On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth responded to a call for public comments from the European Data Protection Board regarding their Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules (Art. 47 GDPR).
Continue Reading CIPL Responds to EDPB’s Calls for Public Comments on Recommendations for Controller Binding Corporate Rules

On November 30, 2022, the UK government confirmed that the Network and Information Systems Regulations 2018 will be strengthened to protect essential and digital services against cyber attacks.
Continue Reading UK Cyber Laws Extended to Bring Outsourcers and Managed Service Providers into Scope to Strengthen UK’s Resilience Against Online Cyber Attacks

On November 25, 2022, the UK Information Commissioner’s Office and the UK’s communications regulator, Ofcom, issued a joint statement setting out how they intend to work together to “ensure coherence between the data protection and the new online safety regimes.”
Continue Reading The UK ICO and Ofcom to Work Together on Online Safety and Data Protection

On November 23, 2022, the UK government’s Department for Digital, Culture, Media & Sport announced that it had completed its assessment of South Korea’s personal data legislation, and concluded that sufficiently strong privacy laws are in place to protect UK personal data transferred to South Korea while upholding the rights and protections of UK citizens.
Continue Reading UK Finalizes South Korea Adequacy Decision

On November 2, 2022, the ICO issued the UK Department for Education with a formal reprimand following an investigation into the sharing of personal data stored on the Learning Records Service, a database which provides a record of pupils’ qualifications that the DfE has overall responsibility for.
Continue Reading The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand

On October 24, 2022, the UK Information Commissioner’s Office issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the GDPR, during the period of March 2019 to December 2020.
Continue Reading UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations