On 12 May 2022 EDPB adopted Guidelines on the calculation of administrative fines (the Guidelines). The Guidelines supplement the Article 29 Working Party’s Guidelines on the application and setting of administrative fines (WP253) adopted in October 2017
The UK’s ICO issues a monetary penalty notice to professional services firm after ransomware attack
On 10 March 2022, the Information Commissioner’s Office (ICO) issued a monetary penalty notice to a professional services firm (the Firm) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection
Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority
The end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issues and a potential adequacy decision for the UK in
ICO provides guidance on calculating monetary penalties
On 1 October 2020, the UK Information Commissioner’s Office (ICO) published draft statutory guidance, providing clarity about how it will regulate and enforce data protection legislation in the UK. The guidance, which sits alongside the ICO’s Regulatory Action Policy
Contact tracing apps: A new world for data privacy
May 12, 2020
Norton Rose Fulbright today launched its survey analysing regulatory and policy issues applicable to COVID-19 contact tracing and related tracking technology across 18 jurisdictions.
The global survey explores key issues across Australia, Canada, China, France, Germany, Hong
Good news for employers, finally – the UK Supreme Court hands down judgment in WM Morrison Supermarkets plc (Appellant) v Various Claimants (Respondents)
In a judgment which will be warmly welcomed by employers (and their insurers) in the UK, the UK Supreme Court today overruled the Court of Appeal in holding that that Morrisons supermarkets is not vicariously liable for a data breach maliciously caused by a former employee.
“Heightened risk of cyber criminals exploiting COVID-19 fears”, NCSC warns
The National Cyber Security Centre (the NCSC) has warned that businesses and the public face an increased threat from attacks seeking to exploit COVID-19 (coronavirus), particularly given the move to home-working as a result of the COVID-19 outbreak.
Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance
For some time, cyber exposure has been at or near the top of every major company’s risk register.
Interim proprietary injunction granted over bitcoin cyber extortion payment
An interim proprietary injunction has been granted by the English High Court over a bitcoin ransom payment paid to a third-party wallet.
Bank of England cyber resilience exercise
BoE publish high level findings of the financial sector (“sector”) cyber simulation exercise.