For non-lawyers trying to navigate their way through the sea of information out there on the web relating to data protection, one thing that can be rather confusing is working out who is who in terms of authorities.In the field of data protection, there are a few key names you need to know.The Information Commissioner’s OfficeThe Information Commissioner’s Office, or ICO, is the UK’s independent authority set up to uphold information rights in the public interest and they have a variety of functions.Under the Data Protection Act 1998 every organisation that processes personal information has to register with the ICO (unless...

A frequently asked question is whether or not an organisation needs to seek fresh or renewed consent from clients or customers once GDPR is in force. Panic has spread as organisations realise that databases may have to be trawled through as consents are sought and recorded.To be clear – you are not required to automatically refresh all existing DPA consents in preparation for the GDPR. However, it is important to check your processes for gaining consent and records of consent gained to ensure that existing consents meet the higher bar set for consent by the GDPR.Recital 171 of the GDPR states...

The GDPR is a European Regulation designed to do what is says on the tin. Protect data. That data being personal data, belonging to you, a citizen of the EU. It puts in place a number of obligations and responsibilities on those deciding how your personal data should be used - the data controllers, and also those with the responsibility of undertaking that processing at the request of those data controllers - the data processors. The GDPR also gives those whose personal data is being processed - the data subjects - a number of rights. Many of these rights we are...

The GDPR gives individuals the right to be informed about the collection and use of their personal data. This ties in with data controller’s obligations to provide “fair processing information”. The GDPR imposes upon data controllers a requirement to be transparent about how they are going to use personal data and their justifications for doing so. It specifies the information which must be provided to individuals - which will often be done using a privacy notice or policy - and also the manner in which it is to be supplied.

GDPR and Cross Border Transfers of DataTechnological advances and global business opportunities means that personal data travels round the world faster and more easily than ever before. Free movement of data is of prime importance for businesses and many are worried about the effects that the GDPR will have – concerned that it may hinder their business or impose additional administrative burdens upon them.Understanding the requirements of the GDPR in relation to cross border transfers of personal data is therefore important for all organisations (both controllers and processors, including cloud service providers) who require to move data outside of the EU....