Latest blog posts Join us on LinkedIn PwC UK YouTube channel Subscribe to our RSS feed Join us on Facebook Follow PwC on Twitter

17 February 2017

Data Protection Officer – do you need to appoint one?

By Samantha Sayers @SamSPrivacyGuru The concept of a ‘Data Protection Officer’ (“DPO”) for organisations processing personal data has been alive and well for many years – already a mandatory requirement in some countries and best practice in others. However, for the first time the appointment of a DPO will be...

15 February 2017

Identifying a controller or processor’s lead supervisory authority

By Polly Ralph Follow @polly_ralph In December 2016, the Article 29 Working Party (“WP29”) published its Guidelines for Identifying a Lead Supervisory Authority (the "Guidelines"). During the negotiation of the General Data Protection Regulation ("GDPR"), the ‘one-stop-shop’ mechanism was seen as a solution to the problems faced by multi-national organisations,...

13 February 2017

Data Portability: how will your organisation unlock this right?

By Tughan Thuraisingam and Tamsin Hoque Follow @tughanTT Two months have passed since the Article 29 Working Party (“WP29”) published its “guidelines on the right to data portability." In this time, we have taken a deep dive into this new right through round-table discussions with our clients from a cross...

09 February 2017

Direct Marketing: impacts of the draft e-privacy regulation

By Polly Ralph Follow @polly_ralph Whilst many organisations continue to grapple with the impact of the forthcoming General Data Protection Regulation ("GDPR"), another important piece of data privacy law is making its way through the European legislative process: the ePrivacy Regulation. Whilst the ePrivacy Regulation is still in draft form,...

03 February 2017

Litigation: data protection may be an alternative to defamation, says Court of Appeal

By Kate Macmillan A recent Court of Appeal ("CA") decision may give a boost to claimants in data protection litigation. In the “Moroccan Prince” case[1], in which judgment was handed down on 27th January, the CA recognised that libel, harassment and data protection protect different aspects of the right to...

19 January 2017

ICO issues updated GDPR guidance – watch this space…

By Samantha Sayers @SamSPrivacyGuru This week the UK Information Commissioner’s Office (“ICO”) published updated guidance setting out what organisations can expect from the ICO in the run up to the EU General Data Protection Regulation (“GDPR”) being fully implemented in the UK on 25 May 2018. A link to the...

16 December 2016

Cyber insurance – castles made of sand fall in the sea, eventually.

By David Cook Follow @CyberSolicitor Setting the scene The risk of a cyber incident and financial consequences that could then arise are both factors that are evolving and increasing in severity, not least through the harsh regulatory environment introduced by the General Data Protection Regulation. Boardroom decision makers therefore can...

09 December 2016

Is your organisation dealing with data subject access requests properly?

By Tughan Thuraisingam and Shervin Nahid Follow @tughanTT The High Court judgment in Dr DB vs General Medical Council [2016] EWHC 2331 (QB) held that if the dominant purpose behind a Data Subject Access Request (“DSAR”) is litigation, this can be “a weighty factor in favour of refusal” of the...

22 November 2016

Elizabeth Denham addresses next generation of DPOs at NADPO Annual Conference 2016

By Samantha Sayers, Solicitor at PwC Follow @SamSPrivacyGuru This year’s National Association of Data Protection and Freedom of Information Officers (“NADPO”) Annual Conference held on 21 November 2016 had a very special guest – the new UK Information Commissioner, Elizabeth Denham. A link to the full speech can be found...

25 October 2016

ICO code of practice on privacy notices – are you confident you are complying?

By Tughan Thuraisingam Follow @tughanTT Earlier this month, the Information Commissioner’s Office (the “ICO”) published a code of practice on communicating privacy information to individuals (the “Code”). What does the Code say? The Code appreciates that when obtaining personal data as part of a simple transaction, developing a clear and...