Article 29 Working Party’s final Guidance on Consent


ICO Guidance on consent

Controller-Processor Agreements

Bar Council guidance: Signing Controller-Processor Agreements with Solicitors’ Firms


Data Protection Bill

Introduction to the Data Protection Bill (Please note that the Data Protection Act 2018 has received Royal Assent – see link above – and that some changes were made after this note was produced.  Nonetheless it may still be a source of useful background information to assist the understanding of the Act.)

Data Protection Officer

Law Society guidance on appointing a Data Protection Officer

Data transfers between EU and non-EU  countries

Standard contractual clauses for data transfers between EU and non-EU  countries.  Note: These predate GDPR


Higinbotham (formerly BWK) v Teekhungam & Anor [2018] EWHC 1880 (QB)

Dismissal of claim for misuse of private information, breach of confidence and breach of the Data Protection Act 1998 as an abuse of process.


Law Society

Preparing for the GDPR: A guide for law firms - The Law Society

Legitimate Interests

ICO Guidance on Legitimate Interests

Lloyd v Google LLC [2018] EWHC 2599 (QB)

Class action against Google dismissed.

Lonsdale v National Westminster Bank Plc [2018] EWHC 1843 (QB)

Disclosure of a Suspicious Activity Report ordered under CPR 31.14 in an action for defamation and breach of contract. Suspicious Activity Reports are subject to qualified, not absolute, privilege. Discussion as to entitlement to receive copies following a Subject Access Request under the Data Protection Act 1998 (pre-GDPR).


National Cyber Security Centre (NCSC)

GDPR Security Outcomes – joint guidance from the ICO and National Cyber Security Centre describing a set of technical security outcomes that are considered to represent appropriate measures under the GDPR


Record keeping

ICO template Excel spreadsheets for record keeping (one for data controllers, one for data processors) in accordance with Article 30

Right to be informed

ICO guidance on the right to be informed


Xerpla Ltd v. Information Commissioner [2018] UKFTT 2017_0262 (GRC) (14 August 2018)

Consent: Successful appeal against monetary penalty notice imposed by the Information Commissioner relating to direct marketing by electronic communications contrary to the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR). Note: The facts predate the changes to the definition of ‘consent’ introduced by GDPR.

Return To Top