On the 16^th of  July, the Court of Justice of the European Union (“CJEU”) will release its opinion in the ‘Schrems II’ case, which could have a significant impact on the use of standard contractual clauses and third party transfers of personal data.

California’s data protection law went into effect on 1 January, 2020. It is far and away the most robust piece of legislation dealing with consumer privacy in the United States. While the California Consumer Privacy Act (CCPA) applies primarily to California businesses, it will likely have some knock-on effects for anyone who does business within the United States, especially when dealing with personal data.

With more and more of our day to day life happening in an online environment, many decisions are inevitably made by computers, with no human involvement – a process called automated decision-making.  Organisations use technology, including algorithms and machine-learning, to collect and analyse a range of personal data about an individual – from their buying habits to lifestyle data, from social network data to mobile phone data. Automated individual decision-making is frequently used for the purposes of profiling. Profiling is defined by the GDPR as:“Any form of automated processing of personal data consisting of the use of personal data to evaluate certain...

One of the rights given to individuals under the GDPR, is that of data portability. But when does it apply and what exactly does it entail?The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format but only comes into play in certain situations.The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. This means that individuals can move, copy or transfer personal data easily from one IT environment to another in a...

Damage to reputationFake credit card transactionsIdentity fraudCompromised bank accountsIndividuals put at risk of physical harm or intimidationPassword theftExposure of the contact details of vulnerable peopleFake applications for tax creditsMortgage fraudExposure of sensitive health and medical details These are just a few examples of what can go wrong if personal data is lost, stolen, misplaced or abused which is exactly why the GDPR has put a lot of emphasis on its Security Principle. This principle puts an obligation on all data processors to put in place appropriate technical and organisational measures to minimise potential risks.Article 5(1)(f) of the GDPR states that personal data...