On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for public comments from the European Data Protection Board regarding their Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR).
Continue Reading CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules
United Kingdom
Rosemary Jay Receives 2022 PICCASO Privacy Award for Achievement
On December 9, 2022, Hunton Andrews Kurth LLP London senior consultant attorney Rosemary Jay received the 2022 PICCASO Privacy Award for Achievement in recognition of her longstanding contributions to the data privacy industry.
Continue Reading Rosemary Jay Receives 2022 PICCASO Privacy Award for Achievement
UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge
On December 15, 2022, the UK government and the Dubai International Financial Centre Authority issued a joint statement on the shared commitment to deepening the UK-DIFC data partnership. …
Continue Reading UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge
UK ICO Publishes New Direct Marketing Guidance and Checklists
The UK Information Commissioner’s Office recently published a package of detailed guidance and checklists for direct marketing activities.
Continue Reading UK ICO Publishes New Direct Marketing Guidance and Checklists
UK Cyber Laws Extended to Bring Outsourcers and Managed Service Providers into Scope to Strengthen UK’s Resilience Against Online Cyber Attacks
On November 30, 2022, the UK government confirmed that the Network and Information Systems Regulations 2018 will be strengthened to protect essential and digital services against cyber attacks.
Continue Reading UK Cyber Laws Extended to Bring Outsourcers and Managed Service Providers into Scope to Strengthen UK’s Resilience Against Online Cyber Attacks
The UK ICO and Ofcom to Work Together on Online Safety and Data Protection
On November 25, 2022, the UK Information Commissioner’s Office and the UK’s communications regulator, Ofcom, issued a joint statement setting out how they intend to work together to “ensure coherence between the data protection and the new online safety regimes.”…
Continue Reading The UK ICO and Ofcom to Work Together on Online Safety and Data Protection
UK Finalizes South Korea Adequacy Decision
On November 23, 2022, the UK government’s Department for Digital, Culture, Media & Sport announced that it had completed its assessment of South Korea’s personal data legislation, and concluded that sufficiently strong privacy laws are in place to protect UK personal data transferred to South Korea while upholding the rights and protections of UK citizens.
Continue Reading UK Finalizes South Korea Adequacy Decision
UK ICO Publishes New Guidance and a Tool for Transfer Risk Assessments
On November 17, 2022, the UK Information Commissioner’s Office published updated guidance on international transfers that includes a new section on transfer risk assessments and a transfer risk assessment tool. …
Continue Reading UK ICO Publishes New Guidance and a Tool for Transfer Risk Assessments
The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand
On November 2, 2022, the ICO issued the UK Department for Education with a formal reprimand following an investigation into the sharing of personal data stored on the Learning Records Service, a database which provides a record of pupils’ qualifications that the DfE has overall responsibility for. …
Continue Reading The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand
UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations
On October 24, 2022, the UK Information Commissioner’s Office issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the GDPR, during the period of March 2019 to December 2020.
Continue Reading UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations