EU Data Protection

Request A Callback

Let's take a few details.

The EU Data Protection Day is an annual event on 28 January that is intended to promote privacy awareness for individuals in their private life and at work.

Data Protection Day may be a one-day event, but it’s principle aim, to promote awareness of data protection and the need to maintain good privacy practices, particularly when using on-line services, applies all year round.

There are some relatively simple steps an individual can follow to keep their information safe. First, do not overshare. This includes information that is shared with companies and what is posted on social media. It is important to consider who might see what you share, and how they could potentially misuse it.

Secondly, individuals should be aware of and take control of privacy settings on all their devices and accounts. This may, for example, include cookie permissions and apps. As a general rule, it is advisable to only give apps and services the permissions they need to function. Location data permissions, for example, should be given out sparingly.

Care should be exercised with passwords and logins. Strong passwords should always be used, and it is important to avoid using the same password for multiple accounts. One of the strongest ways of logging in is to use a phrase or sentence. Alternatively, a mix of numbers, letters, upper and lower case, and special characters is recommended. Obviously, remembering many complex passwords is difficult, so a password manager can be used to make life a little easier. Next, enable multiple factor authentication for your accounts whenever possible. And finally, never save your logins in your browser and log out after every use.

Common Myths & Facts

The General Data Protection Regulation (GDPR) completely changes the way organisations need to handle their data.

The EU has had data protection rules since 1995. The GDPR is not a completely brand new set of EU data protection rules. It’s an evolution of pre-existing rules, based on the strong data protection principles. In the UK, data protection law was introduced by the Data Protection Act 1998, and the GDPR and a new Data Protection Act 2018 ensure our data protection rules are fit for the digital age.

GDPR will stifle technical innovation, such as artificial intelligence (AI)

GDPR makes sure that personal data are protected in Artificial Intelligence (AI). The protection of personal data is a fundamental right in the EU, and applies also to processing of personal data through artificial intelligence. GDPR is technology neutral and is designed to allow the development of AI that is respectful of citizens and their rights. GDPR allows automated decision making where there is a justification either by a contract, explicit consent or a law, and provided safeguards for the individuals are applied, such as the right to receive meaningful information about the logic involved and the likely consequences for individuals of such processing.

Names of individuals cannot be displayed in public places

Consent is not the only legal basis for processing data. Common sense still applies in the field of data protection. For example, names do not have to be removed from doorbells or mailboxes. As well as consent, personal data can be processed where there is a “legitimate interest”, such as where people need to know who lives in a building to deliver parcels and letters.

GDPR is overwhelming for businesses

The obligations are not the same for all companies and organisations. The GDPR is not meant to overburden businesses. The obligations are calibrated to the size of the business and/or to the nature of the data being processed. Smaller companies, processing less data and not processing sensitive data, such as political views and sexual orientation, will have fewer obligations to follow. For example, not every company has to appoint a Data Protection Officer or carry out a data protection impact assessments.

GDPR only applies to European countries

Non-EU companies must comply with GDPR too. All companies operating in the EU market must comply with the new rules, no matter where they are based and where their data processing activities are taking place. All companies will be subject to the same sanctions if they break the rules. This creates a level playing field for both EU and non-EU companies.

Despite GDPR, companies simply ask for consent once and then they do what they want with my data

Companies must ask for consent a second time if they want to use your data for a second purpose. If personal data is collected from an individual based on consent (i.e. no other lawful reason exists), the organisation must make clear for what purpose the data is required. If the organisation subsequently wants to use the data for another purpose, or forward it to a third party, they must ask for the person’s consent again.

The fines under GDPR can kill a business

Breaking the rules doesn’t automatically mean a €20 million fine – warnings exist too. The GDPR establishes a range of penalties for those who break rules. As well as fines, there are other corrective measures like warnings, reprimands and orders to comply with data subject’s requests. The data protection supervisory authorities’ decision to impose fines must be proportionate and based on an assessment of all the circumstances of the individual case. If they decide to impose a fine, then €20 million or 4% of annual turnover is the absolute maximum amount. The amount of the fine depends on the circumstances in the individual case, including the gravity of the infringement or if the infringement was intentional or negligent.

The UK won’t be bound by GDPR after it leaves the EU

The UK is committed to the strong data protection laws. On 31 January 2020, the UK will enter a “transition” period under the EU-UK Withdrawal Agreement. During this time, the UK – although no longer part of the EU – will remain subject to EU laws, including the GDPR, and so UK data processing activities will remain largely unaffected. After that, it is envisaged that the EU and UK will agree the adequacy of UK data protection law and thus maintain a working relationship regarding data protection.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_test_cookie	session	This cookie is used to check if the cookies are enabled on the users' browser.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_107260158_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Request A Callback

EU Data Protection

Recent Posts

Categories

Services

Sectors

About us

Careers

Group Head Office

Northern Office

London Office

Scottish Office

Midlands Office