UK GDPR — Handley Gill's blog — Handley Gill

AWARD-WINNING LEGAL & REGULATORY COMPLIANCE CONSULTANTS

Posts tagged UK GDPR

On Hand March 2025

March 2025 edition of Handley Gill’s monthly digital newsletter, On Hand, with all the latest developments in data protection (UK, EU and global), cyber security, AI and machine learning, content regulation, open justice, access to information, reputation management, digital markets regulation, human rights & ESG. Presented in a readily digestible digital format, those who prefer the traditional newsletter format can export the newsletter to pdf.

Nicola Cain1 April 2025Cyber Security, Cyber Resilience, Information Security, Data Protection, PERSONAL DATA, GDPR, UK GDPR, Data Protection Act 2018, PECR, ePrivacy Directive, Artificial Intelligence, Machine Learning, AI, EU AI Act, Content Regulation, ICO, Information Commissioner, Ofcom, IPSO, Online Safety, Online Harms, eSafety, Online Safety Act 2023, Open Justice, Access to Information, Freedom of Information Act 2000, Environmental Information Regulations 2004, Reputation Management, Defamation, Libel, Slander, Privacy, Misuse of Private Information, Freedom of Expression, Free speech, Breach of Confidence, Confidentiality, Digital Markets, Digital Markets Regulation, Competition & Markets Authority, Human Rights, Human Rights Act 1998, ECHR, European Convention on Human Rights, Fundamental Rights, ESG, Environmental Social & Governance, Environmental Social & Corporate GovernanceComment

Common Cause III

Common Cause III

Handley Gill’s specialist data protection consultants report on the final sessions of the House of Commons Public Bill Committee on the Data (Use and Access) Bill on 11 March 2025, when the government reversed several amendments made in the House of Lords.

Child Development

Child Development

Handley Gill’s specialist data protection consultants summarise and comment on the efficacy of the Information Commissioner’s strategy to enforce its Age Appropriate Design Code aka the Children’s Code, the likely targets of future enforcement activity and, the impact of regulatory co-operation with Ofcom.

Nicola Cain21 March 2025Data Protection, PERSONAL DATA, UK GDPR, Data Protection Act 2018, Section 123 Data Protection Act 2018, Age Appropriate Design Code, Children's Code, Children's Code Strategy, Information Commissioner, Information Commissioner's Office, ICO, Children's Data, Children's Personal Data, Online Safety, Online Harms, UNCRC, UN Convention on the Rights of the Child, Geolocation, Privacy by Design, Profiling, Targeted Advertising, Personalised Advertising, Behavioural Advertising, Recommendation Algorithms, Recommendation Systems, VSPs, VIDEO SHARING PLATFORMS, Social Media, Age Assurance, Age Verification, Consent, Lawful Basis for Processing, Children's Access Assessment, AI, Artificial Intelligence, AI Regulation, Generative AI, Generative Artificial Intelligence, Generative AI & Data ProtectionComment

Common Cause II

Common Cause II

Handley Gill’s specialist data protection consultants report on the first sittings of the House of Commons Public Bill Committee on the Data (Use and Access) Bill on 04 March 2025, when the government reversed several amendments made in the House of Lords.

Choking off harmful online pornographic content

Choking off harmful online pornographic content

Handley Gill’s specialist content moderation, online safety and responsible AI consultants consider the report of the Independent Pornography Review carried out by Baroness Bertin, which has implications not only for platforms hosting pornographic content but for producers, adult performers and creators, ancillary service providers, advertisers, AI developers and regulators.

Nicola Cain6 March 2025Online Safety, Online Harms, Online Safety Act, Online Safety Act 2023, Part 5 Online Safety Act 2023, Independent Pornography Review, Content Moderation, Content Regulation, Artificial Intelligence, Generative Artificial Intelligence, Generative AI, AI Regulation, Artificial Intelligence Regulation, Non-consensual intimate image abuse, Adult Content, Pornography, Pornographic Content Services, Section 81 Online Safety Act 2023, Safety Duties, Safety by Design, Baroness Bertin, Video Recordings Act 1984, Licensing Act 2003, Obscene Publications Act 1959, Ofcom, Ofcom Broadcasting Code, British Board of Film Classification, BBFC, BBFC Classification Guidelines, Section 63 Criminal Justice and Immigration Act 2008, UK GDPR, Article 21 UK GDPR, Lawful Basis for Processing, Special Purposes Exemption, ESG, Environmental Social & Governance, Environmental Social & Corporate GovernanceComment

Keeling Over

Keeling Over

Unofficial Keeling schedules demonstrating the effect that the Data (Use & Access) Bill (Bill 179 20224-25) (as brought from the Lords) will have on the Data Protection Act 2018, UK GDPR and Privacy and Electronic Communications (EC Directive) Regulations (PECR).

The Data (Uncertainty and Algorithmic-deregulation) Bill?

The Data (Uncertainty and Algorithmic-deregulation) Bill?

Handley Gill highlights the written evidence submitted by its expert data protection consultants to the House of Commons Public Bill Committee on the the Data (Use & Access) Bill, detailing the implications of the Bill and opportunities to improve it through amendments, which has been accepted and published by the Committee as DUAB20.

Tell me why!

Tell me why!

When, to coin the Little Britain phrase, the “computer says no”, what information are individuals entitled to know? Handley Gill’s specialist data protection and responsible AI consultants summarise the ruling in C‑203/22 CK v Magistrat der Stadt Wien (commonly referred to as the Dun & Bradstreet case) determining how to comply with the obligation to provide meaningful information on automated decision-making.

Nicola Cain27 February 2025Data Protection, Personal Data, GDPR, General Data Protection Regulation, EU GDPR, Regulation (EU) 2016/679, UK GENERAL DATA PROTECTION REGULATION, UK GDPR, Algorithmic Decision Making, Automated Decision Making, Article 22 GDPR, Article 22 UK GDPR, Artificial Intelligence, AI, AI Regulation, Article 13(2)(f) GDPR, Article 13(2)(f) UK GDPR, Article 14(2)(g) GDPR, Article 14(2)(g) UK GDPR, Article 15(1)(h) GDPR, Article 15(1)(h) UK GDPR, Article 13 GDPR, Article 13 UK GDPR, Article 14 GDPR, Article 14 UK GDPR, Article 15 GDPR, Article 15 UK GDPR, Article 13(2) GDPR, Article 13(2) UK GDPR, Article 14(2) GDPR, Article 14(2) UK GDPR, Article 15(1) GDPR, Article 15(1) UK GDPR, Confidential Information, Trade Secrets, Artificial Intelligence Regulation, AI Governance, Artificial Intelligence Governance, AI Transparency, Artificial Intelligence Transparency, Algorithmic Transparency, Ethical AI, AI Safeguards, AI Guardrails, Machine Learning, Article 29 Working Party, European Data Protection Board, EDPB, Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679, C-203/22, Privacy Notice, Data Subject Rights, DATA SUBJECT ACCESS REQUEST, DSAR, SAR, SUBJECT ACCESS REQUEST, ICO guidance on automated decision-making and profiling, Information Commissioner's guidance on automated decision-making and profilingComment

More for less?

More for less?

Handley Gill’s specialist data protection consultants highlight the increase by an average of 29.9% in the data protection fee payable to the Information Commissioner with effect from 17 February 2025, and consider what controllers and the public can expect from the data protection regulator as a consequence.

Common Cause Part I

Common Cause Part I

Handley Gill’s specialist data protection consultants report on the Data (Use and Access) Bill’s Second Reading in the House of Commons on 12 February 2025, which provided MPs with the first opportunity to debate proposals to reform the UK’s data protection legislation.

Peer Review VI

Peer Review VI

Handley Gill’s specialist data protection consultants report on peers’ final consideration of the Data (Use and Access) Bill at Third Reading on 05 February 2025, when the Government was defeated by Baroness Owen’s amendments in relation to non-consensual deepfake intimate image offences, before the Bill was sent to the House of Commons.

Peer Review V

Peer Review V

Following the conclusion of the House of Lords’ Grand Committee’s scrutiny of the Data (Use and Access) Bill, Handley Gill’s specialist data protection consultants report on peers’ consideration of the Bill at Report stage on 21 and 28 January 2025.

Peer Review - Part IV

Peer Review - Part IV

As the Data (Use and Access) Bill continues its passage through the House of Lords, Handley Gill’s specialist data protection consultants summarise the fourth and final scrutiny session of the House of Lords’ Grand Committee on the Data (Use and Access) Bill on 18 December 2024, when peers continued their consideration of the provisions of Part 5 of the Data (Use and Access) Bill on ‘Data protection and privacy’, and Parts 6-8.

Nicola Cain20 December 2024Data (Use and Access) Bill, Data Protection, PERSONAL DATA, HL Bill 40, HL Bill 40 2024-25, Bill 179 2024-25, Data Protection Reform, Data Reform Bill, Data Bill, Digital Information & Smart Data Bill, Data Protection & Digital Information (No.2) Bill, Data Protection & Digital Information Bill, Data Protection and Digital Information Bill, Data Protection and Digital Information (No. 2) Bill, Data Protection Act 1998, DATA PROTECTION ACT 2018, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, PECR, Privacy and Electronic Communications Regulations 2003, Privacy and Electronic Communications (EC Directive) Regulations 2003, Data Protection Legislation, House of Lords, Grand Committee, HL Bill 57, HL Bill 57 2024-25, Hl Bill 64, HL Bill 64 2024-25Comment

Peer Review - Part III

Peer Review - Part III

As the Data (Use and Access) Bill continues its passage through the House of Lords, Handley Gill’s specialist data protection consultants summarise third scrutiny session of the House of Lords’ Grand Committee on the Data (Use and Access) Bill on 16 December 2024, when peers continued their consideration of the provisions of Part 5 of the Data (Use and Access) Bill on ‘Data protection and privacy’.

Peer Review - Part II

Peer Review - Part II

As the Data (Use and Access) Bill continues its passage through the House of Lords, Handley Gill’s specialist data protection consultants summarise the second scrutiny session of the House of Lords’ Grand Committee on the Data (Use and Access) Bill on 10 December 2024, when peers began their consideration of the provisions of Part 5 of the Data (Use and Access) Bill on ‘Data protection and privacy’.

Peer Review - Part I

Peer Review - Part I

As the Data (Use and Access) Bill continues its passage through the House of Lords, Handley Gill’s specialist data protection consultants summarise the first session of the House of Lords’ Grand Committee’s scrutiny of the Data (Use and Access) Bill on 03 December 2024.

Here’s one I prepared earlier

Here’s one I prepared earlier

In a comprehensive briefing, the Handley Gill’s specialist data protection consultants analyse the provisions of the Labour government’s Data (Use and Access) Bill (HL Bill 40 2024-25) as introduced in the House of Lords on 23 October 2024, the latest attempt after the Data Protection and Digital Information Bill to reform UK data protection law, as set out in the UK GDPR, Data Protection Act 2018, Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003 (PECR).

Keeping on Keeling

Keeping on Keeling

Handley Gill’s specialist data protection consultants have prepared unofficial Keeling schedules showing track change mark ups of the changes proposed by the Data (Use & Access) Bill (HL Bill 40) to the Data Protection Act 2018, UK General Data Protection Regulation (UK GDPR) and Privacy and Electronic Communications Regulations 2003 (PECR) respectively. Download for free and sign up for updates on the Bill.

Nicola Cain21 November 2024Data Protection, Data Protection Reform, Data Protection Legislation, Data Use & Access Bill, Data Reform Bill, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Data Protection Act 1998, Privacy and Electronic Communications Regulations, PECR, Digital Information and Smart Data BillComment

Security stimulus

Security stimulus

New guidance on good industry practice for directors issued by the Institute of Directors obliges directors and boards to identify and mitigate information and cyber security risks, and to prioritise business resilience, bringing a renewed focus to cyber resilience and supply chain security.

Back on the Data Protection Reform Merry-Go-Round

Back on the Data Protection Reform Merry-Go-Round

The new Labour government has today (23 October 2024) introduced the Data (Use and Access) Bill in the House of Lords, in the latest attempt to reform the UK’s data protection laws as set out in the UK GDPR, Data Protection Act 2018, Data Protection Act 1998 and Privacy and Electronic Communications Regulations.