaval for the HR team. Carrying out a data protection audit is likely to be the first step in understanding the scale of the changes required. HR and the GDPR: Where do we start? 09/05/2017 This article forms part of our GDPR series in which Shoosmiths employment and data protection experts offer practical advice, ahead of the coming-into-force of the GPDR in May 2018. Employers, are you ready for the new EU data protection regime? 26/04/2017 In our series of articles on the EU's new data protection regulation, we look at the implications for UK employers and what they need to do to prepare for the changes ahead. The burden is higher and the stakes are greater than ever before. What does Brexit mean for UK franchising? - part two 26/01/2017 Further to our previous article 'What does Brexit mean for UK franchising? - part one', franchise businesses should carefully consider the material issues initiated by Brexit, as we see them today. Fines for data breaches: security is key 06/09/2016 The Information Commissioner's Office (ICO) has again issued a significant fine for breach of the Data Protection Act 1998 (DPA) following the loss of a portable device. The General Data Protection Regulation: Post-Brexit 08/07/2016 The General Data Protection Regulation has been published meaning that it will come into effect from 25 May 2018 in EU Member States. We now look at what this means for the UK in the light of Brexit. Transferring personal data from the EEA to the USA: recent developments 10/06/2016 The uncertainty for companies that transfer personal data from Europe to the USA looks set to continue as doubts have been raised over the proposed new Privacy Shield New EU data protection regulation: compliance in an evolving privacy landscape 04/04/2016 Some four years in the making, the General Data Protection Regulation (the Regulation) is now in an agreed form pending formal ratification by the EU.