Companies Need to Act Now as Data Protection Requirements Change on 1st January

Following the end of the transition period on 31st December 2020 the UK will become, in the eyes of the EU, a ‘Third Country’ in respect of data protection.

As a result companies in the UK will be treated the same as companies established in other ‘Third Countries’ who have not been granted adequacy status.

You therefore may be required to put in place an appropriate safeguard.

Additionally if you:

  • Offer goods or services to data subjects in the EU
  • Monitor behaviour of data subjects in the EU (such as using cookies on a website)

You will likely be required to designate in writing a representative in the EU.

If you require an appropriate safeguard, an EU representative or just want a free assessment on what is required please contact us for further details.

Green CDL launches Green CDL EU Data Protection OÜ to Act as Companies’ EU Data Protection Representative

Following the end of the transition period companies who offer goods or service to persons in the EU or monitor behaviour of persons in the EU, using such things as cookies on websites, will likely be required to appoint in writing an EU representative.

Green CDL is pleased to announce the launch of Green CDL EU Data Protection OÜ that can act as such a representative from only £149 a month.

Headed by our English Lawyer, John Green, Green CDL EU Data Protection OÜ is based in Tallinn, home of the world-renowned NATO Cyber Defence Centre.

For further information please telephone 01625 724704 or email us at

Marriott Fined £18.4m as ICO Once Again Backs Down

The ICO has fined the Marriott Hotel chain £18.4m for a major data breach which affected up to 339 million records.

This is a vast reduction on the notice of intention to fine Marriott just over £99m issued by the ICO back in July 2019 and follows in the footsteps of a similar back down with British Airways from £183m to just £20m just a few weeks ago.

Facebook Sued Over Cambridge Analytica

A group calling itself Facebook You Owe Us is alleged to be bringing a class action in the UK against Facebook for failing to meet its obligation under the Data Protection Act 1998 (in force at the time the allegations took place).

Facebook says it has not received any documents in relation to the claim.

Patients of a Therapy Clinic Blackmailed Following Data Breach

A number of patients of a large psychotherapy clinic in Finland have been contacted by a blackmailer after their data was stolen in a data breach at the clinic. It is understood the blackmailer is threatening to release personal data, including notes about what was discussed in therapy sessions.

It is believed the data was stolen in November 2018 and a further breach took place in March 2019.

ICO Fines Bury Based Claims Management Company £250,000

During a 6 month period at the start of 2019 the company, Reliance Advisory Ltd, made 15.1 million unsolicited calls in relation to claims management services such as mis-sold PPI.

Experian Issued with Enforcement Notice from the ICO

The credit reference agency has been ordered to make fundamental changes to how it handles personal data following a two-year investigation by the ICO.

Experian have been given 3 months to comply or face a fine.