Privacy

Direct marketing to business contacts

29/11/22 – The Information Commissioner’s Office (ICO) recently published new guidance on email marketing and phone marketing.  The guidance is supplementary to the ICO’s Guide to the Privacy and Electronic Communications Regulations (PECR) and (124-page) draft Direct Marketing Code of Practice. Direct marketing is a fiddly area, with different rules depending on whether you’re using […]

Read more »

UK data protection law update – October 2022

19/10/22 – After the uncertainties regarding post-Brexit transfers of data from the UK to third countries, the International Data Transfer Agreement (IDTA) finally came into force on 21st March 2022.  Since then things have been a bit calmer.  Or at least until a couple of weeks ago when the Secretary of State for Digital, Culture, […]

Read more »

UK IDTA comes into force

21/03/22 – As expected, the International Data Transfer Agreement (IDTA), as well as the Addendum to EU SCCs, came into force today as appropriate safeguards for transfers of personal data from the UK to third countries under Article 46 of the UK GDPR.  As part of the transitional arrangements the old EU SCCs (with appropriate […]

Read more »

What’s happening with UK international data transfers?

01/02/22 – If you or your organisation transfers, or may transfer, personal data to third countries, i.e. countries that are not considered to have an ‘adequate’ level of data protection (which currently includes the U.S.), then read on.  If not, then feel free to skip. Back in August last year we looked at a brand new international […]

Read more »

What’s happening with SCCs? – Part 3 (UK SCCs)

Part 1 and Part 2 of the What’s been happening with SCCs? updates have tracked the EU’s and the UK’s progress in developing standard contractual clauses (SCCs) to deal with the transfer of personal data to third countries, i.e. countries that are not considered to have an ‘adequate’ level of data protection, as well as […]

Read more »

EU-UK data transfers – final update

05/07/21  (updated) – As part of the Trade and Cooperation Agreement the EU and the UK agreed a six-month ‘bridging period’, allowing transfers of personal data from the EEA to the UK to continue freely until 30th June 2021, to give the European Commission enough time to adopt the adequacy decisions which are necessary to […]

Read more »

What’s happening with SCCs? – Part 2

09/06/21 – At the end of last week, and more than three months later than originally expected, the European Commission published final versions of its new standard contractual clauses (SCCs) for the transfer of personal data to third countries (New EU SCCs). The New EU SCCs replace the standard contractual clauses adopted by the European […]

Read more »

What’s happening with SCCs? – Part 1

05/05/21 – If your organisation does not transfer personal data to ‘third countries’, i.e. countries outside the EEA that do not have a UK adequacy finding, then breathe a sigh of relief and feel free to go and do something else.  If, however, your organisation does transfer personal data to a ‘third country’ (which for […]

Read more »

UK adequacy decisions – lukewarm thumbs-up from the EDPB

15/04/21 – If you’ve been following the progress of the UK adequacy decisions (see updates from December 2020 and March 2021), you will know that we have been waiting for the European Data Protection Board’s opinions on the draft UK adequacy decisions.  As per the EDPB’s press release yesterday, these opinions have now been adopted. […]

Read more »

EU-UK data transfers – update

30/03/21 – As part of the Trade and Cooperation Agreement announced just before Christmas, the EU and the UK agreed a six-month ‘bridging period’ allowing transfers of personal data from the EEA to the UK to continue freely until 30th June 2021 – more detail here.  Half-way through the bridging period is probably a good […]

Read more »

Get in touch

  • Your email address will only be used to respond to your message