DPA 2018 — Handley Gill's blog — Handley Gill

LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Posts tagged DPA 2018

Even more reasonable

Even more reasonable

With employers having a matter of weeks to implement reasonable measures to prevent sexual harassment at work to comply with the requirements of the Worker Protection (Amendment of Equality Act 2010) Act 2023, Handley Gill's consultants identify the steps employers should take to establish a sexual harassment prevention programme and associated data protection compliance measures. As Labour's Employment Rights Bill would expand the scope of the employer's duty to take all reasonable measures and to address threats posed by third parties, employers should consider voluntarily expanding the scope of their programme now.

Nicola Cain13 October 2024Human Rights, Discrimination, Equality Act 2010, Sexual Harassment Risk Assessment, Data Protection, UK GDPR, GDPR, DATA PROTECTION ACT 2018, Article 9 UK GDPR, Article 9(2)(b) UK GDPR, Schedule 1 Part 1 paragraph 1 Data Protection Act 2018, DPA 2018, Appropriate Policy Document, SPECIAL CATEGORY PERSONAL DATA, Special Category Data, Worker Protection (Amendment of Equality Act 2010) Act 2023, Employment Rights Bill, ECHR, European Convention on Human Rights, Article 8 European Convention on Human Rights, Article 14 European Convention on Human Rights, Article 10 European Convention on Human Rights, Bill 011 2024-25, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Privacy Policy, Privacy Notice, Article 5 UK GDPR, Data Protection Principles, Data Minimisation, Lawful Basis for Processing, Accuracy, Duty to Prevent Sexual HarassmentComment

#DPPC24

#DPPC24

If you couldn’t make it to the Information Commissioner's Office's (ICO's) Data Protection Practitioners' Conference 2024 (DPPC24), missed a session, were double-booked, couldn’t choose or want to delve deeper into the issues raised by any of the following sessions, Handley Gill's specialist data protection consultants highlight our related content.

At your service

At your service

As the UK’s 58th Prime Minister, Sir Keir Starmer, enters 10 Downing Street following the Labour Party’s landslide victory in the 2024 General Election, Handley Gill’s consultants consider what we can expect for cyber security, data protection, online safety, artificial intelligence (AI), digital markets, content regulation, reputation management, open justice, access to information, human rights and ESG.

Nicola Cain5 July 2024General Election 2024, Labour Party, Data Protection, Personal Data, UK GDPR, Data Protection Act 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003, PECR, DPA 2018, UK GENERAL DATA PROTECTION REGULATION, Online Safety, Online Harms, eSafety, Online Safety Act 2023, Human Rights, Duty of Candour, Equality Act 2010, AI, Artificial Intelligence, Artificial Intelligence (Employment and Regulation) Bill, National Data Library, Regulatory Innovation Office, Reputation Management, Libel, Slander, Malicious Falsehood, Misuse of Private Information, SLAPPs, Leveson 2, Strategic Litigation Against Public Participation Bill, Strategic Litigation Against Public Participation, Media Act 2024, PLATFORM REGULATION, CONTENT REGULATION, Radicalisation, Cyber Security, Cyber Resilience, Strategic Defence Review, Digital Markets, ESG, Environmental Social & Corporate Governance, Paris AgreementComment

Consigned to a watery grave

Consigned to a watery grave

The snap General Election announced by Prime Minister Rishi Sunak for 04 July 2024, and the consequent curtailment of the Parliamentary session, will mean that there will be insufficient time for the remaining Parliamentary stages of the Data Protection and Digital Information Bill, including the House of Lords Report stage which was due to commence from 10 June, to be undertaken prior to the prorogation and dissolution of Parliament.

Nicola Cain22 May 2024Data Protection, Personal Data, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003, PECR, Data Protection and Digital Information (No. 2) Bill, Data Protection and Digital Information Bill, DPDI Bill, DPDI (No.2) Bill, DPDI2 Bill, Data Reform Bill, Data Protection ReformComment

Data Protection Day 2024

Data Protection Day 2024

This Data Protection Day 2024 - aka Data Privacy Day 2024 - on 28 January, Handley Gill Limited’s specialist data protection consultants identify the ways that both data subjects and data controllers can ‘Take Control of Your Data’.

Commended

Team at Handley Gill Limited receive an award commending the legal services provide to its client, the City of London Corporation acting in its capacity as police authority for the City of London Police in connection with the National Police Chiefs’ Council’s (NPCC’s) National Cybercrime Programme, which the City hosts.

It’s a fine life

It’s a fine life

Handley Gill’s specialist data protection consultants respond to the Information Commissioner’s consultation on its draft Data Protection Fining Guidance, which will replace relevant parts of its Regulatory Action Policy (2018) relating to when the issue of a monetary penalty notice is appropriate and the approach to calculating any fine.

Non-sequitur

Non-sequitur

Handley Gill’s specialist data protection consultants consider the conclusions and implications of the College of Policing’s review of Lancashire Constabulary’s handling of the investigation into the disappearance of Nicola Bulley for the processing of personal data for law enforcement purposes by police forces and other competent authorities under Part 3 Data Protection Act 2018.

Freedom from the tyranny of supplementary measures

Freedom from the tyranny of supplementary measures

Handley Gill Limited’s specialist data protection consultants consider the impact of the European Commission’s adequacy decision in respect of the Trans-Atlantic EU-US Data Privacy Framework and the steps controllers and processors should take in relation to transfers of personal data from the EEA and UK to the USA.

Nicola Cain11 July 2023Data Protection, Personal Data, GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Data Transfer, Personal Data Transfer, International Transfers, International data transfers, Safe Harbor, Privacy Shield, EU-US Data Privacy Framework, Transatlantic Data Privacy Framework, Trans-Atlantic Data Privacy Framework, Chapter 5 GDPR, Chapter 5 UK GDPR, Article 44 GDPR, Article 44 UK GDPR, Article 45 GDPR, Article 45 UK GDPR, Article 45(2) GDPR, Article 45(2) UK GDPR, Adequacy Decision, Schrems II, Adequacy Regulations, Section 17A Data Protection Act 2018, S.17A Data Protection Act 2018, S.17A DPA 2018, DPA 2018, Data Protection Act 2018, Standard contractual clauses, Standard data protection clauses, Supplementary Measures, Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, Transfer Risk Assessment, Transfer Impact Assessment, International Data Transfer Agreement, International Data Transfer Addendum, IDTA, SCCs, Modernised SCCs, Modernised Standard Contractual Clauses, Executive Order 14086, Qualifying State, TADPF, US Data Transfers, UK-US Data Bridge, Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, FISA 702, Prism, Upstream, EU-US DPF, Data Controller, Data Processor, Data exporter, Data ImporterComment

Pride 2023: Take pride in your processing

Pride 2023: Take pride in your processing

Effective data protection compliance measures can promote, empower and protect the LGBTQIA+ community and can not only assist organisations in identifying and eliminating discrimination, but also in supporting LGBTQIA+ individuals and enabling them to have their gender identity and sexual orientation recognised.

Nicola Cain26 June 2023DATA PROTECTION, PERSONAL DATA, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, GDPR, GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, SPECIAL CATEGORY PERSONAL DATA, SENSITIVE PERSONAL DATA, SEX LIFE, SEXUAL ORIENTATION, GENDER, PRIDE, LGBTQIA+, Inferred personal data, Data protection impact assessment, DPIA, Article 4(1) UK GDPR, Article 4(1) GDPR, Article 9(1) UK GDPR, Article 9(1) GDPR, Section 10 Data Protection Act 2018, S.10 Data Protection Act 2018, S.10 DPA 2018, Schedule 1 Data Protection Act 2018, Schedule 1 Part 2 paragraph 8 Data Protection Act 2018, Schedule 1 Part 2 paragraph 16 Data Protection Act 2018, Schedule 1 Part 2 paragraph 17 Data Protection Act 2018, Article 5(1)(d) UK GDPR, Article 5(1)(d) GDPR, Article 17 UK GDPR, Article 17 GDPR, Right to be Forgotten, Article 21 UK GDPR, Article 21 GDPR, Article 25 UK GDPR, Article 25 GDPR, Article 5(1)(c) UK GDPR, Article 5(1)(c) GDPR, Appropriate Policy Document, Data ControllerComment

On Hand May 2023

May 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management and digital markets regulation. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain1 June 2023Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003, PECR, Information Commissioner, Data Protection Commission, CONTENT REGULATION, AI, Artificial Intelligence, AI Regulation, Machine Learning, Cyber Security, Cyber Resilience, Digital Markets Regulation, Reputation Management, Defamation, Privacy, Data Privacy, Libel, Slander, Malicious Falsehood, Misuse of Private Information, Breach of Confidence, Data Breach, Press Regulation, Broadcasting, Broadcasting Regulation, Ofcom, Digital Markets Competition & Consumers Bill, European Data Protection Board, EDPB, On Hand, Facial Recognition, Meta Platforms Ireland Limited, Ransomware, Data Protection & Digital Information (No.2) Bill, EU law, Retained EU Law, BREXIT, Brexit Freedoms Bill, Retained EU Law (Revocation and Reform) Bill, Cyber Attack, ESG, Environmental Social & Governance, Environmental, Environmental Social & Corporate Governance, Human Rights, China, Data Transfer, International data transfers, Restricted International Data Transfers, Broadcasting Code, Ofcom Broadcasting Code, Online Safety, Online Harms, eSafety, Open Justice, Reporting Restriction, CHILDREN, Children's Data, Misinformation, Disinformatoin, Disinformation, Illegal Harms, Child Sexual Abuse Regulation, Child Sexual Abuse Material, CSAMComment

On Hand April 2023

April 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management and digital markets regulation. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain30 April 2023Data Protection, Personal Data, GDPR, UK GDPR, Data Protection Act 2018, DPA 2018, Privacy and Electronic Communications Regulations, PECR, Data Reform Bill, Data Protection and Digital Information (No. 2) Bill, Information Commissioner, Content Regulation, AI, Artificial Intelligence, Machine Learning, Cyber Security, Cyber Resilience, Digital Markets Regulation, AI Regulation, Reputation Management, Defamation, Privacy, Data Privacy, Libel, Slander, Malicious Falsehood, Misuse of Private Information, Breach of Confidence, Digital Services Act, Data Subject Rights, Data Subject Rights Request, Data Subject Access Request, Global Cross Border Privacy Rules Forum, IMPRESS, Press Regulation, DSIT, Department for Science Innovation & Technology, Cyber Security Breaches Survey 2023, Digital Markets Competition & Consumers Bill, EDPB, European Data Protection Board, Data Breach, Data Breach Reporting, Data Breach Notification, Facial Recognition, Ofcom, On Hand, Product Security and Telecommunications Infrastructure Act 2002Comment

On Hand March 2023

March 2023 edition of Handley Gill’s monthly digital newsletter, with all the latest developments in data protection, cyber security, AI and machine learning, content regulation, access to information and reputation management. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain21 April 2023On Hand, Data Protection, Personal Data, GDPR, UK GDPR, DPA 2018, Data Protection Act 2018, Data Protection Reform, Data Reform Bill, Data Protection & Digital Information Bill, Data Protection & Digital Information (No.2) Bill, AI, Artificial Intelligence, Machine Learning, Cyber Security, Cyber Resilience, Age Appropriate Design Code, European Data Protection Board, EDPB, Department for Science Innovation & Technology, DSIT, Privacy, Misuse of Private Information, Information Commissioner, ICO, Data Protection Officer, DPO, Data protection Legislation, Information Rights, Access to Information, Freedom of Information Act 2000, FOIA, Human Rights, Content Regulation, Article 8, Article 8 ECHR, Article 8 European Convention on Human Rights, First Tier Tribunal (Information Rights), European Court of Human Rights, Data Breach, Data Breach Reporting, AI Regulation, Reputation Management, Libel, Slander, Defamation, Breach of Confidence, Confidential Information, Open JusticeComment

New and improved?

New and improved?

The Second Reading of, and first chance for Parliament to debate, the government’s second attempt to reform the UK’s data protection legislation, in what it has described as the “improved” and “common-sense-led” Data Protection and Digital Information (No.2) Bill (Bill 265 2022-23) takes place on 17 April 2023. Handley Gill’s specialist data protection consultants consider its impact on the UK’s existing data protection legislation and identify amendments that would improve the Bill.

Nicola Cain17 April 2023Data Protection, Personal Data, GDPR, UK GDPR, Data Protection Act 2018, Data Protection Reform, PECR, DPA 2018, Privacy and Electronic Communications Regulations, Data Reform Bill, Data Protection and Digital Information Bill, Data Protection and Digital Information (No. 2) Bill, Bill 265 2022-23, DPDI Bill, Data: A New Direction, DPDI2 Bill, Bill 143 2022-23, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, DPDI(2) Bill, DPDI (No.2) Bill, Information Commissioner, Information Commission, Supervisory Authority, Department for Culture Media & Sport, Department for Science Technology & Innovation, Department for Science Innnovation & Technology, Department for Science Innovation & Technology, Brexit, Innovation, Code of Practice, Statutory Code of Practice, DATA SUBJECT ACCESS REQUEST, Data Subject Rights, Vexatious or excessive, Approved person, Data subject complaint, Data controller complaint, Statement of Strategic Priorities, Enforcement, Regulatory Enforcement, Interview notices, First Tier Tribunal (Information Rights), Notice of Intent, Monetary Penalty Notice, Definition of personal data, Data Controller, Data ProcessorComment

SIT down...

SIT down...

The Prime Minister, Rishi Sunak, has announced that a new government department is to be created, the Department for Science, Technology & Innovation, which is likely to take on responsibility from DCMS for online safety and data protection.

Watch and learn

Watch and learn

Handley Gill Limited, and its specialist data protection consultants, respond to the Information Commissioner’s (ICO’s) consultation on its draft ‘Employment practices: monitoring at work’ guidance, which addresses the lawfulness of the use of workplace monitoring and surveillance technologies in the workplace (whether office, home or remote working) and on workers’ devices.

HM Coroner vs the Online Safety Bill

HM Coroner vs the Online Safety Bill

As the deadline approaches for the government and social media platforms to respond to HM Coroner’s recommendations in the Prevention of Future Deaths report following the Molly Russell inquest verdict, Handley Gill considers how the recommendations stack up against the provisions of the Online Safety Bill.

Nicola Cain29 November 2022Online Safety, Online Harms, ONLINE SAFETY BILL, Bill 285 2021-22, Bill 004 2022-23, Bill 121 2022-23, eSafety, Content Moderation, Intermediary Liability, Social Media, Molly Russell, Molly Russell Inquest, Regulation 28 Coroners (Investigations) Regulations 2013, Regulation 29 Coroners (Investigations) Regulations 2013, Schedule 5 paragraph 7 Coroners and Justice Act 2009, HM Coroner, Chief Coroner, Ofcom, Roadmap to Regulation, Online Safety Regulator, Online Harms Regulator, UK GDPR, UK General Data Protection Regulation, Data Protection Act 2018, DPA 2018, Age Verification, Children’s Risk Assessment, Safety duties protecting children, Harmful content, Primary priority content that is harmful to children, Self-Harm, Digital Regulation Co-operation Forum, DRCF, CMA, Competition & Markets Authority, Information Commissioner, ICO, FCA, Financial Conduct Authority, Advertising, Algorithm, Algorithmic Accountability, Algorithmic TransparencyComment

Take Two

Take Two

Handley Gill Limited’s response to the Information Commissioner’s second consultation on the draft statutory ‘Data protection and journalism code of practice’, on the processing of personal data for the purpose of journalism under the UK GDPR and Data Protection Act 2018. The ICO is obliged by s.124 Data Protection Act 2018 to prepare and submit the code to the Secretary of State at the Department for Digital, Culture, Media & Sport (DCMS) for it to be laid before Parliament.

Risky business

New guidance issued by the Information Commissioner’s Office on the approach to assessing the risk of restricted ex-UK international data transfers may ease restrictions on transfers of personal data to the US and presents an opportunity to revisit ex-UK international data transfers that had previously been rejected as non-compliant.

Nicola Cain20 November 2022Data Protection, Personal Data, GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Article 46 GDPR, Article 46 UK GDPR, Article 46(2)(c) UK GDPR, Article 46(2)(c) GDPR, DATA PROTECTION ACT 2018, DPA 2018, Data Transfer, US Data Transfers, Restricted Data Transfer, International data transfers, Restricted International Data Transfers, DPC22, Emma Bate, Information Commissioner's Office, Information Commissioner, ICO, EDPB, European Data Protection Board, International Data Transfer Risk Assessment, IDTRA, Transfer Risk Assessment, TRA, Data export, Personal Data Export, Data Exporter, Supplementary Measures, Data Controller, Data Processor, Data Importer, Schrems II, C-311/18, Transatlantic Data Privacy Framework, Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, Appropriate Safeguards, Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, EDPB Recommendation 01/2020, International Data Transfer Agreement, International Data Transfer Addendum, IDTA, Standard Contractual Clauses, Modernised Standard Contractual Clauses, International Transfers, Privacy, Data Privacy, Human Rights, Transfer Risk Assessment Tool, Data Protection & Digital Information Bill, Adequacy Decision, UK Adequacy, Bill of Rights, Transfer Impact Assessment, TIAComment

Biden waves Privacy Magic Wand

Biden waves Privacy Magic Wand

President Biden issued Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities on 07 October 2022, enhancing the safeguards afforded to global citizens and laying the foundation for adequacy findings by the European Commission and Secretary of State for ex-EEA and ex-UK restricted international data transfers. While the risk of legal challenge to any adequacy finding would remain, such findings would provide welcome respite for the millions of data exporters who are neither equipped nor resourced to conduct wide ranging reviews of foreign legislation at an individual level.

Nicola Cain8 October 2022Data Protection, Personal Data, GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, Article 45 GDPR, Article 45(2) GDPR, Article 46 GDPR, UK GDPR, Article 45(2) UK GDPR, Data Protection Act 2018, DPA 2018, Section 74A Data Protection Act 2018, S.74A Data Protection Act 2018, International Data Transfers, Restricted International Data Transfers, Adequacy Decision, Adequate Countries, Qualifying State, international Data Transfer Risk Assessment, Safe Harbor, Privacy Shield, Transatlantic Data Privacy Framework, Trans-Atlantic Data Privacy Framework, Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities, Max Schrems, noyb, Schrems II, Case C 311/18, CJEU, Secretary of State for Digital Culture Media & Sport, Michelle Donelan MP, European Commission, President Ursula von der Leyen, President Joe Biden, US Secretary of Commerce, Gina Raimondo, European Data Protection Board, Civil Liberties Protection Officer of the Office of the Director of National Intelligence, Civil Liberties Protection Officer, Privacy and Civil Liberties Oversight Board, Privacy and Civil Liberties Officer, Presidential Policy Directive 28 of January 17, 2014 (Signals Intelligence Activities) (PPD-28), Inspector General, Data Protection Review Court, Executive Order 14086, Executive Order on Enhancing Safeguards for United States Signals Intelligence ActivitiesComment