The EU Commission has awarded the UK two adequacy decisions. The first recognises that the UK meets the requirements of the GDPR (General Data Protection Regulation), and the other recognises that it meets the requirements of the Law Enforcement Directive. …

The GDPR (General Data Protection Regulation) is characterised by its widespread departure from previous European data protection laws – and one area where this is particularly the case is the scope of its application. Not only does the GDPR apply …

On New Year’s Eve 2020, the UK and EU struck a deal allowing personal data to continue flowing freely between the territories until 30 June 2021. The agreement bridges the gap between the end of the Brexit transition period and …

In 2016, Marriott International purchased Starwood Hotels & Resorts to become the world’s largest hotel chain. But at no point during that $13.6 billion takeover did Marriott realise that it wasn’t only acquiring 11 new brands but also an unsecure …

The EU GDPR (EU General Data Protection Regulation) and – following Brexit – the UK GDPR (UK General Data Protection Regulation) restrict transfers of personal data outside of the EU and UK respectively. You may have been told that, to …

Although the GDPR (General Data Protection Regulation) is rooted in EU law, organisations across the globe have been told that they must comply with its requirements. This has been most prominent in the US, which is the EU’s biggest trading …

The ICO (Information Commissioner’s Office) has published guidelines that clarify organisations’ requirements when data subjects exercise their right to access to their personal data. It follows a consultation period in which the data protection body observed that there was still …