Search results
590 results ordered by
New guidance on balancing data protection with the FCA's Consumer Duty and the TPR's Code of Practice
The Financial Conduct Authority (FCA), Information Commissioner's Office (ICO) and The Pensions Regulator (TPR) have published welcome guidance (Joint Statement) aimed at retail investment firms and pension providers on how to ensure their customer communications comply with the FCA's Consumer Duty (Consumer Duty) and the TPR’s Code of Practice (Code of Practice), whilst ensuring they follow the rules on direct marketing and data protection.
Read moreNew Standard Contractual Clauses for data importers outside the EAA but subject to the GDPR
Are the EU’s Standard Contractual Clauses (SCCs) needed if a data importer is located outside the European Economic Area (EEA) and already directly subject to the EU General Data Protection Regulation (EU GDPR)? In other words, where third party controllers and processors are based outside the EAA but subject to the GDPR, do you still need the SCCs to enable a lawful international transfer to them?
Read moreThe UK’s new Data (Use and Access) Bill
What does the UK’s new Data (Use and Access) Bill (the Data Bill) mean for businesses?
Read moreThe EU's Cyber Resilience Act: 10 on the 10
Today the EU's Cyber Resilience Act (Regulation (EU) 2024/2847) ('CRA') enters into force. The CRA recognises that the continuously evolving world of smart products is frequently challenged by vulnerabilities which can potentially lead to cyber-security incidents. Whilst most of the Act's obligations will not be applicable until three years from now, 10 December is the day when the EU takes a big step towards it's ten-year Cybersecurity Strategy. To mark the occasion, we have outlined ten key points that entities in scope must be aware of in preparation for compliance with the CRA.
Read moreEDPB’s new publications on the ePrivacy Directive, processors and legitimate interests
What are the key takeaways for organisations processing personal data set out in the recent Guidelines and Opinions adopted by the European Data Protection Board (EDPB)?
Read moreICO Statement on Generative AI Model Training
What position does the Information Commissioner’s Office (ICO) continue to take on Generative AI Model training?
Read moreICO reprimands Sky Betting and Gaming for using non-essential cookies without users’ consent
What proactive steps should website operators take to ensure that their use of cookies complies with UK data protection law? Put another way, are you sure personal data is not being collected by your website’s advertising cookies before users have consented to their deployment?
Read moreIrish DPC fines LinkedIn €310m for behavioural analysis and targeted advertising breaches
How certain do data controllers need to be of their lawful basis for processing personal data when engaging in behavioural analysis and targeted advertising, and how clearly must this be reflected in a privacy policy?
Read moreDORA Watch - November 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read moreData Dispatch - November 2024
Welcome to the eighth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read moreNew Data (Use and Access) Bill
What does the new Data (Use and Access) Bill (the Data Bill) mean for businesses?
Read moreCyber_Bytes Issue 69
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreNavigating a cyber breach
Cyber attacks remain a board-level concern for companies given their ability to disrupt services and unleash serious repercussions on financial, reputational, and operational fronts.
Read moreDORA Developments Compilation – October 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read moreData Dispatch - October 2024
Welcome to the seventh edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read moreThe EU Cyber Resilience Act targets digital components made available in the EU market throughout the entire supply chain of a product
Last month, the EDPB published their "Guidelines on Examples regarding Personal Data Breach Notification" (the Guidelines). These are intended to provide "practice-oriented, case-based" guidance on when it is necessary to notify the relevant supervisory authorities (the SA) under Article 33(1) of the GDPR and/or data subjects under Article 34(1) of the GDPR following a personal data breach.
Read moreUK's new AI Cyber Security Code of Practice
What is the UK's proposed AI Cyber Security Code of Practice?
Read moreEU AI Act into force 1 August 2024
The EU AI Act came into force across all 27 EU member states on 1 August 2024. The aim of the legislation is to ensure AI systems used in the EU are safe and transparent.
Read moreNew Minister for Data Protection Sir Chris Bryant
On 8 July 2024, the Government appointed Sir Chris Bryant as the Minister of State for Data Protection and Telecoms (as well as Minister of State for Creative Industries, Arts and Tourism).
Read moreSocial media and video sharing platforms targeted by ICO over children's privacy practices
What must social technology platforms be aware of to ensure they are following the ICO's codes of practice for children's online safety?
Read moreUber hit with €290m fine for transferring European driver data to its US HQ
What does the Uber fine signal for international data transfers and the consequences of failing to comply with the EU General Data Protection Regulation (EU GDPR)?
Read moreX suspends personal data training of AI chatbot Grok following Irish DPC pressure
How are the data regulators addressing the use of personal data when training AI language models?
Read moreThe UK's Digital Information and Smart Data Bill
What can we expect from the new Digital Information and Smart Data Bill (the DISD Bill)?
Read moreCyber_Bytes Issue 68
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read morePart 6 – Practical Considerations
AI focussed actors and providers have been focussing on their forthcoming AI obligations and on governance for some time, but it is now prudent for the majority of organisations to assess how their use of AI will come within the scope of regulation in key territories and become familiar with each regime (and devise a means to keep up with the anticipated fast moving changes). Planning for the costs of compliance and for AI governance including systems and procedures for data retention and record keeping should also be part of current business strategy together with building expertise on AI internally and identifying trusted advisors from the "noise" of what is being offered externally.
Read moreDORA Watch – August and September 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read moreData Dispatch - September 2024
Welcome to the sixth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read moreCyber_Bytes Issue 67
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreICO Processor fine – the ICO's approach to assessing technical standards and its impact
The ICO recently confirmed its provisional decision to fine Advanced Computer Software Group £6.09 million following a data breach that it suffered in 2022.
Read moreCyber_Bytes Issue 66
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read morePart 4 – AI Regulation in Asia
This is Part 4 of 'Regulation of AI – raising the trillion dollar bAIby'
Read more“Consent or pay” models under scrutiny in UK and EU
Are “consent or pay” business models compliant with data protection law?
Read moreICO forces Serco Leisure to stop using facial recognition technology for employees
In what circumstances can facial recognition technology (FRT) be acceptable to monitor employees in the workplace?
Read moreOfcom and ICO to collaborate on Online Safety and Data Protection
How are the data protection and broadcasting regulators collaborating to regulate online services from a safety and privacy perspective, and what does this mean for businesses and services regulated by both bodies?
Read moreICO publishes guidance on content moderation
What steps should businesses operating content moderation systems in the UK be taking to comply with new guidance published by the UK’s Information Commissioner (ICO)?
Read moreThe ICO’s strategic approach to regulating AI
How can the ICO’s recently published AI strategy paper help businesses navigate the evolving AI regulatory landscape, particularly in respect of data protection principles?
Read moreNew development: DPDI Bill fails to become law
The Data Protection and Digital Information Bill (DPDIB), the proposal for post-Brexit data protection laws in the UK, did not pass through Parliament before its dissolution on 24 May 2024 ahead of the general election on 4 July 2024. This means that the DPDIB has failed to become law and any proposals for data reform in the UK will largely need to start afresh in the new Parliament.
Read moreDORA Watch – June and July 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read moreCyber_Bytes Issue 65
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreData dispatch - July 2024
Welcome to the fifth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read more2024 Amendments to the Cybersecurity Act 2018
The Cybersecurity Act 2018 (the "Act") first came into force more than 6 years ago to establish a legal framework for the oversight and maintenance of national cyber security in Singapore.
Read moreProviding the identity of third-party recipients of personal data to a data subject – helpful guidance from the High Court
The High Court has handed down a helpful judgment for data controllers responding to data subject access requests which analyses the circumstances in which it may be appropriate for a data controller to withhold the identities of third parties who have been provided with a data subject's personal data.
Read moreCyber_Bytes Issue 64
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreThe Role of AI in Disputes
While lawyers have had various forms of AI available to them for years, it is generative AI and the development of large language models (LLMs) which is likely to represent a fundamental shift for dispute resolution. This technology now offers language capabilities that have never been seen before, and is likely to transform the way lawyers conduct proceedings.
Read moreWhat is AI and why is it topical?
Whilst there is no universal definition of what constitutes artificial intelligence, at its core, AI refers to the simulation of human intelligence in machines that are programmed to think and learn like humans. This encompasses the ability to reason, learn from experience, understand complex concepts, interact with their environment and look to solve problems.
Read moreCyber_Bytes Issue 63
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreData dispatch - April 2024
Welcome to the fourth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read moreDepartment for Science, Innovation and Technology consults on proposed data infrastructure statutory framework
What statutory obligations could the Department for Science, Innovation and Technology’s (DSIT) proposed statutory framework impose on UK data centre providers?
Read moreStay connected and subscribe to our latest insights and views
Subscribe Here