GDPR Review

As we all work with our businesses to prepare for the GDPR, the guidance is trickling through. An ICO consultation on GDPR consent opened and closed in March. The draft guidance goes further than the GDPR, in requiring that consent be informed, specific, granular, clear, prominent, documented and easy to withdraw. For more details about the consent requirements, please click here for our GDPR consent guidance update.

As we go to print, the ICO is now seeking feedback on profiling and automated decision making (the "feedback"), with an imminent deadline of 28 April and the UK government has issued a 'call for views' on GDPR derogations. We will report fully on these in our next alerter. Please click here for the feedback request.

The insurance sector faces unique challenges in tackling privacy notices and the need for explicit consent for the handling of sensitive personal data, including health data. Please click here to read our article about this. We are working with the LMA, IUA, LIIBA, BIBA, ABI, BIPAR, and Lloyds on an industry approach to this. Click here for an update on our industry request to DCMS for them to legislate for a new legal ground for processing sensitive personal data for the insurance industry, and our industry feedback to the ICO consultation on consent.

Finally, in the government's launch of its UK Digital Strategy on 1 March 2017, which confirmed its aim to place us at the forefront of the digital economy, the government gave its commitment to ensuring that transborder data flows with Europe will not be interrupted by Brexit. Please click here for our UK Digital Strategy alert. Linked to this, the Information Commissioner has already recommended that the UK should apply for a data protection adequacy finding before we leave the EU, to deal with UK-EU data flows. Please click here for our adequacy finding alert.

ICO News

The ICO has published a paper addressing artificial intelligence, machine learning and big data. It looks at big data analytics and how it fits in with the current data protection climate and the imminent GDPR. Please click here to read more about the ICO's recommendations.

The ICO continues its commitment to data protection enforcement and continues to issue fines for unlawful use of data in marketing, including one of its highest fines to date. Please click here for our ICO Enforcement Round Up.


The European Data Protection Supervisor has set out its focus for the upcoming year and has published its 2017 priorities. Click here for our alert.

The EDPS has also published its opinion on the proposed digital content directive. For more information about the data protection points it raises, please click here.

UK court decisions

The UK courts have taken on Subject Access Requests and have handed down 4 significant decisions on this issue. For detailed information please click here for our report.

The UK courts have also confirmed that data protection claims can now be brought alongside defamation claims. For more information please click here for our case update.

US updates

The EU-US "Umbrella" Agreement is now in force which protects data exchanged by authorities. The Judicial Redress Act was also signed by former President Obama which gives EU citizens the right of challenge in the US courts where their data has been misused. Please click here and here for our US alerts.

Privacy Shield round-up

President Donald Trump's Executive Order of 25 January 2017 has raised concerns among European data protection authorities culminating in them writing to the US authorities voicing their concerns about Privacy Shield's validity. The WP29 has also published guidance on handling complaints under the Privacy Shield. Please click here and here for our Privacy Shield alerts.

Cyber news

A number of interesting industry reports have been published recently on the impact of cyber threats. The NCSC and NCA have produced a report on the impact of cyber threats on UK businesses. Lloyds has also issued a report looking into the impact of cyber terrorism on city infrastructure. For more insight, please click here for our Cyber Update.

Updates from across the world

To read our updates from across the world, please click here.