By Dr. Davide Borelli and Ningxin Xie In the first part of this blog we identified two of the key trends for businesses to consider in the post GDPR live environment – the operationalisation of the GDPR within your business, and the interaction of the GDPR with other areas of...

By Brian Davidson As we embrace the GDPR ‘Live’ environment, businesses and their DPOs are now busy operationalising their privacy compliance programmes in this new business as usual (“BAU”) world of transparency, accountability and user rights. We are seeing the emergence of some common themes in terms of the challenges...

By Mark Hendry and Laia Bertran Manye The General Data Protection Regulation (‘GDPR’) was born with the aim to be technologically neutral (Recital 15 GDPR). The upside of this tech neutrality is that it will (hopefully) award a long lifetime to GDPR, regardless of technical innovation. The downside: it makes...

By Stewart Room, Partner At PwC we believe that the future of Data Protection (‘DP’) lies in the delivery of many more DP outcomes in the actual technology and data layers of business than is currently the case. We call this ‘The Journey to Code’. What distinguishes this point of...

By Dr. Davide Borelli, Data Protection Manager and Ningxin Xie, Senior Associate May 25 2018 has come and gone. The General Data Protection Regulation (“GDPR”) has irretrievably changed the way in which we approach and deal with personal data. At PwC, we have identified some key trends for business to...

By Stewart Room, Partner The summer was a pleasant relief from the intensity of the run-up to the GDPR go-live date, 25th May. The holiday season coupled with legal “due process” gave us some breathing space, to take stock and reflect on what we’ve learned about data protection and the...

By Sean Milford, Data Protection Manager Organisations are increasingly looking to innovate by using technology which often involve novel and untested ways of using personal data. If done correctly, organisations can create a business advantage. If proper procedures are not followed (resulting in inadequate privacy protections), the consequences for an...

By Sue Gold and Richard Collinson The Department of Digital, Culture, Media and Sport (DCMS) published a guidance note on 13 September 2018 on the potential implications for data protection in a ‘no deal’ Brexit scenario. There weren’t any great surprises in the guidance, which concludes that if the UK...

The Article 29 Working Party has recently published updated guidance on the Personal Data Breach notification rules in Articles 33 and 34 of the General Data Protection Regulation (GDPR). The original version was published on 3rd October 2017. The most illuminating part of the update concerns the requirement for organisations...

Are companies exposed to fines at 2% or 4% of their worldwide annual turnover, or are they exposed to fines based on the group worldwide annual turnover, assuming that they are part of a group? Articles 83(4) and (5) talks about ‘an undertaking’, which means a single entity. They do...