April 15, 2019
A wise organisation builds its products and services upon the… sand?
In this blog Simon, Shervin and James assess the ICO regulatory sandbox by discussing its upsides and downsides as well as how the regulatory sandbox works
Data Protection
Insights on developments in data protection and privacy, regulatory enforcement trends, court cases and law reform, from PwC UK and PwC Legal.
All articles
April 12, 2019
Can your third parties be trusted to protect your personal data? What the regulator wants you to demonstrate
The need to monitor third parties in the GDPR live environment is well understood. But how should this work in practice? In this blog post, Victoria Back explores how to give stakeholders comfort that your organisation is taking third party trust seriously.
April 09, 2019
Purposeful Data Privacy – how tech and data professionals can help change the narrative
In this insight we explain the importance of delivering data privacy outcomes in the technology and data layers of business, and sets out PwC’s new vision for data privacy; the Journey to Code.
April 02, 2019
The ICO and the FCA - a Special Relationship in the Data Privacy World
The Information Commissioner's Office ('ICO') and Financial Conduct Authority ('FCA') took one more step to strengthen their collaboration in February by signing a revised Memorandum of Understanding. Read Tughan Thuraisingam and Sara Jameel's blog for a run through of the key points and practical implications of the growing relationship between these regulators.
March 19, 2019
Can your third parties be trusted to protect your personal data? Monitoring your supply chain
Trust in your supply chain is paramount to increasing stakeholder confidence in your organisation's compliance with the GDPR. In this blog post, Victoria Back explores the journey to third party trust and continuous compliance.
March 19, 2019
What about Non-Personal Data? The new EU Regulation at a glance
In this blog post, Dr Davide Borelli and Timothy Neo discuss how the Non-Personal Data Regulation and the GDPR impact compliance obligations concerning non-personal data and where businesses could benefit by refraining from an inextricable linkage between personal data and non-personal data.
February 27, 2019
Unlawful Disclosure of Personal Data: Who Carries the Burden of Proof Now?
In this post, James Lloyd and Simon Davis examine the Court of Appeal's guidance on Section 170 of the Data Protection Act 2018 in Shepherd v Information Commissioner [2019] EWCA Crim 2.
February 25, 2019
After the breach: counting the (regulatory) cost
In this blog post, Andrea Holder and Lewis Brady look at the factors the Information Commissioner's Office (the “ICO”) may consider when levying a fine, and therefore what steps organisations should take to mitigate these considerations.
February 07, 2019
Data Protection , Cyber Crime & Modern Business
Cyber crime remains a key issue for businesses worldwide. In this blog Richard Hall looks at how far we have come since the Council of Europe Convention on Cyber Crime in Budapest and the next steps to dealing with cyber-crime and data protection.
January 29, 2019
The free flow of data between the EU and Japan
In this blog post, Dr Davide Borelli examines the adequacy that EU and Japan reciprocally recognised of each other's data privacy systems on January 23, 2019, allowing personal data to freely flow between the two economies while guaranteeing a consistent and strong level of data protection.
January 24, 2019
Artificial Intelligence (AI) and the GDPR– Part Two
In Part Two of our blog series on Artificial Intelligence, Emily Sheen and Ningxin Xie discuss some of the main requirements of businesses who utilise artificial intelligence in practice, and look at the key trends that are being discussed around the use of AI technologies.
January 18, 2019
Threats posed to Personal Data by Social Engineering
The advent of the GDPR means that organisations will need to make increased efforts to deal with specific threats and this includes those posed by social engineering attacks. In this blog post, Richard Hall explores the different types of social engineering attacks and what you can do to assist in reducing those risks as part of your compliance efforts.
January 16, 2019
No deal Brexit and the impact on cross-border data flows
In this blog post, Polly Ralph and Olivia Wint discuss contingency planning to maintain EU - UK data flows in the context of a no deal brexit scenario.
January 08, 2019
Individuals responsible for PECR breaches could face fines
By Simon Davis, Senior Associate. PECR (Amendment) Regulations 2018 came into effect in the UK on 17 December 2018. Simon Davis discusses what this means for organisations and for individuals of influence within these.
January 07, 2019
Artificial Intelligence (AI) and the GDPR - Part one
In this blog post, Emily Sheen and Ningxin Xie outline some of the key considerations which organisations should be taking into account when developing and/or deploying AI technologies, especially if these technologies carry out automated decision-making services that fall under the scope of the GDPR, to maintain public trust in a product or service.
December 12, 2018
What should I do if I discover a personal data breach?
When an organisation discovers a personal data breach it is hard not to catastrophize. It is well known and understood that the GDPR has introduced a mandatory breach reporting requirement in many circumstances, and with reporting comes regulatory, and often, public scrutiny.
November 23, 2018
GDPR … what’s all the liability about?
For most organisations acting as data processors, the GDPR's potential 4% fine of global group turnover fundamentally changed the risk profile of their commercial relationships with clients, customers or suppliers, causing them to be increasingly resistant to accepting uncapped and unlimited liability for losses. Sarim Shaikh discusses the issues that are often overlooked by organisations when negotiating these liability provisions.
November 16, 2018
GDPR - A new dawn for data protection or just a moment in time?
ePrivacy, enforcement and a new breed of privacy advocate. Samantha Sayers looks into the current and future privacy landscape, several months into the GDPR.
November 09, 2018
Post GDPR Live Environment: Part 2 - 'The Butterfly effect' and Modern Business Needs
In the first part of this blog we identified two of the key trends for businesses to consider in the post GDPR live environment. In this second blog post, Davide Borelli and Ningxin Xie explore two more key trends that your business should consider in the post GDPR live environment.
November 01, 2018
Data Protection Officers (DPOs): emerging trends and challenges
In the GDPR-‘live’ environment, businesses are busy operationalising their privacy compliance programmes in this new business as usual world of transparency, accountability and user rights. Brian Davidson discusses some common themes and challenges facing businesses and their DPOs.
