Practical Law

The strong headwinds currently facing the UK economy are being felt by us all. With double digit inflation forecast to continue into 2023, we will all be feeling a squeeze on our living standards. Further pressure on household budgets is also now being seen in higher mortgage and rental costs. This tightening of belts has … Continue reading Leading from the front: the in-house lawyer’s role during a recession →

The summer is traditionally a slow time for new developments but 2022 has not played ball. In particular, the government’s proposed reforms of the UK data protection regime have moved a step closer to reality with the introduction of the Data Protection and Digital Information Bill to parliament.

Last week’s publication by DCMS of the outcome of its consultation “Data: a new direction” has the potential to put data protection very much back into the limelight. The document sets out the government’s plans to reform the UK’s data protection regime as part of its National Data Strategy  (see Article, DCMS data protection reforms: summary … Continue reading Data privacy and cybersecurity: Summer agenda 2022 →

This week is Wellbeing Week in Law. Its aim is to: “raise awareness about mental health and encourage action and innovation across the legal profession to improve wellbeing.” Over the past few years, industry studies have painted a forbidding picture of the state of mental health and wellbeing in the legal profession. It is an … Continue reading Wellbeing Week in Law: shifting the dial on mental health →

The UK’s new Information Commissioner took charge in January and quickly opened a major listening exercise to gather feedback from businesses, organisations, and individuals about their experiences of engaging with the ICO. The consultation remains open until 1 May.

I attended a meeting of the Practical Law In-house Consultation Board a few weeks ago. The theme of the round table discussion was career progression in in-house legal teams. The board members had many fascinating insights to share from their own experiences fostering team environments that balance individual motivation and development with team success. The discussion … Continue reading Consultation board round table: motivating and developing in-house talent →

The autumn agenda highlighted two key themes that remain at the top of the agenda for in-house lawyers with a data privacy remit. These are: the potential outcomes of the ICO consultation on international data transfers post-Brexit; and the possible repercussions of the DCMS consultation on potentially far-reaching reforms to the UK’s data protection regime. Both of … Continue reading Data privacy and cybersecurity: Winter agenda 2021/22 →

Following the European Commission’s adequacy findings for the UK back in June, to a collective sigh of relief, there has been continued focus on cross-border data exports over the summer. On 11 August, the ICO launched a public consultation on key aspects of the post-Brexit international transfer regime under the UK GDPR . The consultation covers proposals … Continue reading Data privacy and cybersecurity: Autumn agenda 2021 →

The Practical Law In-house Consultation Board recently convened to consider the theme of diversity and inclusion (D&I) as it relates to the key stages of the employment cycle: recruitment, retention, appraisal and exit. D&I has rightly risen to the top of the agenda for responsible companies and become a key topic of conversation on the … Continue reading Diversity and inclusion: challenges and success stories →

The key current developments in the world of data privacy and cybersecurity centre largely on the highly complex area of international transfers. The UK’s wait for the European Commission’s adequacy decisions is now, as of today, over. The decisions allow for the free flow of personal data from the EU to the UK (see our … Continue reading Data privacy and cybersecurity: Summer agenda 2021 →

Since the winter agenda, the UK and EU formally exited the transition period on 31 December 2020, the UK GDPR entered force in the UK, and the EU GDPR regime is now a separate and parallel system. Businesses that are involved in processing activity in both the UK and the EU need to be compliant … Continue reading Privacy and cybersecurity: Spring agenda 2021 →

At the time of the Autumn agenda the CJEU’s unexpected decision in Data Protection Commissioner v Facebook Ireland and Maximillian Schrems C-311/18 (Schrems II), which invalidated the EU-US Privacy Shield, was causing some consternation in legal departments across the world. Since then, a good deal has been done at EU level to clear a path … Continue reading Privacy and cybersecurity: Winter agenda 2020/21 →

2020 has been quite a year. Back in February, few of us could have imagined that we would be spending much of the year grounded – stranded even – at home. We are now living with constant concern for the health and livelihoods of our loved ones, friends and ourselves. The overriding feeling that we … Continue reading Thomson Reuters’ Mental Health Day: embedding wellbeing into the workplace →

The traditional quiet time of summer was upended this year. The tumult of COVID-19 and Brexit have scarcely been consigned to the background. However, it is the ECJ’s unexpected decision in Data Protection Commissioner v Facebook Ireland and Maximillian Schrems C-311/18 (Schrems II) that has probably stolen the headlines, adding to the unease for those … Continue reading Privacy and cybersecurity: Autumn agenda 2020 →

At the time I wrote the Spring agenda piece COVID-19 was still a rather a remote and abstract force. It’s no understatement to say the whole world has changed since then as the pandemic has ravaged healthcare systems and economies across the globe. This includes the place in the world occupied by data protection, privacy and … Continue reading Privacy and cybersecurity: Summer agenda 2020 →

In the Winter agenda the prospect of a no-deal Brexit was a real, if improbable, threat. While the transition period until 31 December 2020 might represent a reprieve, there are plenty of things in-house counsel need be doing during the (now ten) months remaining. Our recent blog post, Data protection: what should companies be doing … Continue reading Privacy and cybersecurity: Spring agenda 2020 →

Our last quarterly horizon scan drew attention to the need to gear up for a no-deal Brexit. That prospect reduced in likelihood somewhat after Prime Minister Boris Johnson’s renegotiated withdrawal agreement seemed to be making its way through parliament. The political process, however, has been temporarily paralysed once more pending the outcome of the general election … Continue reading Privacy and cybersecurity: Winter agenda 2019/2020 →

Since our last quarterly horizon scan, attention for in-house lawyers is inevitably returning to Brexit and those focused on privacy and cybersecurity will now need to be gearing up seriously for a no-deal outcome. As many will not need reminding, following the agreement to extend the Article 50 period, if the withdrawal agreement is not … Continue reading Privacy and cybersecurity: Autumn agenda 2019 →

I am delighted to announce the launch of our new Practical Law In-house Privacy and Cybersecurity Community, a space where in-house counsel can come together to support and learn from each other through Practical Law. Practical Law subscribers can access the Practical Law UK Community by following the “Community” button in the banner at the … Continue reading In-house Privacy and Cybersecurity Community: how to join us →

In our Spring agenda piece, Brexit dominated the horizon in the privacy and cyber world. And while many of us will still be transfixed by political events, the extension of the Article 50 process, in all likelihood up to 31 October, has given us momentary relief. With the Brexit hiatus, attention has turned back to … Continue reading Privacy and cybersecurity: Summer agenda 2019 →

Saturday marks the first birthday of the EU General Data Protection Regulation (GDPR). While this time a year ago, up to our necks in updating privacy policies, getting subject access procedures up to standard, delivering training and so on, perhaps few of us would have been wishing this complex behemoth of privacy law well!

The Department for Digital, Culture, Media and Sport (DCMS) published its Cyber Security Breaches Survey 2019 last week which brings together quantitative and qualitative data drawn from an extensive telephone survey and 52 in-depth interviews. The survey shows the continued upward trajectory of cybersecurity as both a risk and near-universal concern for organisations. Indeed, both … Continue reading The DCMS Cyber Security Breaches Survey 2019: some key takeaways →

We have had a blockbuster twelve months in privacy and cybersecurity which saw the arrivals of the General Data Protection Regulation (GDPR), Data Protection Act 2018 (DPA 2018) and the Network and Information Security Directive (NIS Directive). As we approach the first anniversaries of those transformative pieces of regulation, the horizon is now dominated by … Continue reading Privacy and cybersecurity: Spring agenda 2019 →

PLC Magazine recently published a thought-provoking article, Data protection: privacy by (re)design, by Sylvain Magdinier and Claire Walsh of Marshall Denning. The piece provides a thorough analysis of one of the most challenging concepts of the EU General Data Protection Regulation (GDPR), privacy by design (PbD) under Article 25.

While it’s impossible to know exactly how many people are living in modern slavery, the respected Walk Free Foundation put the global number in 2016 at 40.3 million. The systemic nature of this most serious of issues can make us feel powerless. It was really inspiring therefore to attend a couple of sessions at the … Continue reading The “Slave-Free” USP: some takeaways from the Trust Conference 2018 →

I attended Thomson Reuters’ annual Data, Privacy and Cyber-Resilience Forum last week. This year’s event marked a real contrast to the 2017 edition which was focused on getting ready for the 25 May implementation deadline for the General Data Protection Regulation (GDPR). With us now approaching six months since the GDPR and Data Protection Act … Continue reading Maturing the GDPR model: key takeaways from the Data, Privacy and Cyber-Resilience Forum →

In the past weeks and months, we have seen some high profile enforcement activity by the ICO central to geopolitical events of the past, present and future. The regulator has brought some fruition to its investigation work into data breaches connected with the 2016 EU referendum, issuing a £500,000 fine to Facebook, following on from … Continue reading Recent ICO enforcement action and our geopolitical times →

For many in-house counsel 2018 will be a story of preparing for two seismic events. After much fanfare and the odd headache for lawyers, the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018) came into effect on 25 May. Focus is likely to have since shifted towards getting ready for something … Continue reading Papering over the cracks: preparing for Brexit’s impacts on data protection →

The Information Commissioner’s Office (ICO) recently opened a consultation on the establishment of a regulatory sandbox. The idea draws inspiration from a similar scheme undertaken by the Financial Conduct Authority and was first proposed by the ICO in its Technology Strategy 2018-2021, published in March. The proposal foresees a “safe space where organisations are supported to develop … Continue reading ICO regulatory sandbox: your chance to shape the privacy and innovation discussion →

It’s that time of year again. Many of us are currently facing the music, getting back to our desks and trying to work out what we’ve missed. With that in mind, I’ve compiled a short digest of some of the key pieces of current awareness covered by Practical Law over July and August. These centre on Brexit … Continue reading Summer round-up: key developments you may have missed →

The development and use of artificial intelligence (AI) continues its inexorable momentum. Investment in AI is skyrocketing. However, with a few exceptions, how AI relates to the work of in-house lawyers on a day to day basis remains somewhat distant and confusing. This post aims simply to provide some food for thought on future governance in this area … Continue reading Towards robot governance? A short tour of current conversations on artificial intelligence →

I attended Practical Law’s GC Leadership Summit last week. A recurring theme throughout the day was change and we explored some of the broad range of challenges businesses and workers – and, in particular, lawyers – are facing in a time of turbulent disruption and transformation driven by technology, economics, politics and societal change. Resilience became a watchword of … Continue reading An age of rapid change and the in-house lawyer’s role →

The recent blog post by Ros Foster and Patrick O’Connell of Browne Jacobson invited us to take a step back from the awesome complexity of the GDPR as we get closer to 25 May and focus our energies on the Regulation’s core principles. It is too easy to get stuck in the GDPR’s “rush hour … Continue reading Introducing Practical Law’s new in-house GDPR toolkit →

The mornings are getting lighter and reasons to be cheerful increase, including even in the world of data protection. “Steady on” I hear some say but a few headaches may subside at least with the news that the ICO has recently enhanced its guide to the GDPR. In doing so, it has shone some much needed … Continue reading Out of the darkness: new GDPR content on Practical Law →

As our recent GDPR compliance market survey showed, many in-house lawyers are not feeling confident about their organisation complying with the GDPR by 25 May 2018, a considerable number pointing to a lack of management buy-in.

Just over a week ago we crossed into the final half-year before GDPR implementation day, 25 May 2018. At Practical Law, we’re continuing to update existing resources and publish new ones to support in-house teams grappling with the GDPR compliance challenge. In recent weeks, with support from our contributors, we have published a number of resources intended to help … Continue reading Six months to go: new GDPR content to highlight →

Practical Law has published a report on the results of a survey of some 248 professionals, drawn from in-house legal, risk and compliance, HR and company secretarial functions. The survey sought to find out how informed businesses are about the EU General Data Protection Regulation (GDPR), how they expect it to impact them, how confident … Continue reading GDPR is changing the game: the results of Practical Law’s in-house compliance survey →

I attended Practical Law’s GC Leadership Summit last week. This year’s central theme was innovation which set the scene for some interesting discussions on corporate governance, the changing role of the general counsel and approaching the GDPR and cyber challenges, amongst other things. Here’s a whistle-stop tour of some of the key messages.

I wouldn’t ordinarily wish to be responsible for lawyers giving up their weekends.  However, I hope I’ll be forgiven if this notice helps you out of a hole. The final version of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 were published today and the deadline for implementation … Continue reading Money Laundering Regulations 2017: urgent implementation deadline (26 June 2017) →

The influence of technology in disrupting the traditionally conservative legal profession and shaping our future as in-house lawyers continues its inexorable momentum forward. We’ve been highlighting this trend on this blog in the last few months (see in particular: The rise of the machines: new technology and its impact on the professions; How in-house lawyers can … Continue reading The emerging disruptor: the legal operations team →

Don’t panic!  The date for compliance with the EU General Data Protection Regulation (GDPR) has not been brought forward.  But one GDPR-related deadline is approaching fast. Following Theresa May’s speech today, announcing the UK’s trajectory towards a so-called “clean and hard” Brexit, we’d be forgiven for not seeing the value in investing heavily in any EU … Continue reading Brexit and GDPR readiness: getting engaged before 31 January 2017 →

The Department for Culture, Media and Sport (DCMS) has just published its Cyber Security Regulation and Incentives Review which considers whether there is a need for additional regulation or incentives to boost cyber risk management in the UK economy. The Review brings to fruition an in-depth consultation with a wide range of businesses, industry partners and stakeholders, … Continue reading UK Government: GDPR the central plank in cyber risk management strategy →

“Brexit means Brexit – and we’re going to make a success of it” Theresa May’s words on 31 August may have been mocked in some quarters but the UK business community is committed to making the best of the risks and opportunities Brexit will throw at the UK, according to the Confederation of British Industry … Continue reading Key messages from the CBI’s “Making a Success of Brexit” report →

Following on from my colleague, Lynsey Poulton’s blog post last week on section 54 Modern Slavery Act statements, I wanted to report back on the Thomson Reuters Foundation’s Trust Women Conference which took place last week.  The event offered a real opportunity to gather some expert insights on corporate compliance at ground level in this … Continue reading Beyond Section 54: insights into Modern Slavery Act compliance best practice and more from the Trust Women Conference 2016 →

I’m conscious I seem to have been inundating this blog on the subject of data protection.  I promise to move on soon but I’m at least heartened that there’s a well-defined market for my posts: insomniac lawyers.  With the advent of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) around the corner, data protection … Continue reading GDPR compliance: key takeaways from Practical Law’s fifth annual Future of Data Protection Forum →

Matthew Hancock MP, the Minister of State for Digital and Culture, reaffirmed the UK government’s commitment to a strong framework for data protection and privacy in his keynote speech at Practical Law’s fifth annual Future of Data Protection Forum this week.

Matthew Hancock MP, the Minister of State for Digital and Culture, will be giving a keynote speech on Brexit and the implications for the UK data protection landscape next Tuesday, 8 November, at Practical Law’s Future of Data Protection Forum.  I look forward with interest to what the minister will have to say.

“Computers are like bikinis.  They save people a lot of guesswork.”  Sam Ewing A few days ago, my colleague, Karen Ngo, posted here outlining some practical steps leaders of in-house legal teams might take when identifying, acquiring and implementing the right technology for your legal department. To follow up Karen’s key messages, I wanted to … Continue reading The Tech Express: time to jump on board, say lawyers →

Many of us are still getting over the shock of the UK’s unexpected decision to leave the EU. Politicians of all hues in the UK and across the continent, sent into a spin, begin to grapple with the geopolitical and economic consequences. Theresa May’s fledgling UK government starts to contemplate its Brexit negotiation strategy. The … Continue reading Approaching the Brexit maelstrom: steadying the ship and readying the crew →