The Data Protection Act 1998 is an Act of the Parliament of the United Kingdom that regulates the processing of personal data. The Act regulates how data can be used and how it should be stored.

The Data Protection Act 2018 has been designed to provide a clearer and more up-to-date set of rules for organisations to follow when processing personal data.The new legislation brings together the current data protection framework, which was made up of sector-specific legislation that has been in place since 1998, with some updates and changes.

The Record of Processing Activities serves to enable an organisation to have a clear picture, internally, of processing activities as well as providing evidence to authorities as how to data is being used.

Under Article 35(1) of the GDPR companies and organisations are required to conduct a Data Protection Impact Assessment where their processing activities are likely to result in high risk to the rights and freedoms of data subjects. The DPIA should be done BEFORE processing begins, in line with the principles of data processing by design and default

Almost three years into the GDPR, companies, by now, understand they have to be GDPR compliant but they don’t always know that if they are a Non-EU company falling under the scope of GDPR, that does not have an enterprise in the EU, they will probably need an EU representative to be in place, as provided by Article 27.

A temporary solution has been agreed between the UK and EU to allow data flows to continue for a period of up to six months following the United Kingdom’s departure. Data transfer arrangements currently in place will continue for this defined period while it is being decided whether the UK will be given ‘adequacy’ status.

Automatic dropping of cookies onto visitors to both Amazon.fr and Google.fr have landed the two companies with huge fines. The French data protection agency, CNIL, has issued penalty notices of €35 million and €100 million respectively after an investigation into breaches of Article 82 of the GDPR.

Facebook is updating its Messenger products to align with new GDPR privacy rules in Europe. This change will impact businesses globally that use Messenger ads products in the European Economic Area (EEA) and will result in some features being unavailable.

‘Cookie walls’ are not legal. This was the message reinforced by them on Monday in the update to their guidelines, in which they reiterated that consent should always be freely obtained. Clearly, permission is not at all free if a user has to accede to something in order to access a website.

Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic.” This, the summary by the Chair of the European Data Protection Board (EDPB) dated 19 March 2020.

The idea of having a Data Protection Officer within a company or organisation is to offer a further measure of security and added protection of the data that is collected and held, the DPO effectively acts as an extra safeguard

If you are a small or medium sized business finding that GDPR feels like an overwhelming task, focus of some key areas and objectives and get some of the important things off the list.

Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start of any project or when a change in the way data is used with your organisation occurs.

Sometimes referred to as ‘California’s GDPR’, there exists some significant difference between how data types and subjects rights are defined. Important differences include that definitions tends to be broader under CCPA and CCPA covers more types of data.

The first step when addressing the issue of Subject Access Requests (SARs) then is to ensure all staff members know what they are and crucially what they need to do with them.

If your website is based in the EU or directed towards EU citizens and you use cookies you must comply with the EU’s ePrivacy Directive which means consent to use cookies must be obtained before they are placed.

When data is transferred outside of your organisation to another EU country it is always recommended that you put a contract in place that specifies the conditions of the data transfer.

Consent within GDPR relates to you as an organisation clearly stating what a data subject is agreeing to and what rights that have when they agree to their personal data being processed.

The GDPR requires that you keep continuous records of activities within your organisation and you need to ensure compliance is being maintained by regularly updating them.

If the UK leaves the EU in a “No-Deal Brexit”, the UK will drop to "3rd country status" with no adequacy decision awarded.Under the GDPR, personal data can only be transferred to third countries in compliance with the conditions for cross-border data transfers set out in Chapter V (Articles 44 to 50, GDPR).

Conducting an organisation wide data audit to find out what personal data is being held, where and by whom. Once the data audit is complete, you should have a clear idea of what data your organisation keeps and how it is being used.

Most security breaches are performed by people inside the organisation running the target system. The most comprehensive software security configuration in the world means nothing if someone can approach your machine and boot a USB containing exploit code.

Flame was a game changer for malware threats. It became an instrumental tool for cyber attacks. Sophisticated threats will mean the requirement for sophisticated proactive security and an agreed robust international legal framework. Otherwise Governments will continue to evolve and use their Cyber weapons. At the very least these attacks are a wakeup call for all businesses nationally as well as internationally to adhere to compliance standards that will help protect their business and customer data.