Latest blog posts Join us on LinkedIn PwC UK YouTube channel Subscribe to our RSS feed Join us on Facebook Follow PwC on Twitter

25 May 2017

PwC Privacy and Security Enforcement Tracker launches, marking the one year countdown to the GDPR

By Stewart Room Follow @StewartRoom Today PwC is publishing its 2016 Privacy and Security Enforcement Tracker, which reviews the regulatory enforcement cases in the UK and 20 other countries in 2016. This is our third annual Enforcement Tracker and if you are preparing for the GDPR, it will provide you...

18 April 2017

Technology’s role in data protection - the missing link in GDPR transformation

By Stewart Room and Peter Almond Follow @StewartRoom The introduction of the EU General Data Protection Regulation (GDPR) from May 2018 will deliver a fundamental change in how personal data must be handled. Instead of being an afterthought, protections for personal data will now have to be designed into the...

11 April 2017

Article 29 Working Party releases Opinion on proposed ePrivacy Regulation

By Samantha Sayers @SamSPrivacyGuru On 4 April 2017, the Article 29 Working Party (“A29 WP”) adopted its ‘Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC)’ (“Opinion”) – a link to which can be found here. In the midst of the preparations for the General Data Protection Regulation...

17 March 2017

Italian Garante Fines

By Stefano Cancarini and Flavia Messina Follow @stefanoPwc With a recent decision, the Italian Data Protection Authority issued fines for over 11 million Euro to five companies operating in the money transfer sector. It is the highest sanction ever applied for unlawful processing of personal data by a Data Protection...

17 February 2017

Data Protection Officer – do you need to appoint one?

By Samantha Sayers @SamSPrivacyGuru The concept of a ‘Data Protection Officer’ (“DPO”) for organisations processing personal data has been alive and well for many years – already a mandatory requirement in some countries and best practice in others. However, for the first time the appointment of a DPO will be...

15 February 2017

Identifying a controller or processor’s lead supervisory authority

By Polly Ralph Follow @polly_ralph In December 2016, the Article 29 Working Party (“WP29”) published its Guidelines for Identifying a Lead Supervisory Authority (the "Guidelines"). During the negotiation of the General Data Protection Regulation ("GDPR"), the ‘one-stop-shop’ mechanism was seen as a solution to the problems faced by multi-national organisations,...

13 February 2017

Data Portability: how will your organisation unlock this right?

By Tughan Thuraisingam and Tamsin Hoque Follow @tughanTT Two months have passed since the Article 29 Working Party (“WP29”) published its “guidelines on the right to data portability." In this time, we have taken a deep dive into this new right through round-table discussions with our clients from a cross...

09 February 2017

Direct Marketing: impacts of the draft e-privacy regulation

By Polly Ralph Follow @polly_ralph Whilst many organisations continue to grapple with the impact of the forthcoming General Data Protection Regulation ("GDPR"), another important piece of data privacy law is making its way through the European legislative process: the ePrivacy Regulation. Whilst the ePrivacy Regulation is still in draft form,...

03 February 2017

Litigation: data protection may be an alternative to defamation, says Court of Appeal

By Kate Macmillan A recent Court of Appeal ("CA") decision may give a boost to claimants in data protection litigation. In the “Moroccan Prince” case[1], in which judgment was handed down on 27th January, the CA recognised that libel, harassment and data protection protect different aspects of the right to...

19 January 2017

ICO issues updated GDPR guidance – watch this space…

By Samantha Sayers @SamSPrivacyGuru This week the UK Information Commissioner’s Office (“ICO”) published updated guidance setting out what organisations can expect from the ICO in the run up to the EU General Data Protection Regulation (“GDPR”) being fully implemented in the UK on 25 May 2018. A link to the...