News / Free Movement of Personal Data? Cross-Border Transfer vs Localisation – Part 2
In the previous part of this 2-part article, we have discussed the rules in the EU and the UK governing the transfer of personal data. But what about transferring data from Asian countries? Is there a GDPR equivalent in Asia? In this second part of the article, we will discuss the relevant rules in Hong Kong, Mainland China, India and the APEC.
News / Free Movement of Personal Data? Cross-Border Transfer vs Localisation – Part 1
Given the uncertainty over Brexit, concerns about the movement of people and goods across the UK-EU border post-Brexit are bigger than ever. But what about personal data? Can personal data still be transferred between the UK and other EU countries post-Brexit? What are the relevant laws in the UK and the EU? How are other countries regulating the cross-border transfer of personal data? In this 2-part article, we will discuss the data transfer laws of the EU, the UK, Hong Kong, Mainland China, India and the APEC, and suggest that the trend in the future is for cross-border data transfer to be allowed as long as a prescribed level of data protection measures are in place.
Insights / Are fines and penalties relating to breach of data privacy regulations insurable? – Review from the UK and Hong Kong perspectives
Breach of data privacy protection regulation, with the new European Union’s General Data Protection Regulation (“GDPR”) coming into effect, can result in draconian fines and penalties. In January 2019, Google was fined 50 million Euros for improper disclosure to users as to how data is collected across its services, including its search engine, Google Maps and YouTube, to present personalized advertisements. This penalty is by far the largest penalty to date since the implementation of the new GDPR. British Airways faces a possible fine of £500 million over the data breach of leaking the customer details, including bank card numbers, expiry dates and cvv codes in a cyber-attack. Despite conventional thinking of prohibiting insurances against the fines and penalties based on public policy argument, there is certainly demand for expansion of related data breach insurances. By comparing UK and other EU jurisdictions as well as Hong Kong, the trend for data breach related insurances are on the rise.
News / The rise and rise of data
Managing associate Justin Whelan, based in Dubai, authored an article covering the fact that data breaches and cybercrimes are becoming more commonplace both in the Middle East and globally and that the increasing need for protection against cyberattacks mean that cyber premiums will soon outpace those of all other insurance lines
News / GDPR: You’ve done the easy bit so now what?
Now comes the hard part. Ensuring the internal workshops you’ve delivered have been listened to and people handling personal data within your organisation are embracing the data privacy culture is your next challenge.
News / Enforcement of the GDPR
NB: all references are to Articles of the GDPR unless indicated otherwise. The new EU General Data Protection Regulation (“GDPR”) which comes into force on Friday 25 May 2018 is the toughest data protection regime in the world. It is the EU’s response to mounting public concern at unauthorised use of data or, perhaps even worse, the commercial use of personal data without even the individual owner of the data being aware that this is happening. In addition to imposing demanding obligations on the collector and processor of personal data, the GDPR also introduces tough sanctions for breaches.
News / Marketing and the soft opt-in
Under the GDPR organisations must ensure they have a lawful processing reason when processing personal data and this includes sending marketing communications to individuals.Legitimate interests and consent will be the lawful data processing reasons used in most situations.
News / GDPR – Issues for Employers
The GDPR will necessitate various changes for employers as regards their employee data collection and processing activities. In particular, employers should be aware of, and prepare for, the following revisions to the current data protection regime.
News / CCTV monitoring and the GDPR
The use of CCTV will be covered by the GDPR from 25 May 2018 where the recordings contain information which identify an individual ie personal data Most uses of CCTV by organisations are currently covered by the Data Protection Act so compliance now should provide a head start for GDPR compliance
News / How GDPR will change your commercial contracts
Both data controllers and data processors are subject to the GDPR and data processing arrangements will come under more scrutiny. Where a data controller contracts with a third party to carry out data processing, a due diligence exercise needs to be carried out to ascertain that the correct data security measures are in place and to ensure overall GDPR compliance in areas such as breach notification, accessibility and retention of data.
News / GDPR – Do you need to appoint a Lead Supervisory Authority?
A Lead Supervisory Authority is the authority with the primary responsibility for dealing with a cross-border data processing activity, for example when there is a data breach or when a data subject makes a complaint about the processing of personal data.
News / Subject Access Requests – Do you need a process?
A data subject has the right to obtain information as to whether personal data is being processed about him or her, access to that data and information about the purposes of processing, the categories of personal data being processed and to whom the personal data is being transferred.
News / GDPR – Do you need to appoint a Data Protection Officer (DPO)?
With the imminent implementation of the GDPR, businesses need to assess whether they need to appoint a DPO.
News / Lawful processing reasons
Processing personal data will only be permitted when it is lawful to do so and Article 6 of the GDPR allows processing on the following six grounds: 1. Consent 2. Necessary for performance of a contract 3. Necessary to comply with a legal obligation 4. Necessary to protect the vital interests of an individual 5. Necessary for performing public interest or official task 6. Necessary for the purposes of legitimate interests
News / Overseas transfer of personal data
Transfers of personal data overseas requires careful consideration of the adequacy of the data protection safeguards in the overseas territory and the international organisation data is being transferred to. For the purposes of the GDPR, a non-EU country is treated as a “third country” and transfers of personal data to third countries are permitted only if appropriate safeguards are in place or if an adequacy decision has been made by the EU Commission.
News / GDPR – Where are we now?
The recent Cambridge Analytica/Facebook revelations have put data privacy issues firmly in the spotlight. The timing could not be better for strengthening the case for the imminent data protection reform which is to be implemented by the General Data Protection Regulation (GDPR) and the UK’s Data Protection Act 2018, from 25 May 2018.
News / Marine Cyber Risk Insurance
09-05-2018 / Insurance, Cyber Security
Ince Gordon Dadds Partner Simon Cooper has contributed the chapter lsquoMarine Cyber Risk amp Insurancersquo to the recent release lsquoMarine Liabilities in a Global and Regional Contextrsquo
News / Extra-territorial reach of GDPR and non EU organisations
Harmonisation of data protection requirements across the 28 EU Member States has created a gold standard data protection regime which will extend beyond the EU's physical borders For organisations outside the EU, it is essential that they consider whether they are within the scope of the GDPR and its enforcement powers
News / Cyber security: An insurance perspective
01-03-2018 / Insurance
Cyber incidents are becoming increasingly frequent and widespread and the losses caused are increasing. All industries and all manner of businesses are susceptible. It is prudent for companies and insurers to view such incidents not so much as ‘if’ they should occur, but rather ‘when’ they will occur. It has been estimated that the global cost of cyber-related crime will rise annually to USD3 trillion by 2021. Although cyber incidents are a worldwide issue, it is fair to say that the Middle East is experiencing higher levels of cyberattacks in relation to the global average.
News / Cyber risks facing ship managers
14-02-2018 / Maritime, Cyber Security
Digitalisation of shipping and the associated cyber risk vulnerabilities are hotly debated and discussed topics in the shipping industry, both at state and corporate levels Whilst the focus appears to be largely on shipowners and the use of autonomous ships, there are also a number of pressing areas of concern that ought to be considered and addressed in the context of ship management
News / Blockchain - the answer to all your problems?
13-02-2018 / Maritime
In 2017, the maritime industry was awash with predictions of the potential for blockchain technology to enhance communication, allow transparency across the supply chain and thereby streamline traditionally paper-based trade processes. Ultimately, blockchain would be expected to combat the current fragmentation across the industry by making processes more efficient.
News / Ince to speak at the Maritime Cyber Resilience Forum during 2018 Asia Pacific Maritime conference
Rory Macfarlane, Hong Kong-based partner of Ince Co and the Asia Chair of the firm's Regulatory Compliance group, has been invited to speak at the Maritime Cyber Resilience Forum in Singapore on 15 March organised by Digital Ship during this year's Asia Pacific Maritime, Asia's largest maritime and offshore conference that attracts 15,000 visitors every year
News / Blockchain – panacea or red herring?
In 2017 the logistics and transport industry was awash with predictions of the advances that a myriad of new technologies were going to bring. One of the major predicted advances was the use of blockchain technology to enhance communication and transparency across the supply chain, to effectively deal with the current fragmentation across the industry and to make traditionally paper-based trade processes more efficient. Here in Hong Kong, the government has recognised the potential of blockchain and the need for further research into its practical application1. In a whitepaper published in October 2017, the Hong Kong Monetary Authority identified a number of legal and compliance issues with distributed ledger technology. It also set out the results of proof of concept tests in trade finance, digital identity management and mortgage loan applications2, demonstrating the benefits and challenges of the practical applications of the technology in its current form.
News / Is the shipping industry prepared for GDPR
15-11-2017 / Maritime, Cyber Security
Shipping companies collect a great deal of personal data, including passenger information, crew and employee details, customer lists and details of business contacts The complex global nature of the industry and high level of personal data processed and exchanged, often across national borders, can leave information vulnerable to security breaches, intentional or otherwise Implementing effective data protection controls into daily operating procedures is a huge challenge However, when the EU General Data Protection Regulation and the UK's Data Protection Act 2018 come into force on 25 May 2018, businesses ignore themnbspat their peril, as non-compliance can result in large fines and reputational damage There are also commercial benefits to effective compliance companies that protect the privacy of their passengers, employees and business associates and conduct properly targeted marketing campaigns will be more likely to attract and retain business and staff We set out below some of the issues you need to consider and how you can action them and demonstrate compliance in view of the accountability principle
News / Regulatory and compliance checklist how do your internal policies fare
24-10-2017 / Maritime, Cyber Security
Whilst transportation and infrastructure companies are no strangers to regulatory compliance, in recent years, the scope and pace of regulations have increased significantly As a result, all companies should be looking to continually update and broaden their internal compliance policies
News / Rory Macfarlane and John Boles discuss Cyber Security in an era of opportunity'
22-09-2017 / Cyber Security
Partner, Rory Macfarlane, John Boles, Director of Global Legal Technology Solutions at Navigant and Richard Clayton, Lloyd's List's Chief Correspondent recently delivered a podcast on Cybersecurity, hosted by Informa and sponsored by Ince Co
News / Rory Macfarlane discusses the importance of preparation for a cyber-attack
06-09-2017 / Cyber Security
Ince Co's Hong Kong-based partner, Rory Macfarlane, explores the necessity for businesses to prepare for cyber-attacks, in Asia-mena Counsel's recent publication on Cyber Security and Data Protection
News / Cybersecurity. Wannacry; now Petya. What steps have you taken to protect your business?
Yesterday’s Petya ransom-ware attack highlights again the serious effect that cyberattacks can have on all companies operating in an increasingly digitalised and interconnected marketplace. Although the full scope and scale of this attack will emerge with the fullness of time, events like this will only become more common if companies within the shipping and transport sectors remain unprepared.
News / Rory Macfarlane examines cyber risks for shipping
20-06-2017 / Maritime, Cyber Security
Ince Co's Hong Kong-based partner Rory Macfarlane, who also co-heads the firm's regulatory and compliance practice in Asia, discussed the potential impact of cyber-attacks on shipping companies in an article published by Splash 247
News / Cyber attack and the energy industry – what will you be holding when the music stops?
09-06-2017 / Energy & Infrastructure
The worldwide ransomware attacks of 12 May 2017 have made it clear that any business is vulnerable to a cyber attack The WannaCry virus was unleashed on everything from hospitals in England to car manufacturers in France and petrol stations in Chinanbsp Although its further dissemination has been stopped, it is confidently predicted that the attacks will return
News / GDPR – What’s new?
The EU’s General Data Protection Regulation (“GDPR”) is the single most significant piece of data privacy legislation passed by the European Parliament in the last two decades. It has a significantly broader scope than the existing legislation and introduces a tiered penalty system for non-compliance, with fines as high as 4% of annual global turnover or EUR 20m whichever is the higher.
News / BRANCHED TO TRAINING Cyberattacks make companies and governments WannaCry
15-05-2017 / Cyber Security, Aviation & Travel, Energy & Infrastructure, Insurance, Commodities & Trade, Maritime
Whilst the reaction from both mainstream and social media was one of shock at the extent of this weekend's global cyber-attack, for those working within cyber-security it came as little surprise
News / Cyberattacks make companies and governments WannaCry
Whilst the reaction from both mainstream and social media was one of shock at the extent of this weekend's global cyber-attack, for those working within cyber-security it came as little surprise
News / Employee Shields against Cyber Attacks
Protecting data from misuse requires continuous review of business practices as well as supporting technology tools
News / The General Data Protection Regulation
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 The GDPR will update and harmonise data protection procedures, address new technological developments and bolster enforcement across the EU
News / Germany new standard conditions for cyber insurance
02-05-2017 / Cyber Security
New standard conditions for cyber insurance released by the German Insurance Association are only partly eligible for the market
News / Understanding the implications of Cyber Insurance
One of the most frequent questions received by CCW Global in relation to corporate risk management is what is Cyber Insurance, and why do we need it Organizations will understand why Employee's Compensation Coverage, Professional Indemnity Insurance, and Public Liability protection are needed for the business these covers are part of the routine risk management process and due diligence that businesses will implement in order to protect themselves against losses
News / UK: Cyber Security Regulation and Incentives Review
On 21 December 2016, the UK Government published “the Cyber Security Regulation and Incentives Review”. The review was conducted as part of the Government’s £1.9bn 5 years’ plan, the National Cyber Security Strategy, to “mak[e] the UK the safest place in the world to live and do business online”. It follows an extensive consultation with a wide range of commercial and non-commercial stakeholders and presents the Government’s position on cyber risk regulation and management in the private sector (excluding those companies operating in sectors critical to the national economy and falling under the forthcoming European Directive on Security of Network and Information Systems).
News / Hong Kong: Nothing is certain but death, taxes and cyber attack
Had Benjamin Franklin been writing to Jean-Baptiste Leroy in 2017 rather than 250 years ago, then he would have probably added ‘cyber-attack” to his list of life’s certainties. It is no longer a question of ‘if’ your business will be subjected to a cyber-attack; but a question of ‘when’.
News / EU Directive on Security of Network and Information Systems
The Directive on Security of Network and Information Systems (the NIS Directive) was adopted by the European Parliament on 6 July 2016 and Member States have until 9 May 2018 to implement it in their national legislation
News / PRA Considers cyber insurance underwriting risk
The continued dependence on electronic and network-based systems, combined with the constant development and sophistication of the threats posed to those systems by criminals, political activists, terrorist groups and others, means that all businesses, regardless of their size or area of operation, are increasingly exposed to cyber risks.
News / Cyber risk - mind the gap!
05-08-2016 / Insurance
Today, almost every organisation is reliant on technology – it dominates communication systems, transport, financial services and many other aspects of commerce – and as technology becomes ever more complex and sophisticated, so do the risks you face.
News / Singapore: Cyber Security Bill
From hacking into international money transfer systems to phishing email accounts, cyber criminals have been gaining in notoriety and causing lots of financial and security issues for businesses. The sophistication and speed at which these attacks are carried out often make it difficult to trace the tracks of the hackers and to recover the stolen assets. An additional difficulty is the lack of regulation of cyber space, which crosses all national boundaries. In an effort to contain the problem, countries have been introducing or revising existing cyber security laws. In this article, we review Singapore’s proposed new Cyber Security Bill and the impact it will have on businesses.
News / Containers: "heavies over lights" a thing of the past?
28-04-2016 / Maritime
On 1 July 2016, the amendments to Chapter VI Regulation 2 of the Safety of Life at Sea Convention (“SOLAS”) will become effective. From that date, it will be: (i) mandatory for a shipper of a packed container to verify and provide the container’s verified gross mass (“VGM”); and (ii) a violation of SOLAS for a packed container to be loaded onto a vessel, if the ship operator and marine terminal do not have the container’s VGM.