4 Min Read

Cyber Newsletter - November 2022

Read more



Published 14 November 2022


On 10 November 2022, we held our fifth annual DACB Data Protection & Cyber Conference. We brought together 18 experts from our team and welcomed 5 guest speakers.

With so much change taking place and on the horizon, the theme of this year’s conference was “evolution or revolution? Where are we now and where are we going?”

Despite the Government consultation, draft Data Protection and Digital Information Bill and political headlines, we still have (for the moment at least) a regime which has not changed, at least from the perspective of enforceable legislation. There is however change on the horizon, although it is yet to be seen if that will be evolution or revolution.

Beyond core data protection legislation such as the UK GDPR and DPA 2018, we are seeing evolution of legislative focus to include broader data categories than those which fall within the definition of “personal data”. The EU Data Package is a good example of this.

Of course change doesn’t just occur as a result of a change in the law itself. Evolution (or revolution) can be more subtle and is often driven by other factors.

  • The regulator has a key role in driving change and we can learn a lot from the focus of its guidance and enforcement activities.
  • The courts have an important role to play and this year we have seen case law impact the trajectory of low value data breach claims.
  • The development of technology often outpaces the law and we are seeing this with developments such as artificial intelligence and the metaverse. However, as with privacy enhancing technologies, it can also be utilised to contribute to good data protection governance.
  • Finally, an organisation’s own individual experience will have a significant impact on its data protection and cyber governance framework. No incident seems to bring about as much focus as a data breach.

Whilst we may not yet be able to determine if any change will be “evolution or revolution”, the view is likely to vary from organisation to organisation.

We would like to extend a special thank you to our guest speakers:

  • Emma Bate, Privacy Director, Information Commissioner’s Office
  • Elisabeth Bechtold, Global Lead AI Assurance & Data Governance, Zurich Insurance
  • Ian Russell, Police Detective Sergeant, Regional Cyber Crime Unit
  • Dr Alexander Beyer, Partner, BLD
  • Raf Sanchez, Global Head of Cyber Services, Beazley


Data protection in emerging technologies: Blockchain

Blockchain and associated distributed ledger technologies (DLTs) are increasing in prominence and use across a number of sectors – including healthcare, logistics, real estate, banking and insurance. However, it is probably owing to more trendy applications such as crypto assets, including non-fungible tokens (NFTs) that they are gaining more and more in terms of popularity and acceptance.

Read more

How Secure is Secure? What do recent ICO penalty notices tell us about GDPR security requirements?

At our annual Data Protection and Cyber Conference on 10 November 2022, we delved into some of the ICO’s recent monetary penalty notices where fines had been applied to organisations who had suffered cyber-attacks.

Read more

Low-Value privacy claims: What does the horizon hold?

At our annual Data Protection and Cyber conference on 10 November 2022, we provided an update on where we are now, and what the future holds for the field of low-value privacy claims.

Read more

NIS breaches, the national cybersecurity strategy and law enforcement engagement

When a country’s critical infrastructure is compromised, whether through a cyber attack or otherwise, the effects can be wide-reaching and devastating.

Read more

Cyber and Employment Law

We have seen an increase in the number and sophistication of threat actors carrying out ransomware attacks against companies. Frequently these involve exfiltration of employee personal data, such as the content of HR personnel files, with a threat to post sensitive employee details on the dark web unless the ransom is paid. HR data can be particularly vulnerable, sensitive and appealing to attackers.

Read more

Supply Chain Breaches

In the modern world, most organisations rely on a complex network of suppliers and vendors in order to provide products, systems and services. This is particularly the case with sub-contracting and outsourcing business models which require multiple parties to work together in order to achieve the desired outcome.

Read more

Understanding Privacy-Enhancing Technologies (PETs)

Privacy-Enhancing Technologies or PETs are technologies that minimise data usage and maximise data security to preserve an individual’s privacy. PETs can help organisations ensure data protection by design – this is an approach enshrined in Article 25(1) of the UK GDPR which sets out that organisations must consider privacy and data protection issues at the design phase of any system, service, product or process and throughout the lifecycle of the same.

Read more

The EU Data Package

On 19 February 2020 the European Commission announced its ‘European Strategy for Data’1 which outlined the EU’s five year plan to shape its data economy. As part of this strategy a number of new legislative measures have been proposed, some of which have now been adopted.

Read more