data protection


Employers Liability for Data Breaches

The UK Supreme Court has handed down its judgment in the case of a claim brought against Morrisons supermarkets by various former and current employees. The claim relates to a data breach which occurred in 2014. Background Morrisons employed Andrew Skelton as part of the internal audit team. In late 2013 he had the task of sending the entire payroll to external auditors, as he […]


The GDPR – Part 2

Accountability The GDPR introduces the concept of accountability.  Governance under the GDPR must be transparent. Data controllers and processors must put in place comprehensive but proportionate systems of governance. Good practice tools such as privacy impact assessments and privacy by design are mandatory in some circumstances. Applying these methods helps to minimise the risk of data breaches. This is likely to mean more policies and […]


A Guide to the GDPR

The GDPR comes into force in the UK on 25 May 2018. It replaces the Data Protection Act 1998. It applies to data processors within the EU and also to organisations outside the EU who sell goods and services into the EU. There are two types of people and organisations to which it applies: Controllers – they say how and why personal data is processed; […]


General Data Protection Regulations (GDPR)

It is now increasingly common for the news to contain stories of significant data losses. These are both embarrassing for the organisation concerned and potentially extremely expensive to sort out. There are, of course, many ways in which data losses can occur. They can range from the result of aggressive hacking but can also, and more commonly perhaps, be due to carelessness or a simple […]