Distress – GDPR360

26Oct26/10/2018

“Data Breaches… Armageddon…” – as announced by the Three Horsemen

"Data breaches... Armageddon..." - Morrisons v Various Claimants, [2018] EWCA Civ 2339 at para 78. Caveat: I confess at the outset that this quotation, though technically accurate, fails truly to reflect the tenor of the Court of Appeal's judgment. But are the consequences for employers so different? Not so clear. Bear with me while I try to dig myself out of this hole. To recapitulate, circa 100,000 employees of Morrisons (a UK supermarket chain) suffered a data breach when one of their...

By Stuart RitchieDamages, Data breach, Data Protection Act 1998, Distress, GDPR, Misuse of private information, Vicarious liability0 Comments

GDPR: must controllers declare legal bases to processors?

ABSTRACT: must Controllers inform processors of the legal bases of processing? Prima facie no: but from a legal and business-strategic perspective the answer is very, very much more complex.

By AlanCNIL, Damages, Data Protection Act 1998, Distress, DPIA, DPO, GDPR, ICO, Misuse of private information, Supervisors0 Comments

Data protection damages awards for distress in the UK jurisdictions up 5,000% pre-GDPR?

Masochists, who ipso facto and ex officio collectively may approach 100% of my audience, will be aware of my flogging Vidal-Hall v Google (lower court judgment) to death on Linkedin and elsewhere. However, after 37 months it may be time for a quick overview of Vidal-Hall's impact on subsequent cases. The contagion has just spread to Scotland. Bottom line: data protection distress awards in England/Wales and Scotland alike are up by circa 4-5,000% in three years. Before Tugendhat J struck down s.13(2) Data Protection Act 1998 in Vidal-Hall, courts could only...

By AlanDamages, Data Protection Act 1998, Distress, Misuse of private information0 Comments