Related insights: Cyber Risk
Tribunal considers lawfulness of Experian's direct marketing operations
06 Mar 2023
In a recent case, Experian Limited v the ICO [2023] UKFTT 00132 (GRC), the First-Tier Tribunal (Information Rights) provided useful judicial commentary for data controllers in relation to the appropriateness of using "legitimate interests" as a lawful basis for direct marketing purposes, what constitutes sufficient transparency of processing, and the application of Article 14 of the GDPR.
Data Subject Access Requests - required to provide copies of emails?
09 Feb 2023
Following our two-part series which considered the impact of European decisions on the scope of data subject access requests (DSARs), a further opinion has been released by the AG that limits the scope of DSARs.
This opinion (in the case of Österreichische Datenschutzbehörde and CRIF - Case C-487/21) concerns whether the data subject is entitled to a "copy" of the document which contains their personal data, or if it is sufficient to provide an extract.
This decision could have large practical impacts on how data controllers respond to DSARs both in the EU (where it is directly applicable) and in the UK (where it will be persuasive).
This opinion (in the case of Österreichische Datenschutzbehörde and CRIF - Case C-487/21) concerns whether the data subject is entitled to a "copy" of the document which contains their personal data, or if it is sufficient to provide an extract.
This decision could have large practical impacts on how data controllers respond to DSARs both in the EU (where it is directly applicable) and in the UK (where it will be persuasive).
Rise of cyber warfare: The growing threat of cyber-attacks in modern conflicts and the impact on businesses
20 Jan 2023
The current risk of cyber-attacks in Western society is, arguably, as high as it has ever been. Following the initiation of Russia's attack on Ukraine in early 2022, the National Cyber Security Centre (NCSC) urged UK organisations to bolster their online defences. Similarly, the Cybersecurity and Infrastructure Security Agency (CISA) and FBI warned of heightened threats to US organisations.
The ICO's new policy on reprimands
19 Dec 2022
Since 2021 the ICO has increased its use of reprimands in its enforcement activity and from December 2022 it will be routinely publishing reprimands. What is a reprimand, how might it impact you and what is the effect of this change of policy by the ICO? Read more
Cybersecurity expert warns businesses against increasingly sophisticated attacks
08 Dec 2022
With phishing scams on the rise, what practical steps can be put in place by organisations to protect themselves from cyber threats? Womble Bond Dickinson takes a look.
ICO fines organisation £4.4m for failing to have adequate security controls in place
01 Nov 2022
Womble Bond Dickinson's cyber security and technology litigation practitioners consider the key takeaway points from the ICO's recent penalty notice of £4.4million, issued to Interserve Group Ltd following a personal data breach that one of its subsidiaries suffered when it fell victim to a ransomware attack in early 2020.
The Internet of "vulnerable" Things?
05 Oct 2022
Organisations need to remain constantly vigilant against cyber attacks, particularly in relation to the Internet of Things (IoT). Can organisations be both hyperconnected and secure?
Change in approach to rights of access - Data Protection and Digital Information Bill
21 Sep 2022
The recent introduction of the Data Protection and Digital Information Bill provides further insight into the government's plans for reducing the burden caused too many organisations by data subject access requests (DSARs).
Part 2: European change in direction for access to personal data?
08 Jul 2022
The Courts are struggling to scope data subject access requests (DSARs) - one decision being beneficial to controllers who are also in litigation with the data subject.
Part 1: European change in direction for access to personal data?
01 Jul 2022
Two recent decisions from Europe show the struggles the Courts are facing to determine the scope of data subject access requests (DSARs) - one decision being potentially beneficial to controllers who are also in litigation with the data subject; the other of potential concern where a data subject wishes to know who has received their personal data.
Insights
Stay informed
