The GDPR and Fines

The Article 29 Data Protection Working Party recently issued guidelines on fines for the purposes of the General Data Protection Regulation (‘GDPR’). Article 83(1) of the GDPR states that supervisory authorities should identify corrective measures that are “effective, proportionate and dissuasive”. Article 83(2) is the starting point for assessing a case for the purpose of […]


The High Court ruled that Morrisons was vicariously liable for a leak of its employees’ data in 2015. An employee had used his position to steal and publish confidential information about his colleagues. This is the first class action involving a personal data breach in the U.K. To access the judgment, click here. A class […]

The GDPR and Personal Data Breach Reporting

The Article 29 Data Protection Working Party (‘A29WP’) recently issued guidelines on personal data breach reporting under the General Data Protection Regulation (‘GDPR’). The GDPR obliges data controllers to report personal data breaches to data protection authorities within 72 hours unless the breach is ‘unlikely to result in a risk to the rights and freedoms’ […]


The EU Commission published its first annual of the EU-US Privacy Shield Framework. To access the report, click here. Ms Justice Caroline Costello, a judge in Ireland’s High Court, has referred a challenge to Facebook brought by Austrian privacy campaigner Max Schrems, to the Court of Justice of the EU. Schrems is challenging the adequacy […]


Equifax discloses that a data breach in March has compromised the personal information of 143 million consumers. For more information click here. The UK government publishes its Data Protection Bill. To read it click here. The ICO has fined a firm that made a record 146 million nuisance calls about PPI. For more information click […]