Handley Gill
LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Handley Gill Limited

Our expert consultants at Handley Gill share their knowledge and advice on emerging data protection, privacy, content regulation, reputation management, cyber security, and information access issues in our blog.

Posts tagged EUROPEAN COMMISSION
Best Before: 21 March 2024
Best Before: 21 March 2024

Handley Gill’s specialist data protection consultants highlight the forthcoming deadline for data controllers to review and, if necessary, update the safeguards relied upon as the lawful basis for conducting transfers of personal data from the UK to overseas where these currently rely upon the old European Commission standard contractual clauses / model clauses, including guidance on the actions that need to be taken.

Read More
Nicola CainData Protection, Personal Data, UK GDPR, Data Transfer, International data transfers, Restricted International Data Transfers, Article 46(2)(d) UK GDPR, BREXIT, Standard contractual clauses, SCCs, Modernised SCCs, Modernised Standard Contractual Clauses, Standard data protection clauses, Information Commissioner, Information Commissioner's Office, International Data Transfer Agreement, IDTA, International Data Transfer Addendum, EUROPEAN COMMISSION, Model clauses, European Commission Decision 2001/497/EC, European Commission Decision 2010/87/EU, DATA PROTECTION ACT 2018, Schedule 21 Part 3 para.7 Data Protection Act 2018, The Data Protection Privacy & Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), International Data Transfer Risk Assessment, International Data Transfer Impact Assessment, Transfer Risk Assessment, Transfer Impact Assessment, Transfer Risk Assessment Tool, Appropriate Safeguards, Commission Implementing Decision (EU) 2021/914 of 4 June 2021Comment
Certify...certify me!
Certify...certify me!

Handley Gill’s specialist data protection consultants consider the options and certification requirements for US entities importing personal data from the EEA following the adoption of the European Commission’s adequacy decision in respect of the Trans-Atlantic EU-US Data Privacy Framework, providing a lawful basis for transferring personal data to the US under the GDPR.

Read More
Nicola CainData Protection, Data Privacy, PERSONAL DATA, GDPR, General Data Protection Regulation, GENERAL DATA PROTECTION REGULATION, Regulation (EU) 2016/679, Data Transfer, Restricted International Data Transfers, Restricted Data Transfer, International Transfers, International data transfers, US Data Transfers, EU-US DPF, EU-US Data Privacy Framework, SCCs, Modernised SCCs, Supplementary Measures, Transatlantic Data Privacy Framework, Trans-Atlantic Data Privacy Framework, Transfer Risk Assessment, Transfer Impact Assessment, Transfer Risk Assessment Tool, Data transfer agreement, TADPF, Trans-Atlantic EU-US Data Privacy Framework, Trans-Atlantic EU-US Data Privacy Framework Principles, DPF Principles, Privacy Shield, Privacy Shield Principles, EU-US DPF Certification, Privacy Shield Certification, Privacy Shield Self-Certification, Schrems II, Personal Data Transfer, Personal Data Export, Data exporter, Data Importer, Safe Harbor, Chapter 5 GDPR, Article 44 GDPR, Article 45 GDPR, Adequacy Decision, US Adequacy Decision, EUROPEAN COMMISSION, C(2023) 4745, TADPF Certification, Data Controller, Data Processor, Data ExporterComment
A bridge to nowhere?
A bridge to nowhere?

A commitment to establishing a UK-US data bridge, which would take the form of adequacy regulations being issued by the Secretary of State pursuant to section 17A Data Protection Act 2018, has been announced. Since this bridge is likely to be contingent on the European Commission issuing its own adequacy decision, and the draft has recently been rejected by the European Parliament, data exporters will be reliant on the Commission ramming through the roadblock or will find themselves stuck in traffic on the UK-US data flyover.

Read More
Nicola CainData Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Privacy Shield, Schrems II, Transatlantic Data Privacy Framework, Adequacy Decision, EUROPEAN COMMISSION, Safe Harbor, Adequacy Regulations, UK Adequacy, Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities, EU-US Data Privacy Framework, UK-US Data Bridge, Chapter 5 GDPR, Chapter 5 UK GDPR, Article 45 GDPR, Article 45 UK GDPR, Article 46 GDPR, Article 46 UK GDPR, Data Protection Act 2018, Section 17A Data Protection Act 2018, s17A Data Protection Act 2018, Qualifying State, Executive Order 14086, TADPF, European Parliament, Committee on Civil Liberties, Committee on Civil Liberties Justice & Home Affairs, LIBE Committee, European Data Protection Board, EDPB, Opinion 5/2023, German-American Data Protection Day, DoJ, Department of Justice, Standard contractual clauses, Standard data protection clauses, Supplementary Measures, Transfer Risk Assessment, Transfer Impact Assessment, Derogation, Data Transfer, Data transfer agreement, US Data Transfers, International Transfers, International data transfers, International Data Transfer Risk Assessment, Data Controller, Data Processor, Data exporter, Data ImporterComment
GDPR-versary
GDPR-versary

Handley Gill Limited’s specialist consultants have compiled 5 facts about the application of the General Data Protection Regulation (GDPR) to mark the 5th anniversary of the GDPR taking effect across the EEA on 25th May 2023. Happy 5th birthday GDPR!

Read More
Nicola CainData Protection, Personal Data, GDPR, GDPR Anniversary, EU Law, Retained EU Law, Retained EU Law (Revocation and Reform) Bill, Brexit, Data Protection Enforcement, Data Protection Legislation, Data Breaches, Data Breach Statistics, Data Breach Notification, Data Breach Reporting, Administrative fine, AEPD, Agencia Espanola de Proteccion de Datos, Data Protection Commission, Supervisory Authority, EUROPEAN COMMISSION, Adequacy Decision, General Data Protection Regulation, Regulation (EU) 2016/679, Meta Platforms Ireland LimitedComment
See ya SCCs, enter the IDTA
See ya SCCs, enter the IDTA

New data processing or other sharing agreements governed by the UK GDPR, which are entered into on or after Thursday 22 September 2022 and which involve the export of personal data from the UK to third countries and will rely on appropriate safeguards under Article 46 UK GDPR in the form of standard data protection clauses, can no longer rely on the standard contractual clauses (SCCs) or ‘model clauses’ issued by the European Commission and valid as at 31 December 2020 and must instead incorporate the International Data Transfer Agreement or modernised SCCs and International Data Transfer Addendum.

Read More
Nicola CainData Protection, Data Protection Act 2018, GDPR, UK GDPR, General Data Protection Regulation, UK General Data Protection Regulation, EUROPEAN COMMISSION, Information Commissioner, SchremsII, Schrems II, Standard contractual clauses, SCCs, Modernised Standard Contractual Clauses, Modernised SCCs, International data transfers, International Data Transfer Agreement, IDTA, International Data Transfer Addendum, International Data Transfer Risk Assessment, Article 46 UK GDPR, Article 46 GDPR, Model clauses, European Commission Decision 2001/497/EC, European Commission Decision 2010/87/EU, Brexit, UK-EU Withdrawal Agreement, Article 46(2)(c) UK GDPR, Article 46(2)(d) UK GDPR, Article 46(2)(d) GDPR, Standard data protection clauses, The Data Protection Privacy & Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), Schedule 21 Part 3 para.7 Data Protection Act 2018, Data transfer agreement, Data exporter, Commission Implementing Decision (EU) 2021/914, Data Controller, Data Processor, Data Exporter, Data ImporterComment
DCMS SoS?
DCMS SoS?

Handley Gill considers the impact of the new Prime Minister, Liz Truss, and Secretary of State at the Department for Digital, Culture, Media and Sport, for the Online Safety Bill and the Data Protection and Digital Information Bill.

Read More
Nicola CainDCMS, Department for Digital Culture Media & Sport, Online Safety, ONLINE SAFETY BILL, Online Harms, Data Protection, Data Protection and Digital Information Bill, Liz Truss, Nadine Dorries, Michelle Donelan, Kemi Badenoch, Secretary of State for Digital Culture Media and Sport, Bill 121 2022-23, Bill 143 2022-23, PMQs, Sir Jeremy Wright, Prime Minister, Children, Data Protection Reform, GDPR, UK GDPR, DATA PROTECTION ACT 2018, PECR, Privacy and Electronic Communications Regulations, BREXIT, Data: A New Direction, Adequacy Decision, UK Adequacy, EUROPEAN COMMISSIONComment
Rishi’s capital gains?
Rishi’s capital gains?

Former Chancellor and Conservative Party leadership candidate Rishi Sunak’s promise that one of his top priorities will be the removal of the burdens of the GDPR need not be interpreted as a significant departure from the proposals for the Data Reform Bill set out in the Government’s response to the Data: A New Direction consultation, but it will rely on the European Commission adopting equality of approach and not seeking to punish the UK for Brexit.

Read More
Nicola CainData Protection, Personal Data, GDPR, UK GDPR, Data Protection Act 2018, PECR, Privacy and Electronic Communications Regulations, Data Protection Reform, Data: A New Direction, Data Reform Bill, Queen's Speech, Bill of Rights, EUROPEAN COMMISSION, Adequacy Decision, UK Adequacy, Brexit, International data transfers, Transatlantic Data Privacy Framework, Conservative Party, Conservative Party Leader, Prime Minister, Rishi Sunak, Data Protection & Digital Information BillComment
Pile Up Ahead?
Pile Up Ahead?

Handley Gill comments on the Government’s response to the ‘Data: A New Direction’ consultation, which previews the content of the forthcoming Data Reform Bill, and identifies other issues which would merit being addressed in the proposed legislation.

Read More
Nicola CainHandley Gill LimitedPERSONAL DATA, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, PECR, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, DATA: A NEW DIRECTION, DATA PROTECTION REFORM, BREXIT, NATIONAL DATA STRATEGY, CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA, POLITICAL PROCESSING, ARTICLE 6 UK GDPR, SPECIAL CATEGORY PERSONAL DATA, SCHEDULE 1 DATA PROTECTION ACT 2018, ANONYMITY, ANONYMOUS DATA, ARTICLE 4(1) UK GDPR, THE COUNCIL OF EUROPE’S CONVENTION 108, THE COUNCIL OF EUROPE CONVENTION 108, PRIVACY MANAGEMENT PROGRAMME, DATA PROTECTION OFFICER, ARTICLE 37 UK GDPR, DATA PROTECTION IMPACT ASSESSMENT, DPIA, ARTICLE 35 UK GDPR, ARTICLE 30 UK GDPR, RECORDS OF PROCESSING ACTIVITIES, ARTICLE 36 UK GDPR, PRIOR CONSULTATION, ARTICLE 12(5) UK GDPR, MANIFESTLY UNFOUNDED OR EXCESSIVE, VEXATIOUS OR EXCESSIVE, ARTICLE 45(2) UK GDPR, INTERNATIONAL DATA TRANSFERS, ADEQUACY DECISION, S.17B(1) DATA PROTECTION ACT 2018, COOKIES, COOKIE CONSENT, REGULATION 6 PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, REGULATION 22(2) PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, SOFT OPT-IN, MARKETING, INFORMATION COMMISSIONER, EXPERT PANEL, ENFORCEMENT, MONETARY PENALTY NOTICE, ARTICLE 15 UK GDPR, DATA SUBJECT ACCESS REQUEST, SUBJECT ACCESS REQUEST, BILL OF RIGHTS, EUROPEAN COURT OF HUMAN RIGHTS, UK SUPREME COURT, SUPREME COURT, EUROPEAN COMMISSION, COMMISSION IMPLEMENTING DECISION C(2021) 4800, Data Protection & Digital Information BillComment