All you need to know about the General Data Protection Regulation (GDPR) (2016/679) News
EU plans risk-based artificial intelligence regulation
The European Commission recently published its proposal for the regulation of artificial intelligence, or AI, (Regulation) which will subject high-risk AI systems to strict obligations before being put on the market and has the potential for steep fines. Despite the UK’s departure from the EU, the Regulation is significant and its extra-territorial reach means many UK-based businesses stand to be affected.
A welcome step towards certainty for businesses transferring data from the EU to the UK
The European Commission has published its draft adequacy decision in respect of the UK, which is an important step towards the continued free flow of personal data from the EEA to the UK. Amir Kousari, Senior Associate and data protection expert at tech law firm Boyes Turner explains the implications.
On 10 November 2020, the European Data Protection Board (EDPB), issued a press release noting that it had issued its first Article 65 decision under the General Data Protection Regulation (GDPR), against Twitter. At the time of writing, this is all we know.
As the coronavirus continues to create significant challenges for families and businesses, we want to reassure our clients of the steps that Boyes Turner have taken in order to continue to provide a high level of client service.
The Information Commissioner’s Office (ICO) spent the summer flexing its newly acquired GDPR muscles, with one of its primary targets, Marriott International Inc. (“Marriott”) subject to an intention to fine notice of £99,200,396 for infringements of the regulation.
Marriott and BA fined by ICO – what the message is:
There was a naïve hope that the ICO would approach enforcing the new GDPR as gently as it had initially approached the same under the DPA, way back in 1998; some gentle fines and reminders to comply with the law, but basically, as long as you “had a go”, tried to comply, that would be acceptable.
This time last year, the General Data Protection Regulation (GDPR) took effect. Since then, it has undoubtedly been the busiest year to date in data protection compliance. Official figures from the International Association of Privacy Professionals show 375,000 newly registered Data Protection Officers, 280,000 new cases referred to regulators and $56,000,000 worth of fines issued in enforcement actions.
Can an organisation be liable for a GDPR breach by a disgruntled employee?
Breaches of GDPR could give rise to claims by those whose data has been misused, but can an organisation still be liable for breaches which occur as a result of the malicious actions of a disgruntled employee? Who ultimately holds responsibility for ensuring adherence to the Regulation?