bigdatalaw-Internet Lawyers London

With the GDPR coming into force in the UK on 25 May 2018 it is worth highlighting that the regulations have a broad territorial scope. For embassies and consulates in particular, non-compliance with GDPR could have  serious repercussions  not just for the organisation itself but also for the citizens and commercial enterprises that rely on embassy or consular services. WHERE DOES GDPR APPLY? EU EMBASSIES WITHIN THE EU AND ABROAD Article 3 of the GDPR deals with territorial scope. Where will the new rules apply? For a start the GDPR broadens the international reach of EU data protection rules. They will apply to: ·       The processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. ·       The processing of personal data of data subjects who are in the Union by a control...

The General Data Protection Regulation comes into force tomorrow. Despite what you may have heard, GDPR is not only about getting consent to process the personal information of those people your company interacts with. In the last few days, as the implementation date approaches, you may have been forgiven for believing this to be the case. A degree of panic among businesses appears to have set in regarding the consent issue. Stories of unnecessary GDPR consent emails clogging up inboxes have been widely reported. And the Information Commissioner’s website that contains detailed  GDPR compliance guidance  has crashed . Whether this is due to the sheer volume of traffic following relentless media pressure is unclear. At Big Data Law we have been advising on and  writing about GDPR implementation  for some time. Granted, it represents a big change for businesses that handle personal data with heavy fines a possibility. But it’s important not to overreac...

  Facebook’s PR nightmare following the recent Cambridge Analytica scandal shows no signs of abating. The EU Security Commissioner has just indicated that  Brussels is prepared to regulate  social media companies if they don’t quickly tackle head-on the mishandling of personal data that the Cambridge Analytica story appears to have exposed. We have already discussed why the Facebook/Cambridge Analytica story matters in  the context of GDPR .  Crucially it has moved the whole issue of data protection to the top of the political and media agenda.  Most of the commentary has centred on the issue of consent. But as we watch the story develop we think it also raises important points about another key data protection rule: the principle of purpose limitation. WHAT IS PURPOSE LIMITATION? Article 5(b) of the GDPR reaffirms the principle of the existing rules on purpose limitation. It also introduces a few minor additional safeguards for further...