24 July 2018
A cloud service provider of apps and storage for businesses is a data processor. However, that does not mean it is not exempt from appointing a Data Protection Officer (DPO) if the data processed presents potential risks to the rights and freedoms of others, or large scale systematic processing.24 July 2018
Under the GDPR, you must appoint a data protection officer (DPO) if you: 1) are a public authority (except for courts acting in their judicial capacity); 2) carry out large scale systematic monitoring of individuals (for example, online behaviour tracking); or 3) carry out large scale processing of special…21 July 2018
The ePrivacy Regulation (PECR) is set to particularise GDPR for electronic communications and is focused only on electronics — devices, processing techniques, storage, browsers etc. It is the successor to the current ePrivacy Directive, known as the ‘Cookie Law’ because it has governed the statement frequently seen on Europe-based sites…21 July 2018
Consent cannot be inferred. It cannot be implied. A badly written opt-out buried in terms and conditions is not consent. The 1995 Data Protection Directive defines consent as: “Any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data…20 July 2018
In respect of the data subject enforcing their rights, it should first be noted that withdrawing consent, i.e. removing the controller's right to use your data, is not the same as the right of erasure. Consent is specific and unambiguous and is given for a particular…20 July 2018
When seeking to acquire informed consent the default solution tends to be that you can obtain a written consent from each and every customer. This is of course perfectly fine, if it is manageable. But even overcoming this task leaves the burden of gathering the consent documents and filing…20 July 2018
The Article 29 Working Party (WP29) published an assessment of the balance between legitimate interests of employers, and the reasonable privacy expectations of employees. In which it outlines the risk assessment posed by modern working practices, where new technologies enable more systematic processing of employees’ personal data at work, which…17 July 2018
The key changes including in the General Data Protection Regulation (GDPR): The Regulation will enforce tough penalties – proposed fines up to 4% of annual global revenue or €20million, whichever is greater. Even though the UK will not be in the EU in post-Brexit, we will still have to…03 July 2018
There are many outsourced-HR companies, and so naturally, they hold personal data such as an individual’s Name, Address, DOB, NI, Bank Details, Salary etc. Some HR companies provide software or Apps to process payroll, pay invoices and employee expenses, bonuses etc. Care needs to be takes as to whether the…04 June 2018
Three Graces Legal is a commercial law firm which has many years' experience in dealing with civil claims for compensation, including large commercial dispute matters. We also deal with claims arising out of breach of the Data Protection Act and GDPR. Our specialist data protection claims solicitor, Aaron Pearson, is…To find how our friendly and knowledgeable solicitors can help you, contact us today.
Make a free enquiry - Call now - 0151 659 1070