Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
Find up-to-date guidance on points of law and then easily pull up sources to support your advice with Lexis PSL
Check out our straightforward definitions of common legal terms.
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Access our unrivalled global news content, business information and analytics solutions
Insurance, risk and compliance intelligence using big data, proprietary linking and advanced analytics.
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
In our May 2021 monthly session for in-house counsel, over 190 professionals came together to hear Iain Larkins, Radius Law’s founder and CEO and Sandra Martins, Radius Law’s head of employment, provide an update on essential topics.
Part 2 of this series of 3 on the talk focuses on key themes in data security, providing links to useful guidance on various issues in the sector.
Iain reminded us that the new deadline of 30 June 2021 for a UK data adequacy decision is looming. However, even if an adequacy decision is granted, there will likely be legal challenges similar to those concerning EU-US personal data transfers. Businesses which rely on the free-flow of personal data from the EU should make contingency plans.
Standard Contractual Clauses
The default position would be to move to standard contractual clauses (SCCs).
The Commission has published proposed draft new SCCs under the EU GDPR (Draft New SCCs). For further guidance, including on plans to revoke the existing SCCs, see the section on ‘New SCCs’ in Practice Note: EU GDPR—transfers of personal data internationally and to international organisations—Standard contractual clauses (Model Clauses).
Lawyers should bear in mind Schrems II, which held that SCCs must be accompanied by a risk assessment of the third country and be able to ensure that 3rd countries have similar level of protection to the EU.
Iain commented that recent decisions, such as the ones taken in Germany and Portugal, have shown that data protection authorities are no longer paying lip-service to the ECJ’s decision, but are taking action against companies who fail to meet the necessary standards.
See News Analysis: Bavarian DPA declares transfers to US email marketing service prohibited due to Schrems II and MLex: Cloudflare targeted by Portugal's data protection agency, risking tensions with US.
When transferring data to 3rd countries with lower data protection standards, businesses should consider:
Iain felt that one of the most overlooked obligations in the EU’s General Data Protection Regulation (EU GDPR) so far is the requirement for organisations that are subject to EU GDPR but outside the EEA to appoint a data protection representative (DPR).
However, following the fine announced on 12 May 2021 for Locatefamily.com from the Netherlands supervisory authority for failure to appoint a DPR, this is now likely to receive much more attention.
See News Analysis: Locatefamily.com fined €525,000 for failure to appoint data protection representative.
In January 2021, the Information Commissioner’s Office (ICO) announced it was resuming its investigation into the adtech industry (see: LNB News 22/01/2021 41), which it has paused in May 2020 (see: LNB News 07/05/2020 68). The investigation is focused on concerns with real time bidding—this is the classic social media type advertising, whereby web adverts are sold at the ‘blink of an eye’ based on the user profile. The ICO has previously stated that it considers all real time bidding practices to be non-compliant with the GDPR so those making use of adtech should take care to follow any updates by the ICO or other industry bodies.
Among these, Iain highlighted the guidance published by the EDPB (see: LNB News 23/04/2021 8). He felt that these guidelines are useful inasmuch as they raise considerations that stakeholders should take into account, but it doesn’t really provide solutions.
Businesses will have to consider if they want to suspend adtech activity pending the ICO report, until there is full clarification on these issues.
For more information, see: Online advertising and adtech—overview.
44% of respondents to Iain’s poll felt that their businesses have some or large gaps with their cybersecurity programme.
This seems to echo what the government has found in its 2021 cyber breach survey (see: LNB News 24/03/2021 109). This showed worrying statistics among businesses’ preparation for cyber attacks, likely at least partially linked to the rapid transition to home working.
The government is urging organisations to follow the National Cyber Security Centre’s guidance.
Iain felt that it is worth asking your business’s IT department what they have in place to protect the business from cyber attacks.
For further information on cybersecurity, including an A-Z of cyber threats and Precedents, see subtopic: Cybersecurity & cybercrime.
Click here for parts 1 and 3 in this series, for an overview of hot issues in the corporate and commercial sphere and ESG, and in employment law.
Upcoming Senior Counsel event
Join us for the next dedicated session for in house counsel:
The power of an effective learning, development and training strategy
Wednesday 23rd June, 10:00 – 10:45
Free trials are only available to individuals based in the UK
* denotes a required field
0330 161 1234