DATA PROTECTION ACT 2018 — Handley Gill's blog — Handley Gill

LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Posts tagged DATA PROTECTION ACT 2018

Back on the Data Protection Reform Merry-Go-Round

Back on the Data Protection Reform Merry-Go-Round

The new Labour government has today (23 October 2024) introduced the Data (Use and Access) Bill in the House of Lords, in the latest attempt to reform the UK’s data protection laws as set out in the UK GDPR, Data Protection Act 2018, Data Protection Act 1998 and Privacy and Electronic Communications Regulations.

Even more reasonable

Even more reasonable

With employers having a matter of weeks to implement reasonable measures to prevent sexual harassment at work to comply with the requirements of the Worker Protection (Amendment of Equality Act 2010) Act 2023, Handley Gill's consultants identify the steps employers should take to establish a sexual harassment prevention programme and associated data protection compliance measures. As Labour's Employment Rights Bill would expand the scope of the employer's duty to take all reasonable measures and to address threats posed by third parties, employers should consider voluntarily expanding the scope of their programme now.

Nicola Cain13 October 2024Human Rights, Discrimination, Equality Act 2010, Sexual Harassment Risk Assessment, Data Protection, UK GDPR, GDPR, DATA PROTECTION ACT 2018, Article 9 UK GDPR, Article 9(2)(b) UK GDPR, Schedule 1 Part 1 paragraph 1 Data Protection Act 2018, DPA 2018, Appropriate Policy Document, SPECIAL CATEGORY PERSONAL DATA, Special Category Data, Worker Protection (Amendment of Equality Act 2010) Act 2023, Employment Rights Bill, ECHR, European Convention on Human Rights, Article 8 European Convention on Human Rights, Article 14 European Convention on Human Rights, Article 10 European Convention on Human Rights, Bill 011 2024-25, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Privacy Policy, Privacy Notice, Article 5 UK GDPR, Data Protection Principles, Data Minimisation, Lawful Basis for Processing, Accuracy, Duty to Prevent Sexual HarassmentComment

#DPPC24

#DPPC24

If you couldn’t make it to the Information Commissioner's Office's (ICO's) Data Protection Practitioners' Conference 2024 (DPPC24), missed a session, were double-booked, couldn’t choose or want to delve deeper into the issues raised by any of the following sessions, Handley Gill's specialist data protection consultants highlight our related content.

Not so instant compliance

Not so instant compliance

As Meta announces the introduction of Instagram Teen Accounts for users in the UK, USA, Canada and Australia, Handley Gill’s specialist data protection and online trust and safety consultants consider the global laws and regulations that have spurred this change, and the role of the Information Commissioner’s Children’s Code aka the Age Appropriate Design Code, the UK Online Safety Act 2023, the US’ Kids Online Safety Act (‘KOSA’) and the Children and Teen’s Online Privacy Protection Act (‘COPPA 2.0’).

Nicola Cain19 September 2024Online Safety, Online Harms, eSafety, Online Safety Act 2023, Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Information Commissioner, Information Commissioner's Office, ICO, Children's Code, Age Appropriate Design Code, Social Media, Information Society Services, CHILDREN, Children's Data, Likely to be accessed by children, Trust and Safety, Privacy Settings, Meta, Instagram, Teen Accounts, KOSA, Kids Online Safety Act, Age Assurance, Age Verification, Enforcement, Data Protection Enforcement, Children and Teen’s Online Privacy Protection Act, COPPA, COPPA 2.0, Children's Code Strategy, ICO Children's Code Strategy, Protecting Children's Privacy Online, SMPs, Social Media Platforms, VSPs, Video Sharing Platforms, Platform Liability, Ofcom, Protecting Children from Harms Online, Children's Safety CodeComment

On Hand August 2024

August 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, online safety, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 August 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, Cyber Resilience, CONTENT REGULATION, Content Moderation, Online Safety, Online Harms, eSafety, Reputation Management, Libel, Slander, Malicious Falsehood, Misuse of Private Information, Privacy, Article 8 European Convention on Human Rights, Confidential Information, Breach of Confidence, Freedom of Expression, Freedom of Speech, Free speech, Article 10 European Convention on Human Rights, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, EIRs, AI, Artificial Intelligence, Digital Markets, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Information Commissioner, ICO, Monetary Penalty Notice, International data transfers, Restricted International Data Transfers, Media Act 2024, Generative AI & Data Protection, Generative AI, Generative Artificial Intelligence, CMA, Competition & Markets Authority, Children's Code, Institute of Directors, IoD, Responsible Business, FCA, Financial Conduct Authority, Data Protection Commission, Leveson, Press Recognition Panel, Press Regulation, Media Regulation, Data Controller, Data Protection Fee, Online Safety Act 2023, Illegal Harms, Digital Markets Competition & Consumers Act, DMCCAComment

Holiday packing list

Holiday packing list

With the summer holiday season in full swing, Handley Gill Limited’s specialist data protection and cyber resilience consultants consider the data protection and information security risks of staff taking data and devices used for business purposes overseas and the practical measures that organisations can take to safeguard data subject to border control powers.

On Hand July 2024

July 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, online safety, open justice, access to information, reputation management and free speech, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 July 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, CONTENT REGULATION, Content Moderation, Reputation Management, Libel, Slander, Defamation, Malicious Falsehood, Misuse of Private Information, Privacy, Confidential Information, Breach of Confidence, Article 8 European Convention on Human Rights, Free speech, Freedom of Speech, Freedom of Expression, Article 10 European Convention on Human Rights, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, AI, Artificial Intelligence, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Online Safety, Online Harms, eSafety, EU AI Act, Online Safety Act 2023, Digital Markets Act, Cookies, Contempt, EU Corporate Sustainability Due Diligence Directive, Information Commissioner, ICO, Information Commissioner's Office, Data Subject Rights, Data protection impact assessment, DPIAComment

On Hand May 2024

The May 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 May 2024On Hand, Cyber Security, Information Security, Cyber Attack, Data Breach, Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, Data Protection and Digital Information Bill, DPDI Bill, Information Commissioner, Information Commissioner's Office, EDPB, European Data Protection Board, Artificial Intelligence, AI, AI Regulation, Machine Learning, Algorithmic Accountability, Algorithm Transparency, Open Justice, Freedom of Information Act 2000, Environmental Information Regulations 2004, Access to Information, CONTENT REGULATION, Broadcasting Code, Broadcasting Regulation, VSPs, Video Sharing Platforms, Reputation Management, Defamation, Libel, Slander, Misuse of Private Information, Privacy, Data Privacy, Digital Markets, Human Rights, Human Rights Act 1998, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, OFCOMComment

Consigned to a watery grave

Consigned to a watery grave

The snap General Election announced by Prime Minister Rishi Sunak for 04 July 2024, and the consequent curtailment of the Parliamentary session, will mean that there will be insufficient time for the remaining Parliamentary stages of the Data Protection and Digital Information Bill, including the House of Lords Report stage which was due to commence from 10 June, to be undertaken prior to the prorogation and dissolution of Parliament.

Nicola Cain22 May 2024Data Protection, Personal Data, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003, PECR, Data Protection and Digital Information (No. 2) Bill, Data Protection and Digital Information Bill, DPDI Bill, DPDI (No.2) Bill, DPDI2 Bill, Data Reform Bill, Data Protection ReformComment

Breach? Don’t preach! Take some good advice!

Breach? Don’t preach! Take some good advice!

Has a cyber incident got you in an awful mess and you don’t mean maybe? What if a data breach leaves you in trouble deep? From the hacker they warned you all about? You need some good advice… and an incident response plan!

Now you see me...

Now you see me...

As police forces are encouraged by the government to expand their use of live facial recognition technologies, with the Prime Minister announcing additional funding, Handley Gill Limited’s specialist consultants consider the legal issues that arise and the actions that Chief Constables and forces must take prior to deploying or even procuring LFR for law enforcement purposes.

Nicola Cain15 April 2024Data Protection, Personal Data, Part 3 DPA 2018, Part 3 Data Protection Act 2018, Law Enforcement, Law Enforcement Processing, Police, Policing, Biometric data, Biometric Processing, Sensitive Processing, Human Rights, DATA PROTECTION ACT 2018, Human Rights Act 1998, Article 8, Article 8 ECHR, Article 8 European Convention on Human Rights, Article 14 ECHR, Article 14 European Convention on Human Rights, Facial Recognition, Live Facial Recognition, LFR, Public Sector Equality Duty, PSED, Discrimination, Bias, Surveillance, Surveillance Camera Commissioner, Biometrics Commissioner, Data protection impact assessment, DPIA, Appropriate Policy Document, Equality Impact Assessment, Community Impact Assessment, Human Rights Impact Assessment, Cyber Security Risk Assessment, Integrated Impact Assessment, Model Card, Algorithmic Impact Assessment, Algorithmic Transparency Report, Algorithmic Transparency, Data Processing Agreement, Data Sharing Agreement, Joint Controller Agreement, Privacy Policy, Privacy Notice, House of Lords Justice & Home Affairs CommitteeComment

On Hand March 2024

The March 2024 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain31 March 2024Data Protection, PERSONAL DATA, GDPR, General Data Protection Regulation, Regulation, Regulation (EU) 2016/679, UK GENERAL DATA PROTECTION REGULATION, UK GDPR, DATA PROTECTION ACT 2018, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, PECR, ePrivacy Directive, Data Privacy, Cyber Security, Information Security, CONTENT REGULATION, Content Moderation, Reputation Management, Libel, Slander, Malicious Falsehood, Defamation, Misuse of Private Information, Privacy, Article 8 European Convention on Human Rights, Article 8 ECHR, Article 7 European Charter of Fundamental Freedoms, Article 8 European Charter of Fundamental Freedoms, Charter of Fundamental Rights of the European Union, Freedom of Speech, Free speech, Freedom of Expression, Article 10 European Convention on Human Rights, Article 10 ECHR, Open Justice, Access to Information, Freedom of Information Act 2000, FOIA, Environmental Information Regulations 2004, EIRs, Artificial Intelligence, AI, Digital Markets Regulation, Human Rights, Human Rights Act 1998, European Convention on Human Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate GovernanceComment

Best Before: 21 March 2024

Best Before: 21 March 2024

Handley Gill’s specialist data protection consultants highlight the forthcoming deadline for data controllers to review and, if necessary, update the safeguards relied upon as the lawful basis for conducting transfers of personal data from the UK to overseas where these currently rely upon the old European Commission standard contractual clauses / model clauses, including guidance on the actions that need to be taken.

Nicola Cain13 March 2024Data Protection, Personal Data, UK GDPR, Data Transfer, International data transfers, Restricted International Data Transfers, Article 46(2)(d) UK GDPR, BREXIT, Standard contractual clauses, SCCs, Modernised SCCs, Modernised Standard Contractual Clauses, Standard data protection clauses, Information Commissioner, Information Commissioner's Office, International Data Transfer Agreement, IDTA, International Data Transfer Addendum, EUROPEAN COMMISSION, Model clauses, European Commission Decision 2001/497/EC, European Commission Decision 2010/87/EU, DATA PROTECTION ACT 2018, Schedule 21 Part 3 para.7 Data Protection Act 2018, The Data Protection Privacy & Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), International Data Transfer Risk Assessment, International Data Transfer Impact Assessment, Transfer Risk Assessment, Transfer Impact Assessment, Transfer Risk Assessment Tool, Appropriate Safeguards, Commission Implementing Decision (EU) 2021/914 of 4 June 2021Comment

Commended

Team at Handley Gill Limited receive an award commending the legal services provide to its client, the City of London Corporation acting in its capacity as police authority for the City of London Police in connection with the National Police Chiefs’ Council’s (NPCC’s) National Cybercrime Programme, which the City hosts.

It’s a fine life

It’s a fine life

Handley Gill’s specialist data protection consultants respond to the Information Commissioner’s consultation on its draft Data Protection Fining Guidance, which will replace relevant parts of its Regulatory Action Policy (2018) relating to when the issue of a monetary penalty notice is appropriate and the approach to calculating any fine.

Non-sequitur

Non-sequitur

Handley Gill’s specialist data protection consultants consider the conclusions and implications of the College of Policing’s review of Lancashire Constabulary’s handling of the investigation into the disappearance of Nicola Bulley for the processing of personal data for law enforcement purposes by police forces and other competent authorities under Part 3 Data Protection Act 2018.

King's Speech 2023

King's Speech 2023

Handley Gill’s consultants highlight and consider the content of the King’s Speech at the State Opening of Parliament 2023, and the implications for those with an interest in data protection, privacy, freedom of expression, online safety, cyber security, broadcasting and VOD regulation, digital markets regulation and/or artificial intelligence.

Nicola Cain7 November 2023King's Speech, King's Speech 2023, Kings Speech, Kings Speech 2023, Data Protection, Personal Data, State Opening of Parliament, 2023-24 Parliamentary Session, Data Protection Reform, Data Protection & Digital Information Bill, Data Protection & Digital Information (No.2) Bill, DPDI Bill, DPDI (No.2) Bill, DPDI2 Bill, DPDI(2) Bill, General Data Protection Regulation, GDPR, UK GENERAL DATA PROTECTION REGULATION, UK GDPR, King Charles III, DATA PROTECTION ACT 2018, Brexit, PECR, Privacy & Electronic Communications Regulations, Digital Markets, Competition and Consumers Bill, Digital Markets Competition & Consumers Bill, Digital Markets Regulation, Draft Media Bill, DCMS Committee, Commons Culture Media & Sport Committee, Broadcasting, Public Service Broadcasting, PSBs, Broadcasting Regulation, Ofcom, Video on Demand, Video Streaming Sites, VOD, s.40 Crime and Courts Act 2013, Section 40 Crime and Courts Act 2013, Listed Events, Bill of Rights, Confidential Source, Injunction, Injunctive Relief, SLAPPs, Strategic Lawsuits Against Public Participation, Strategic Lawsuit Against Public Participation, Freedom of Speech, Freedom of Expression, Privacy, Criminal Justice Bill, Investigatory Powers (Amendment) Bill, Online Safety Act 2023, Encryption, Technology, Technology Regulation, TECH REGULATION, Comprehensive and Progressive Agreement for Trans-Pacific Partnership, CPTPP, Artificial Intelligence, AIComment

PSNI Blues

PSNI Blues

Reflecting on the reprimand issued by the Information Commissioner against the Police Service of Northern Ireland (PSNI) for unlawfully transferring personal data processed for the law enforcement purposes under Part 3 Data Protection Act 2018 to the USA, Handley Gill’s consultants identify the elements of a compliance programme that would mitigate against such incidents and have produced a downloadable pdf illustrating each lawful basis for transferring personal data processed under Part 3 DPA 2018 overseas.

Britain's Got Talent's Got Problems

Britain's Got Talent's Got Problems

Handley Gill Ltd’s specialist consultants provide initial comment and analysis on The Sun’s report of David Walliams’ data protection claim against one of the co-producers of ITV’s Britain’s Got Talent, Fremantle Media, including the nature of the claim, potential defences and the sums being claimed. The claim arises from the the leak of a transcript of comments made by Walliams on set to The Guardian in November 2022.

Nicola Cain8 October 2023Data Protection, Personal Data, Data Protection Act 1998, GDPR, General Data Protection Regulation, DATA PROTECTION ACT 2018, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Data Breach, Data Litigation, Sensitive Personal Data, SPECIAL CATEGORY PERSONAL DATA, S.2 Data Protection Act 1998, S.32 Data Protection Act 1998, Special Purposes Processing, Special Purposes Exemption, Journalism Art or Literature, Article 9 GDPR, Article 9 UK GDPR, Data Protection Offences, s.170 Data Protection Act 2018, S.170 DPA 2018, Right to Erasure, Right to be Forgotten, Article 17 GDPR, Article 17 UK GDPR, WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12, TLT v Secretary of State for the Home Department [2016] EWHC 2217 (QB), Sir Cliff Richard v (1) BBC and (2) Chief Constable of South Yorkshire Police [2017] EWHC 1291 (Ch), Article 33 GDPR, Article 33 UK GDPR, Personal Data Breach Record, Breach Log, Data protection impact assessment, DPIA, Legitimate Interests Assessment, LIA, Retention Schedule, Privacy Notice, Data Controller, Vicarious LiabilityComment

UK-US data bridge open for traffic

UK-US data bridge open for traffic

Handley Gill’s specialist data protection consultants consider the implications of The Data Protection (Adequacy) (United States of America) Regulations 2023 (SI 2023/1028) for data exporters subject to the UK GDPR conducting personal data transfers from the UK to the USA and what action should be taken.