Data protection in specific activities

Copyright © 2024 LexisNexis

This subtopic addresses compliance with the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR) and the Data Protection Act 2018 (DPA 2018) in relation to specific activities carried out by organisations.

For an introduction to the data protection regime generally, including the data protection principles, the UK GDPR’s ‘assimilated law’ status, and the legislative terminology, territorial scope, applicability and exemptions, see: Data protection regime—overview and its associated subtopic.

For further guidance on the following general topics under the UK GDPR, see the relevant overview and its associated subtopic:

TopicOverview
Accountability, governance and complianceAccountability, governance and compliance—overview
Rights of data subjectsRights of data subjects—overview
Transparency, privacy policies and noticesTransparency and privacy policies and notices—overview
Sharing of personal data and personal data in commercial transactionsData sharing and transactions—overview
International

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

Information Law weekly highlights—21 November 2024

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

PECR—a serious but non-deliberate breach still warrants a substantial penalty (Monetise Media Ltd v Information Commissioner)

Information Law analysis: In this full-merits review of a monetary penalty notice (MPN), the First-Tier Tribunal (FTT) considered an appeal by Monetise Media Ltd (MML) against the Commissioner's decision to levy a £125,000 MPN in response to a contravention of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR). The FTT substituted a lower penalty of £85,000, having found that (i) MML 'instigated' the sending of unsolicited marketing messages by third-party affiliates; (ii) MML did so negligently, but not deliberately; and (iii) the Commissioner had erred in the MPN by using too high a starting point and giving excess weight to aggravating factors. Written by Edward Rees, associate at Stephenson Harwood LLP.

ICO and DSIT launch tool to assess Privacy Enhancing Technologies

The Information Commissioner's Office (ICO) and the Department for Science, Innovation and Technology (DSIT) have jointly published a Privacy Enhancing Technologies (PETs) Cost-Benefit Awareness Tool. This resource is designed to help organisations evaluate the costs and benefits of adopting emerging PETs, such as homomorphic encryption and secure multi-party computation. Accompanied by a checklist, the tool aims to support responsible data use and innovation while safeguarding privacy. The initiative addresses the low uptake of PETs due to challenges in assessing their value, and includes guidance on compliance costs and benefits. A repository of real-world PETs use cases has also been released to illustrate practical applications across various sectors.

ICO invites participation in DSIT's call for evidence on Cyber Security and Resilience Bill

The Information Commissioner's Office (ICO) has called on stakeholders to participate in the Department for Science, Innovation and Technology's (DSIT) call for evidence on its proposals to update the Network and Information Systems (NIS) Regulations 2018, SI 2018/506, through the Cyber Security and Resilience Bill (the Bill). The call for evidence seeks to assess the impact the changes would have on those regulated under the NIS Regulations or who will be regulated under the forthcoming Bill. This survey will be open until 21 November 2024.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Profiling and automated decision-making

Profiling and automated decision-makingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January 2024,

TikTok sues European Data Protection Board at EU General Court

MLex: TikTok has sued the European Data Protection Board (EDPB) at the EU General Court, not long after it was fined €345m in a case involving the board. The EDPB, which is the umbrella body of EU data protection watchdogs, played a role in the case because it went through the EU General Data

List of data protection clauses and agreements for commercial transactions and personal data processing

List of data protection clauses and agreements for commercial transactions and personal data processing and sharingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European

The UK General Data Protection Regulation (UK GDPR)

The UK General Data Protection Regulation (UK GDPR)STOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1
Profiling and automated decision-making

Profiling and automated decision-making

Profiling and automated decision-makingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January 2024,

TikTok sues European Data Protection Board at EU General Court

TikTok sues European Data Protection Board at EU General Court

MLex: TikTok has sued the European Data Protection Board (EDPB) at the EU General Court, not long after it was fined €345m in a case involving the board. The EDPB, which is the umbrella body of EU data protection watchdogs, played a role in the case because it went through the EU General Data

List of data protection clauses and agreements for commercial transactions and personal data processing

List of data protection clauses and agreements for commercial transactions and personal data processing

List of data protection clauses and agreements for commercial transactions and personal data processing and sharingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European

The UK General Data Protection Regulation (UK GDPR)

The UK General Data Protection Regulation (UK GDPR)

The UK General Data Protection Regulation (UK GDPR)STOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1