DAC Beachcroft updates

Forms of authority for medical records post-GDPR
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 14 August 2018

In defending personal injury claims, the ability of compensating insurers and their representatives to seek access to the claimant's medical records is often important in enabling claims to be scrutinised and medical evidence to be obtained. However, the implementation of the General Data Protection Regulation and the Data Protection Act 2018 has affected the ability of compensators to obtain access to those records.

SMEs face increase in data protection and privacy claims
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 26 June 2018

It is well publicised that there has been an upward trend of data protection and privacy claims in recent years. There has been a particular increase in claims against small and medium-sized enterprises and unincorporated associations, as reflected by a recent study that suggests that 61% of data breaches affect organisations with fewer than 1,000 employees. As duties on how businesses process data become more onerous, it is vital that they are aware of their obligations and have adequate procedures in place.

CCS guidance to suppliers on GDPR
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 01 May 2018

The Crown Commercial Service (CCS) has issued a guide to CCS suppliers about the actions which they must take in light of the implementation of the General Data Protection Regulation (GDPR). Under the GDPR, data processors will face direct legal obligations and can be fined by the Information Commissioner's Office for non-compliance. In addition, data processors will face claims for compensation if they fail to comply with their obligations.

Compensation claims under GDPR – an overview of the brewing storm
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 06 March 2018

The EU General Data Protection Regulation and the incoming Data Protection Bill (UK) will introduce a range of new liabilities into the data protection landscape. Data controllers have been warned of a corresponding increase in data protection claims under the new regulatory regime for some time. These warnings have largely focused on the level of fines and new data breach response requirements. However, the brewing perfect storm surrounding compensation claims should also be firmly on solicitors' radars.

Are your contracts GDPR compliant? PPN published in relation to new data protection legislation
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 23 January 2018

The Crown Commercial Service has published a procurement policy note (PPN) in relation to the new data protection legislation that will be implemented shortly. The PPN highlights the fact that the EU General Data Protection Regulation now strikes a more even balance between data processors and data controllers and requires organisations to act immediately to ensure compliance. As the new legislation will apply to the wider public sector, other public bodies may wish to apply the principles of the PPN.

GDPR: what should businesses be doing to prepare for enhanced data protection regime?
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 09 January 2018

The recently announced Data Protection Bill (which will replace the existing Data Protection Act) will transpose the EU General Data Protection Regulation (GDPR) into UK law and will be applicable despite Brexit. The new enhanced regime will affect all businesses that process data relating to an identified or identifiable natural person. Companies need to be actively preparing to ensure that they are GDPR compliant by identifying what steps are needed to comply with the regime.

Subject access requests under GDPR: much ado about nothing?
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 19 December 2017

The extent to which the data subject access request (DSAR) regime will change under the EU General Data Protection Regulation and how this will affect employers is becoming clear. For example, the fee for responding to a DSAR will be abolished and the deadline for compliance will be reduced. While there will be some practical differences, an employer that has appropriate systems and procedures in place to deal with DSARs under the existing regime will not need to radically rethink its approach.

GDPR: how accountancy firms can prepare for enhanced regime
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 14 November 2017

Data protection law is set for a radical overhaul in 2018 and accountancy firms should be preparing now for the changes and the compliance challenges that this will bring. The EU General Data Protection Regulation (GDPR) is an attempt to harmonise data protection laws across Europe. The United Kingdom's recently announced Data Protection Bill (which will replace the existing Data Protection Act) will transpose the GDPR into UK law and will be applicable despite Brexit.

Data Protection Bill 2017: implications for employers on first reading
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 17 October 2017

The EU General Data Protection Regulation left room for member states to introduce their own laws in certain areas, including in relation to employment law. As such, the government has now released the draft Data Protection Bill, which is the first glimpse of what will eventually evolve into the Data Protection Act 2018. The bill does not contain major surprises from an employer's perspective, but there is increasing emphasis on the importance of policy documents and record keeping.

General Data Protection Regulation – what are the implications for employers as data controllers?
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 26 September 2017

The government recently issued a statement of intent to publish a new Data Protection Bill. The bill will bring into law the EU General Data Protection Regulation, which takes effect in the United Kingdom in May 2018 and will be the most comprehensive overhaul of data protection law this generation. The new regime for handling personal data has challenges for employers in their capacity as data controllers with increased rights for individuals and enhanced fines for non-compliance.

Cyber-insurance, privacy and data security newsletter – May 2017
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 23 May 2017

The cyber threat to UK businesses is ever increasing, particularly as hackers develop new variants and methods with which to target businesses. Businesses need to regard cybersecurity as a priority and should have risk management strategies in place to prepare and rehearse for cyber and data breach incidents.

ICO consultation: GDPR consent guidance
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 09 May 2017

The Information Commissioner's Office consultation on its draft General Data Protection Regulation Consent Guidance recently ended. Of key relevance to the insurance sector is the position that consent should not be a precondition of a service. As an insurance policy cannot be provided without 'explicit consent', the consent will have to be 'conditional'; that is, individuals will have to be told that if they do not consent, they cannot take out the policy.

Subject access requests: four key cases
DAC Beachcroft
  • IT & Internet
  • United Kingdom
  • 25 April 2017

Four significant decisions have recently affected how data controllers respond to subject access requests (SARs) under the Data Protection Act 1998. In one case, the court declined to enforce further compliance with a SAR as the data controller had already carried out proportionate searches and properly applied the privilege exemption. In the others, it considered the limits on a data controller's obligations when responding to a SAR.

Current search