My blog

UK adequacy decisions – lukewarm thumbs-up from the EDPB

15/04/21 – If you’ve been following the progress of the UK adequacy decisions (see updates from December 2020 and March 2021), you will know that we have been waiting for the European Data Protection Board’s opinions on the draft UK adequacy decisions.  As per the EDPB’s press release yesterday, these opinions have now been adopted. […]

Read more »

EU-UK data transfers – update

30/03/21 – As part of the Trade and Cooperation Agreement announced just before Christmas, the EU and the UK agreed a six-month ‘bridging period’ allowing transfers of personal data from the EEA to the UK to continue freely until 30th June 2021 – more detail here.  Half-way through the bridging period is probably a good […]

Read more »

Who owns the copyright in software created by your employees?

12/03/21 – In accordance with the Copyright, Designs and Patents Act 1988 where any work “is made by an employee in the course of his employment, his employer is the first owner of any copyright in the work, subject to any agreement to the contrary”.

Read more »

European Commission publishes draft UK adequacy decisions

22/02/21 – On 19 February 2021 the European Commission published two adequacy decisions, one for transfers of personal data to the UK under the GDPR and the other under the Law Enforcement Directive.  Although perhaps not surprising, this is still a positive step because it means the Commission has concluded that the UK does ensure […]

Read more »

EU-UK data transfers from 1st January 2021 – where are we?

29/12/20 – Prior to the announcement of the EU-UK Trade and Cooperation Agreement [1], I was having to explain to a client that it was looking increasing likely that, from 1st January 2021, transfers of personal data from organisations located in EEA countries to the UK would no longer be lawful.

Read more »

European Commission publishes new draft SCCs for consultation

19/11/20 – By way of background, transfers of EU citizens’ personal data to locations outside the European Economic Area (EEA) require a GDPR-permitted transfer mechanism.

Read more »

EDPB Guidelines on controllers and processors

21/09/20 – On 2 September 2020, the European Data Protection Board (EDPB) adopted ‘Guidelines 07/2020 on the concepts of controller and processor in the GDPR’.  The Guidelines deal with the principles underpinning the differences between controllers and processors, and also delve into the more esoteric world of joint controllers.

Read more »

Demise of the EU-U.S. Privacy Shield

23/07/20 – If you, as a ‘data exporter’, want to transfer personal data to a country outside the EEA (and which is not one of the 12 countries that have been granted an adequacy decision by the European Commission), then you need to use one of the GDPR-approved ‘transfer mechanisms’.

Read more »

The P2B Regulation – regulating the e-commerce gatekeepers

13/07/20 – The EU Platform to Business Regulation (the ‘P2B Regulation’) came into effect on 12 July 2020.  The P2B Regulation applies to all online platforms and search engines which provide services to business users in the EU, where those business users offer goods or services to consumers in the EU.

Read more »

Government’s response to the Law Commission’s report on Electronic execution of documents

12/03/20 – The UK government has issued a Statement in response to the Law Commission’s report on Electronic execution of documents.  My article on the Law Commission’s report can be accessed here. Key takeaways from the government’s Statement: The government agrees with the report’s conclusion that businesses and individuals can feel confident in using e-signatures […]

Read more »

Get in touch

  • Your email address will only be used to respond to your message