Who's Under Investigation?

The Information Commissioner recently published an opinion, 'Who’s Under Investigation? The processing of victims’ personal data in rape and serious sexual offence investigations', which calls on the police, CPS and other prosecution agencies to overhaul their approach to the obtaining and retention of victim personal data.

Nicola Cain13 June 2022Data Protection, Personal Data, Data Protection Act 2018, Part 3 Data Protection Act 2018, Law enforcement processing, Information Commissioner, Police, Training, Consent, Lawful Basis for Processing, Criminal Justice System, Victims, Witnesses, Law EnforcementComment

Dominate that DSAR

Handley Gill’s top tips for complying with data subject access requests under Article 15 UK GDPR / GDPR.

Nicola Cain8 June 2022Data Protection, Personal Data, Data Subject Rights, DSAR, Data Subject Access Request, Data Protection Act 2018, UK GDPR, UK General Data Protection Regulation, GDPR, General Data Protection Regulation, Article 15, Article 15 GDPR, Article 15 UK GDPR, Data controllerComment

Online Safety Hazards

Aggregated summary of key amendments tabled to Online Safety Bill 2021/22-285, 2022/23-004.

Nicola Cain6 June 2022ONLINE SAFETY BILL, ONLINE SAFETY, ONLINE HARMSComment

Exclusive: Information Commissioner’s Office kisses source protection goodbye

Exclusive: Information Commissioner’s Office breached obligations when targeting journalists’ sources by conducting raids over Hancock snog CCTV footage

Taking a wrong turn? Government pursues data protection reform

The Government has today (10 May 2022) announced in the Queen’s Speech that further to its consultation ‘Data: A New Direction’ it will bring forward legislation in this Parliamentary session to reform the UK’s data protection law (the UK GDPR, Data Protection Act 2018 and Privacy and Electronic Communications Regulations) which has been adopted virtually wholesale from the European General Data Protection Regulation (GDPR).

Nicola Cain10 May 2022Data Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK General Data Protection Regulation, Data Protection Act 2018, DPA 2018, Privacy and Electronic Communications Regulations, PECR, Data Protection Reform, Data: A New Direction, Brexit, National Data Strategy, 10 Tech Priorities, Cookies, Data Protection Officer, Information Commissioner, International Data Transfers, Records of Processing Activities, Processing for Research Purposes, AI, Artificial Intelligence, Anonymous Data, Data Intermediaries, Data Stewards, Data Protection Impact Assessments, High Risk Processing, Prior Consultation, Data Breaches, Regulatory Enforcement, Voluntary Undertakings, Cookie Consent, Reverse Transfers, Digital Regulation Co-operation Forum, DRCF, Notice of Intent, Final Penalty Notice, Law Enforcement Processing, Part 3 Data Protection Act 2018, Part 4 Data Protection Act 2018, Automated Processing, Data Protection & Digital Information BillComment

Too Many Phish in the Sea!

DCMS has recently published its Cyber Security Breaches Survey 2022, based on data gathered by IPSOS MORI over winter 2021/22, which reveals that businesses and charities continue to be under prepared to respond to inevitable cyber security incidents and data breaches.

In this post, we highlight some of the key findings of the survey and identify advice, guidance and free solutions to common cyber resilience shortcomings.

Protective MeasuresNicola Cain17 April 2022Handley Gill Limited#CyberSecurity, #DataBreach, #CyberAttack, #Phishing, #Ransomware, #GDPR, #UKGDPR, #DPA2018, #DCMS, #CyberSecurityBreachesSurvey, #CyberSecurityBreachesSurvey2022, #DataBreachStatistics, #Malware, #CyberResilience, #CyberInsurance, #IncidentResponse, #CyberSecurityIncident, #DataBreachResponse, #SMEs, #Charities, #Business, #Charity, #Retail, #Education, #NCSC, #PoliceCyberAlarm, #NPCC, #LawEnforcement, #ActionFraud, #Police, #Sanctions, #SupplyChainRisk, #ThirdPartyRisk, #Training, #Logging, #TechnicalAndOrganisationalMeasures, #Penalties, #Article28, #Article32, #DataProtection, #Compliance, #SupplyChainSecurity, #CyberSecurityStrategy, #IncidentResponsePlan, #Trustees, #BusinessContinuity, #DisasterRecovery, #DataBreachReporting, #CyberCover, #IncidentReporting, #CSuite, Cyber Security, DCMS, Ransomware, Data Breach, Supply Chain Risk, Directors, Law Enforcement, Police, NCSC, National Cyber Security Centre, Cyber Attack, GDPR, UK GDPR, General Data Protection Regulation, DPA 2018, Data Protection Act 2018, Department for Culture, Cyber Security Breaches Survey, Cyber Security Breaches Survey 2022, Data Breach Statistics, Malware, Cyber Resilience, Cyber Insurance, Incident Response, Cyber Security Incident, Data Breach Response, SMEs, Micro Businesses, Charities, Start Ups, Retail, Education, Police CyberAlarm, NPCC, National Police Chiefs' Council, Action Fraud, Information Security, Cyber Crime, Sanctions, Third Party Risk, Training, Logging, Technical & Organisational Measures, Protective Measures, Costs, Fines, Administrative fine, Penalties, Monetary penalty, Data Protection, Article 28 GDPR, Article 32 GDPR, Article 28 UK GDPR, Article 32 UK GDPR, Compliance, Cyber Griffin, Cyber Essentials, Supply Chain Security, Cyber Security Strategy, Incident Response Plan, Breach Response Plan, Data breach costs, Trustees, Business Continuity, Disaster Recovery, Data Breach Reporting, Cyber Insurance Cover, Incident Reporting, C Suite, Data Controller, Data ProcessorComment

VIG (Very Important Guidance) for VSPs

Ofcom publishes guidance for UK video sharing platforms (VSPs) on their obligations to protect users from harmful content.

Nicola Cain6 October 2021BREXIT, VSPs, VIDEO SHARING PLATFORMS, VSP FRAMEWORK, OFCOM, CONTENT REGULATION, ONLINE HARMS, ONLINE SAFETY, ONLINE SAFETY BILL, TECH REGULATION, TECHNOLOGY REGULATION, PLATFORM REGULATION, AUDIO VISUAL MEDIA SERVICES, AUDIOVISUAL MEDIA SERVICES, AUDIOVISUAL MEDIA SERVICES DIRECTIVE, AVMS, AVMSD, COMMUNICATIONS ACT 2003, UGC, USER GENERATED CONTENT, CHILDREN, CSAM, CHILD SEXUAL ABUSE MATERIAL, TERRORISM, RACISM, XENOPHOBIA, TERRORIST CONTENT, RACIST CONTENT, XENOPHOBIC CONTENT, BBFC, BRITISH BOARD OF FILM CLASSIFICATION, BBFC CLASSIFICATION GUIDELINES, R18 CONTENT, INCITEMENT OF VIOLENCE, INCITEMENT OF HATRED, PROTECTED CHARACTERISTICS, RESTRICTED MATERIAL, RELEVANT HARMFUL MATERIAL, INTERNET WATCH FOUNDATION, NATIONAL CENTRE FOR MISSING & EXPLOITED CHILDREN, NCMEC, THORN, TECH AGAINST TERRORISM, GLOBAL INTERNET FORUM TO COUNTER TERRORISM, Age Verification, Age Assurance, Advertising, Advertising Restrictions, Parental Control, Content RegulationComment

B.A. B.A. Black Sheep Returns to the Fold

British Airways settles data breach group litigation compensation claims, concluding legal and regulatory proceedings following criminal hack

Deep Impact on Data Protection Impact Assessments

Data controllers should revisit their Data Protection Impact Assessments (DPIAs).

DPIAsNicola Cain15 November 2020Data protection, Data protection impact assessment, GDPR, Article 35, Law enforcement processing, High risk processing, Data controller, Criminal conviction & offence data, Data Protection Act 2018, Section 64, Biometric data, Systematic public monitoring, Law Enforcement, Law Enforcement Processing, DPIA, Part 3 Data Protection Act 2018

European Court of Justice wields axe against Privacy Shield

Action needed by data controllers to assess the compliance of relevant international data transfers with GDPR following CJEU decision in Schrems invalidating Privacy Shield.

Data transfersNicola Cain15 November 2020Handley Gill LimitedData protection, Data privacy, Schrems, SchremsII, International data transfers, Privacy Shield, GDPR, Article 44, Standard contractual clausesComment