Data and privacy
New guidance on balancing data protection with the FCA's Consumer Duty and the TPR's Code of Practice
The Financial Conduct Authority (FCA), Information Commissioner's Office (ICO) and The Pensions Regulator (TPR) have published welcome guidance (Joint Statement) aimed at retail investment firms and pension providers on how to ensure their customer communications comply with the FCA's Consumer Duty (Consumer Duty) and the TPR’s Code of Practice (Code of Practice), whilst ensuring they follow the rules on direct marketing and data protection.
Read morePrivacy developments – looking back and looking forward
In this article, we give you a high-level snapshot of the key data protection and privacy developments in the UK and EU in 2024 as well as developments we anticipate for 2025.
Read moreThe EU's Cyber Resilience Act: 10 on the 10
Today the EU's Cyber Resilience Act (Regulation (EU) 2024/2847) ('CRA') enters into force. The CRA recognises that the continuously evolving world of smart products is frequently challenged by vulnerabilities which can potentially lead to cyber-security incidents. Whilst most of the Act's obligations will not be applicable until three years from now, 10 December is the day when the EU takes a big step towards it's ten-year Cybersecurity Strategy. To mark the occasion, we have outlined ten key points that entities in scope must be aware of in preparation for compliance with the CRA.
Read moreDORA Watch - November 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read moreData Dispatch - November 2024
Welcome to the eighth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read moreNew Data (Use and Access) Bill
What does the new Data (Use and Access) Bill (the Data Bill) mean for businesses?
Read moreCyber_Bytes Issue 69
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreNavigating a cyber breach
Cyber attacks remain a board-level concern for companies given their ability to disrupt services and unleash serious repercussions on financial, reputational, and operational fronts.
Read moreDORA Developments Compilation – October 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read moreDigital operational resilience: the UK regulatory landscape
Operational Resilience in the supply chain has become an undeniable priority for all financial service providers across the continent.
Read moreData Dispatch - October 2024
Welcome to the seventh edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read moreThe EU Cyber Resilience Act targets digital components made available in the EU market throughout the entire supply chain of a product
Last month, the EDPB published their "Guidelines on Examples regarding Personal Data Breach Notification" (the Guidelines). These are intended to provide "practice-oriented, case-based" guidance on when it is necessary to notify the relevant supervisory authorities (the SA) under Article 33(1) of the GDPR and/or data subjects under Article 34(1) of the GDPR following a personal data breach.
Read moreCyber_Bytes Issue 68
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreDORA Watch – August and September 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read moreData Dispatch - September 2024
Welcome to the sixth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read moreCyber_Bytes Issue 67
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreICO Processor fine – the ICO's approach to assessing technical standards and its impact
The ICO recently confirmed its provisional decision to fine Advanced Computer Software Group £6.09 million following a data breach that it suffered in 2022.
Read moreCyber_Bytes Issue 66
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreDORA Watch – June and July 2024
As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.
Read moreCyber_Bytes Issue 65
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreData dispatch - July 2024
Welcome to the fifth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read moreHow will the "Genny lec" impact the world of cyber and tech?
On 22 May 2024, Prime Minister Rishi Sunak stood in the pouring rain to announce a General Election, thus commencing a summer of political and meteorological uncertainty for those in the UK.
Read more2024 Amendments to the Cybersecurity Act 2018
The Cybersecurity Act 2018 (the "Act") first came into force more than 6 years ago to establish a legal framework for the oversight and maintenance of national cyber security in Singapore.
Read moreProviding the identity of third-party recipients of personal data to a data subject – helpful guidance from the High Court
The High Court has handed down a helpful judgment for data controllers responding to data subject access requests which analyses the circumstances in which it may be appropriate for a data controller to withhold the identities of third parties who have been provided with a data subject's personal data.
Read moreCyber_Bytes Issue 64
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreCyber_Bytes Issue 63
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreData dispatch - April 2024
Welcome to the fourth edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a regular basis with an easy-to-digest summary of key developments in data protection law.
Read moreCyber_Bytes - Issue 62
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreCyber_Bytes Issue 61
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreCyber_bytes - Issue 60
Welcome to Cyber_bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreData dispatch - January 2024
Welcome to the third edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a monthly basis with an easy-to-digest summary of key developments in data protection law.
Read moreData dispatch - December 2023
Welcome to the second edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a monthly basis with an easy-to-digest summary of key developments in data protection law.
Read moreCyber_Bytes - Issue 59
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreFines for PDPA Breaches: How Clear is the Crystal Ball?
The Singapore Personal Data Protection Commission ("PDPC") has recently issued a number of new enforcement decisions.
Read moreCyber_Bytes - Issue 58
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreData dispatch - October 2023
Welcome to the first edition of Data Dispatch from the Data Advisory team at RPC. Our aim is to provide you on a monthly basis with an easy-to-digest summary of key developments in data protection law.
Read moreCyber_Bytes - Issue 57
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreChanges to the One Stop Shop
In July 2023 the European Commission issued a Proposal for a Regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679 (the 'GDPR' Regulations).
Read moreRansoms and Sanctions and Fines (oh my!)
Ransomware attacks are happening all the time. Just the other month, the Cl0p ransomware gang claimed responsibility for the exploitation of a zero-day vulnerability in the MOVEit Transfer tool.
Read moreCyber_Bytes - Issue 56
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreCyber_Bytes - Issue 55
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreCyber_Bytes - Issue 54
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreCyber_Bytes - Issue 53
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreCyber_Bytes - Issue 52
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreCyber_Bytes - Issue 51
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreCyber_Bytes - Issue 50
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreRPC Law x Web3: Gambling regulations – Don't Play Games of Chance with the Law
This is part of a series of RPC x Web3 articles designed to help Web3 participants and enthusiasts understand their rights in this rapidly evolving space.
Read moreCyber_Bytes - Issue 49
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreThe NIS Regulations to expand to bring outsourced IT providers and managed service providers into scope
The UK's Network and Information Systems ("NIS") Regulations came into force in May 2018 to boost the level of security of network and information systems for the provision of essential services, such as transport, energy, water, health and digital infrastructure ("operators of essential services (OES)"). These Regulations also applied to digital services, such as online marketplaces, online search engines and cloud computing services ("relevant digital service providers (RDSPs)").
Read moreCyber_Bytes - Issue 48
Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.
Read moreStay connected and subscribe to our latest insights and views
Subscribe Here