Forthcoming changes: The UK has voted to leave the EU and this will take place on exit day as defined in section 20 of the European Union (Withdrawal) Act 2018. This has...
Forthcoming changes: The UK has voted to leave the EU and this will take place on exit day as defined in section 20 of the European Union (Withdrawal) Act 2018. This has...
ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998...
This Practice Note discusses the impact of Brexit on the general processing of personal data under the General Data Protection Regulation, Regulation (EU) 2016/679...
ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998...
This Practice Note provides practical guidance on how to undertake data mapping. It is based on an article by Nicola Fulford of Hogan Lovells and Krysia Oastler of Kemp...
Legislative background and guidance Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR) was directly applicable in the UK from 25 May 2018, and the...
Archived: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998....
A data protection impact assessment (DPIA) does what the name suggests—it’s a way of assessing the data protection impact of a particular project or process on any...
ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998...
The General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) contains a set of core data protection principles that controllers must comply with. These are...
Why you need to manage this risk Data protection is one of the most challenging areas of risk management—the law is complex and wide-ranging, it operates at domestic, EU...
This Practice Note explores issues and best practice relating to the sharing of personal data between controllers (including joint controllers and independent...
You must monitor, report (to the SRA) and, where appropriate, publish data regarding the diversity of your workforce. The SRA is prescriptive about what data you must...
An employer will usually wish to process, ie collect, use and record, data concerning an individual’s health (health information) in a number of different circumstances....
ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998...
