Handley Gill
LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Handley Gill Limited

Our expert consultants at Handley Gill share their knowledge and advice on emerging data protection, privacy, content regulation, reputation management, cyber security, and information access issues in our blog.

Posts tagged Compensation
You Shall EU
You Shall EU

Handley Gill's specialist data protection consultants consider the status of CJEU judgments in UK law after the Labour government intervened to prevent section 6 Retained EU Law (Revocation and Reform) Act 2023 from coming into force and amending the European Union (Withdrawal) Act 2018, and consider several CJEU judgments addressing the processing of special category personal data, the interaction between data protection and competition law, the conduct and balancing of legitimate interests assessments, data minimisation and the status of supervisory authority decisions.

Read More
Nicola CainData Protection, GDPR, EU GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Retained EU Law, Retained EU Law (Revocation and Reform) Act 2023, European Union (Withdrawal) Act 2018, Section 6 European Union (Withdrawal) Act 2018, section 6 Retained EU Law (Revocation and Reform) Act 2023, Assimilated Law, BREXIT, CJEU, Data Controller, Data Minimisation, Supervisory Authority, Health Data, Article 9(1) GDPR, Article 9 GDPR, Article 9 UK GDPR, Article 9(1) UK GDPR, Legitimate Interests, Legitimate Interests Assessment, LIA, Article 6(1)(f) UK GDPR, Article 6(1)(f) GDPR, Commercial Interests, Advertising, MARKETING, Targeted Advertising, Behavioural Advertising, Personalised Advertising, Data Sharing, Necessity, C-446/21, C-621/22, C-21/23, C-200/23, SPECIAL CATEGORY PERSONAL DATA, Special Category Data, Sexual Orientation, Article 9(2)(a) GDPR, Article 9(2)(a) UK GDPR, Article 9(2)(e) GDPR, Article 9(2)(e) UK GDPR, Article 5(1)(c) GDPR, Article 5(1)(c) UK GDPR, Data Retention, C-507/23, Compensation, Damages, Article 82 GDPR, Article 82(1) GDPR, ApologyComment
CrapITa
CrapITa

Handley Gill’s data protection consultants consider recent supply chain cyber attacks, including the unfolding of the recent Capita and Zellis / MOVEit data breaches, and identify the steps data controllers should take when engaging data processors as part of their supply chain or giving third parties access to personal data, and the lessons to be learned for vendor management throughout the data processing lifecycle.

Read More
Nicola CainData Protection, Personal Data, Information Security, Cyber Security, Cyber Resilience, Cyber Attack, Data Breach, Supply Chain Risk, Supply Chain Security, Vendor Management, Capita, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Pensions Regulator, Financial Conduct Authority, FCA, Data subjects, Compensation, Data litigation, Ransom, Ransom Payment, Department for Science Innovation & Technology, DSIT, Cyber Security Breaches Survey 2023, Article 25(1) UK GDPR, Article 25(1) GDPR, Data Controller, Data Processor, Data Processing Agreement, DPA, Data Processing, Article 28 GDPR, Article 28 UK GDPR, Article 32 GDPR, Article 32 UK GDPR, Cyber Insurance, Cyber Insurance Cover, Liability, Data protection impact assessment, DPIA, Administrative fine, Monetary penalty, Article 82(3) UK GDPR, Article 82(3) GDPR, Regulatory Action Policy, Article 33 UK GDPR, Article 33 GDPR, Article 34 UK GDPR, Data Breach Notification, Breach Response Plan, Incident Response Plan, Injunction, Injunctive Relief, Article 82 GDPR, Article 82 UK GDPR, CVE-2023-34362Comment
Bill of Rights... and Wrongs?
Bill of Rights... and Wrongs?

Handley Gill considers the impact of the Bill of Rights (Bill 117 2022/23), which would repeal and replace the Human Rights Act 1998, on the law of data protection, privacy and freedom of expression in the UK.

Read More
Nicola CainBill of Rights, Bill 117 2022/23, Human Rights Act 1998, European Convention on Human Rights, European Court of Human Rights, ECHR, Human Rights, Supreme Court, Article 8, Right to respect for private and family life, Privacy, Misuse of Private Information, Right to Freedom of Expression, Article 10, Right to free speech, Free speech, Freedom of Speech, Jury trial, Standing, Victim, Permission, Prior restraint, Protection of journalistic sources, s10 Contempt of Court Act 1981, European Commission, Adequacy Decision, UK Adequacy, Data Protection, Data Protection Act 2018, Online Safety Bill, Freedom of Information Act 2000, Compensation, Damages, Satakunnan Markkinapörssi Oy and Satamedia Oy v. Finland [GC] (931/13), Douglas v Hello! Ltd [2001] QB 967, s12 Human Rights Act 1998, Clause 2(a) Bill of Rights, Clause 3(1) Bill of Rights, Clause 3(3)(b) Bill of Rights, Clause 4(1) Bill of Rights, Clause 9(2)(d) Bill of Rights, Clause 15(1) Bill of Rights, Clause 17(3) Bill of Rights, Clause 18(1) Bill of Rights, Clause 21 Bill of Rights, Sir Cliff Richard v (1) BBC and (2) Chief Constable of South Yorkshire Police [2017] EWHC 1291 (Ch), Clause 22 Bill of RightsComment
B.A. B.A. Black Sheep Returns to the Fold
B.A. B.A. Black Sheep Returns to the Fold

British Airways settles data breach group litigation compensation claims, concluding legal and regulatory proceedings following criminal hack

Read More
Nicola CainData Protection Act 2018, GDPR, General Data Protection Regulation, Data Breach, Hack, Data enforcement, Data regulation, Data litigation, Data protection, Lead supervisory authority, ICO, Data controller, Monetary penalty, Administrative fine, Article 83 GDPR, Article 82 GDPR, Compensation, Regulatory Action Policy, TLT & others v Secretary of State for the Home Department & another [2016] EWHC 2217 (QB), Lloyd v Google LLC [2019] EWCA Civ 1599, Data breach costs, Costs, Group litigation, British Airways Data Event Group Litigation, Weaver & others v British Airways plc [2021] EWHC 217 (QB), Weaver & others v British Airways plc [2021] EWHC 520 (QB), Cyber Security, Technical and organisational measures, Article 24 GDPRComment