Category Archives: Data Protection

Act Now launches GDPR Policy Pack

The first fine was issued recently under the General Data Protection Regulation (GDPR) by the Austrian data protection regulator. Whilst relatively modest at 4,800 Euros, it shows that regulators are ready and willing to exercise their GDPR enforcement powers. Article … Continue reading

Posted in CCTV, Data Portability, dpia, GDPR, Policy pack, Privacy, Security, Subject Access, Uncategorized | Leave a comment

Equifax Ltd fined £500,000 for significant breaches of the DPA 1998

On 20th September the Information Commissioner issued Equifax Ltd with a £500, 000 monetary penalty, the biggest fine it has issued to date, and the maximum allowed under the Data Protection Act 1998.  Although half a million pounds might sound a … Continue reading

Posted in Data Protection, Fines, GDPR, Privacy, Records Management | 1 Comment

Facebook Fan page administrators need to be GDPR compliant

  By Susan Wolf In our previous blog we considered the recent, and much awaited, decision of the Court of Justice of the European Union  (CJEU) on the status of Facebook fan page users [1]. After protracted litigation in the German … Continue reading

Posted in Data Protection, GDPR, Social media | Leave a comment

Decision: Facebook Fan Page Administrators are Data Controllers

By Susan Wolf On 5th June 2018 the Court of Justice of the European Union (CJEU) delivered its long awaited Facebook fan page decision. The case concerned the definition of data controller under the now repealed Data Protection Directive 95/46/EC [1] and in … Continue reading

Posted in Data Protection, GDPR, Personal Data, Social media | 2 Comments

The role of the Court of Justice of the European Union ( CJUE) post Brexit

By Susan Wolf In our previous Blog, we examined the European Union (Withdrawal) Act 2018 and explained that the GDPR, EIR and PECR will remain on the domestic statute book post Brexit. In other words they will continue to be … Continue reading

Posted in Brexit, CJEU, EU DP Regulation, EU Withdrawal, GDPR | 1 Comment

The EU Withdrawal Act 2018: What does it mean for information rights practitioners?

By Susan Wolf Amidst all the media attention about the resignation of David Davis and Boris Johnson, and what type of deal (if any) the UK will end up with, uncertainty seems to be the current default setting in British … Continue reading

Posted in Article 50, Data Protection, EU DP Regulation, EU Withdrawal, GDPR | 2 Comments

GDPR and Data Protection Impact Assessments: When and How?

Article 35 of GDPR introduces a new obligation on Data Controllers to conduct a Data Protection Impact Assessment (DPIA) before carrying out personal data processing likely to result in a high risk to the rights and freedoms of individuals. If … Continue reading

Posted in Data Protection, dpia, DPO, GDPR | Leave a comment