Sign-in Help

Data breaches, sanctions and enforcement

View Information Law by content type:

Practice notes
Precedents
Q&As

Featured Information Law content

Joint, several, and joint and several liability

Joint, several, and joint and several liability

ContractWhere a contract is made by two or more parties it may contain a promise or obligation made by two or more of those parties. Any such promise...

Conditions precedent in commercial contracts

Conditions precedent in commercial contracts

This Practice Note considers the meaning and use of conditions precedent in commercial arrangements. It also considers typical conditions precedent...

A company’s constitution

A company’s constitution

What is a company's constitution?A company’s 'constitution' is defined under the Companies Act 2006 (CA 2006) as including:•the company’s articles of...

Malicious falsehood

Malicious falsehood

This Practice Note provides an introduction to the tort of malicious falsehood. Unlike a claim for defamation, there is no requirement in a claim for...

Practice notes

Declaration of a director's interests—the statutory provisions

A director who is in any way, directly or indirectly, interested in:•a proposed transaction or arrangement with the company of which they are a...
Read More >
9th Nov
Practice notes

Defamation—defences

DefencesThere are a number of substantive defences to a defamation claim, the majority of which are now, since the Defamation Act 2013 (DA 2013),...
Read More >
Produced in partnership with 5RB 9th Nov
tag iconIn-house
Practice notes

Starting a GDPR compensation claim—a practical guide

Brexit: The UK's departure from the EU on exit day ie Friday 31 January 2020 has implications for practitioners in a number of areas covered in this...
Read More >
Produced in partnership with Robert Brodrick and Stephen Woodward of Payne Hicks Beach 9th Nov
Practice notes

Rome Convention—introduction and interpretation

Brexit: The UK's departure from the EU on exit day, ie Friday 31 January 2020, has implications for practitioners considering applicable law. For...
Read More >
9th Nov
Practice notes

Sub-licensing intellectual property rights

An intellectual property (IP) owner may choose to license its IP to a third party. This can be an effective route to generating revenue while...
Read More >
Produced in partnership with Jessica Stretch 9th Nov
tag iconIn-house
Practice notes

Introduction to retained EU law

This Practice Note provides an introduction to retained EU law, which is an entirely new legal concept introduced to UK domestic law in preparation...
Read More >
9th Nov
tag iconBrexit
Precedents

Standard contractual clauses—set II—controller to controller (Model Clauses)

DRAFTING FOR BREXIT: For the latest information on the impact of Brexit on the drafting, negotiation and enforceability of this Precedent, see...
Read More >
9th Nov
Practice notes

No deal Brexit—jurisdiction (UK and the Lugano Convention)

This Practice Note has been produced in partnership with Guy Pendell, Liz Williams and Kushal Gandhi of CMS.STOP PRESS: This Practice Note is under...
Read More >
9th Nov
tag iconBrexit
Practice notes

Model ADR clauses

Brexit: The UK's departure from the EU on exit day ie Friday 31 January 2020 has implications for practitioners considering the use of ADR as it may...
Read More >
9th Nov
Precedents

Execution clause—company—deed

Option 1—deed executed by a company under its common seal (model articles, where the authorised signatory is an...
Read More >
9th Nov
tag iconIn-house
Practice notes

Applications for interim injunctions for breaches of privacy

This Practice Note should be read in conjunction with Practice Notes: Privacy law—misuse of private information and Privacy law—remedies.Coronavirus...
Read More >
Produced in partnership with Ben Gallop and Lily Walker-Parr of 5RB and Daniel Bishop 9th Nov
Precedents

Third party intellectual property rights indemnity clause—pro-supplier

1 Intellectual property rights indemnity 1.1 The Supplier shall defend the Customer against any third party claim that...
Read More >
9th Nov
tag iconIn-house
Practice notes

Applicable law clauses

Brexit: The UK's departure from the EU on exit day, ie Friday 31 January 2020, has implications for practitioners considering applicable law. For...
Read More >
9th Nov
Precedents

Month definition

Month means a calendar month; Close This is a suggested definition for the term 'month', which...
Read More >
9th Nov

Most recent Data breaches, sanctions and enforcement content

Practice notes

UK GDPR and EU GDPR—sanctions and enforcement

Brexit: The Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime described in this Practice Note is the UK...
Read More >
25th Nov
Practice notes

Data protection principles

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU...
Read More >
Produced in partnership with Pillsbury Winthrop Shaw Pittman LLP 25th Nov
Practice notes

Introduction to the EU GDPR and UK GDPR

Brexit: The Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime described in this Practice Note is the UK...
Read More >
25th Nov
tag iconIn-house
Practice notes

GDPR enforcement by UK and EEA supervisory authorities—tracker

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU...
Read More >
24th Nov
Q&As

Is there a specified format for notifying data subjects of a personal data breach under the GDPR?

In answering this Q&A, it has been assumed to be a breach notification under the Genaral Data Protection Rules, and the threshold for informing data...
Read More >
23rd Nov
Precedents

Letter notifying data subject of data breach

On [insert date] we became aware that [describe what has happened, ie how the breach occurred]. The data [accessed OR stolen OR lost OR corrupted][...
Read More >
19th Nov
Precedents

Personal data breach plan

1Introduction1.1This personal data breach plan:1.1.1places obligations on staff to report actual or suspected personal data breaches; and1.1.2sets out...
Read More >
19th Nov
Practice notes

Managing personal data breaches

Brexit: As of exit day (31 January 2020), the UK is no longer an EU Member State, but it has entered an implementation period during which it...
Read More >
19th Nov
Q&As

What is the impact of Brexit on international transfers of personal data?

This Q&A looks at the impact of Brexit on cross-border transfers of personal data involving the UK and EEA, under the General Data Protection...
Read More >
18th Nov
tag iconBrexit
Practice notes

ICO enforcement—database

This database sets out details of recent enforcement actions taken by the Information Commissioner's Office (ICO). It is accessible by clicking on the...
Read More >
16th Nov
Practice notes

Cybersecurity breach notification requirements

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU...
Read More >
Produced in partnership with Chris Benn of Fieldfisher and Nicola Fulford of Hogan Lovells 13th Nov
Practice notes

The Network and Information Systems Regulations 2018

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU...
Read More >
12th Nov
Practice notes

The Network and Information Systems Directive—timeline

This timeline sets out key dates and information relating to the Network and Information Systems Directive (NIS Directive), Directive (EU) 2016/1148,...
Read More >
12th Nov
Q&As

Have there been any challenges to the Privacy Shield?

There has recently been a legal challenge regarding the EU’s data sharing arrangement with the US, known as the EU‒US Privacy Shield, filed in the...
Read More >
10th Nov
Practice notes

Offences under the Data Protection Act 2018

The Data Protection Act 2018 (DPA 2018) received Royal Assent on 23 May 2018. The DPA 2018 puts the UK in a position to continue to share personal...
Read More >
Produced in partnership with Professor Dan Hyde of Harrison Clark Rickerbys 23rd Oct
Q&As

Under the General Data Protection Regulation, can an organisation take data from a public website to build a database and use that data to cold call the data subject? Would consent be required to do so? If not permitted to do so, what sanctions could they be liable for?

The General Data Protection Regulation (GDPR) will become directly applicable and enforceable from 25 May 2018 and will introduce substantial...
Read More >
19th Oct
Q&As

Under the new General Data Protection Regulation, can a law firm (or a solicitor within a law firm) be appointed as data protection officer on behalf of its client/clients if it can satisfy the requirements as to expertise etc?

Article 37(1) of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), introduces a requirement that businesses must appoint a Data...
Read More >
19th Oct
Q&As

Does one need explicit consent to share personal data?

In answering this Q&A, we have assumed that all parties and data subjects are exclusively based in the UK, no overseas laws or regulation applies,...
Read More >
19th Oct
Q&As

Who is a 'data subject' for the purposes of the Data Protection Act 1998?

In the context of data protection, the term 'data subject' is used frequently. For the purposes of the Data Protection Act 1998 (DPA 1998), 'data...
Read More >
19th Oct
Q&As

What is 'personal data' for the purposes of the Data Protection Act 1998?

For the purposes of the Data Protection Act 1998 (DPA 1998), 'personal data' is defined as: 'data which relate to a living individual who can be...
Read More >
19th Oct

Popular documents

LEXISNEXIS

Term Loan B facilities

This Practice Note discusses Term Loan B (TLB) facilities which frequently appear as a tranche of senior facilities in syndicated loans in leveraged financings. TLBs are an established feature in the US market and increasingly used in the European lending market for institutional investors.This

LEXISNEXIS

Fraud by false representation

Fraud by false representationFraud by false representation applies to a broader range of conduct than the offences under the preceding legislation (the Theft Act 1968 (TA 1968)). No gain or loss need actually be made, and no deception need operate on the mind of the deceived for the Fraud Act 2006

LEXISNEXIS

Issue of redeemable shares

A limited company that proposes to issue redeemable shares must comply with the provisions of the Companies Act 2006 (CA 2006).Why do companies issue redeemable shares?A company may wish to issue redeemable shares so that it has an alternative way to return surplus capital to shareholders without

LEXISNEXIS

The equity of redemption

Disposal and devolutionThe equity of redemption arises as soon as the mortgage is made. It is an interest in the land which the mortgagor can:•transfer, lease or mortgage inter vivos, or•by will (it passes on intestacy)No cloggingIt is a fundamental principle of a mortgage that there must be no clog