Welcome to the latest edition of our data protection newsletter. In this edition, we look at the Data (Use and Access) Bill and the areas that organisations should consider as part of their internal management when facing a data breach.
Last week the Data (Use and Access) Bill received Royal Assent, becoming the Data (Use and Access) Act 2025. We unpacked the changes to UK data protection law in our webinar on 1 July, and are producing commentary on the new law.
The numerous cyber security attacks on household names such as Marks & Spencer, Co-op and Adidas has put cyber security at the top of the agenda, and prompted even the most robust organisations to reassess their cyber security protocols and procedures as a priority. Such attacks cause huge disruption and the risks are high; it can lead to data leaks (including unauthorised sharing of personal data relating to customers, clients and employees, as well as commercially sensitive business information), and interrupt the company’s ability to operate its business-as-usual. The cost of a cyber security incident is both financially and reputationally significant.
Absolute immunity from cyber risk is unattainable; decisive, well rehearsed response is not. This checklist briefly sets out an eight point framework for boards and senior management to deploy when preparing for - or responding to - a cyber or data security incident.
Read more
Businesses handling significant or sensitive personal data are especially vulnerable to cyber security breaches. In this guide we highlight recent cyber security trends, advise the key steps for businesses to enhance their cyber resilience and point out the legal considerations following a data breach.
Read more
Recent reports show a significant increase in the number of breaches of personal data over the past couple of years through incidents involving employees. It's likely that the rise in hybrid working and home working has contributed significantly to the rising data breach statistics.
Read more
The consequences of data breaches can be far-reaching and may result in a hefty fine from the UK’s Information Commissioner’s Office("ICO"). This article considers the reporting obligations of UK businesses which have suffered a data breach, based on updated guidance from the ICO.
Read more
Our latest webinars explore the Data (Use and Access) Act and data breaches. Watch the recordings below.
There have been several recent high profile companies who have fallen victim to cyber attacks including Marks & Spencer, Co-op, Harrods and Adidas. The outcomes and damage caused by the attacks vary case-to-case. Read more in detail about each of the aforementioned company attacks.
Read more
In this article, we highlight what security obligations data processors have under UK GDPR, what the security failures were in this particular case, and whether the processing of sensitive personal data attracts any additional security obligations.
Read more
Charlotte Kingman
Associate
+44 (0) 117 321 8080 +44 (0) 07912 464111 c.kingman@ashfords.co.uk View more
