As of February 2025, the largest fine issued for violation of the General Data Protection Regulation (GDPR) in the United Kingdom (UK) was more than 22 million euros, received by British Airways in October 2020. Another fine received by Marriott International Inc. in the same month was the second-highest in the UK and amounted to over 20 million euros.

A survey conducted in April and May 2023 revealed that around ** percent of the companies that do business in the European Union (EU) and the United Kingdom (UK) found it challenging to adapt to new or changing requirements of the General Data Protection Regulation (GDPR) or Data Protection Act 2018 (DPA). A further ** percent of the survey respondents said it was challenging to increase the budget because of the changes in the data privacy laws.

A survey conducted in April and May 2023 among companies that do business in the European Union and the United Kingdom (UK) found that over half of the respondents, ** percent, felt very prepared for the General Data Protection Regulation (GDPR). A further ** percent of the companies believed they were moderately prepared, while ** percent said they were slightly ready to comply with the EU and UK privacy legislations.

This dataset is a central catalogue of Data Protection Impact Assessments (DPIAs) of smart city projects that collect personal information in public spaces. By publishing this in one place for the first time, it will enable public transparency and support good practice among operators. A DPIA helps to identify and minimise the risks of a project that uses personal data. Further information: DPIA registration form: https://www.london.gov.uk/dpia-register-form Information Commissioner DPIA: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/

Since the enforcement of the General Data Protection Regulation (GDPR) in May 2018, fines have been issued for several types of violations. As of February 2025, the most significant share of penalties was due to companies' non-compliance with general data processing principles. This violation has led to over 2.4 billion euros worth of fines.

Between 2018 and 2022, there has been a significant increase in the level of awareness around the General Data Protection Regulation (GDPR) among European users. In 2018, when the GDPR was first applied, the United Kingdom had the highest level of awareness, with 32 percent of respondents agreeing or strongly agreeing with the statement: "I am aware of the new General Data Protection Regulation (GDPR) that will be introduced in May 2018". In 2022, the share of UK respondents agreeing with the statement increased to 73 percent. France had the lowest level of awareness in 2018, 20 percent, whereas in 2022 it reached 47 percent but remained the lowest among other European markets.

IntroductionThe ubiquity of Bring Your Own Device (BYOD) personal smartphones, Instant Messaging (IM), and third-party apps, has made these technologies compelling for efficient communications between clinicians regarding patient care. However, the sensitivity of patient-related information necessitates secure, GDPR compliant modalities that prevent unauthorised access and ensure confidentiality. This scoping review explores existing guidelines, policies, and regulations that advise clinicians in the UK and Ireland on the secure use of these digital communication tools.MethodsFollowing the Joanna Briggs Institute (JBI) updated Framework for Scoping Reviews and the PRISMA ScR guidelines, this review examines the literature to identify relevant guidelines, policies, and regulations informing current clinical practice on the use of this technology. Academic databases including OneSearch, Embase, EBSCO, PubMed, Medline, and CINAHL were searched, in addition to hand searches of professional entities' websites, including trade unions, regulators, two national health systems, and several employers. Direct inquiries were made to 69 professional entities via telephone, email, websites, and X (formerly known as Twitter).ResultsThe review identified 18 papers that broadly recognise the importance of secure communication however, a lack of information on the appropriate selection or configuration of these popular technologies was evident. Most guidelines emphasise general security and data protection standards rather than providing clear actionable recommendations for technology use, thereby leaving a significant gap in technical guidance for clinicians.DiscussionThere is a distinct lack of detailed, specific, consistent technical guidance available to clinicians. This review evidences an urgent requirement for enhanced guidelines that specify the most secure platforms, appropriate features, and configuration to maximise the security and confidentiality of clinical communications. Further research is recommended to develop comprehensive, actionable advice for clinicians.

BackgroundThe COVID-19 pandemic brought global disruption to health, society and economy, including to the conduct of clinical research. In the European Union (EU), the legal and ethical framework for research is complex and divergent. Many challenges exist in relation to the interplay of the various applicable rules, particularly with respect to compliance with the General Data Protection Regulation (GDPR). This study aimed to gain insights into the experience of key clinical research stakeholders [investigators, ethics committees (ECs), and data protection officers (DPOs)/legal experts working with clinical research sponsors] across the EU and the UK on the main challenges related to data protection in clinical research before and during the pandemic.Materials and methodsThe study consisted of an online survey and follow-up semi-structured interviews. Data collection occurred between April and December 2021. Survey data was analyzed descriptively, and the interviews underwent a framework analysis.Results and conclusionIn total, 191 respondents filled in the survey, of whom fourteen participated in the follow-up interviews. Out of the targeted 28 countries (EU and UK), 25 were represented in the survey. The majority of stakeholders were based in Western Europe. This study empirically elucidated numerous key legal and ethical issues related to GDPR compliance in the context of (cross-border) clinical research. It showed that the lack of legal harmonization remains the biggest challenge in the field, and that it is present not only at the level of the interplay of key EU legislative acts and national implementation of the GDPR, but also when it comes to interpretation at local, regional and institutional levels. Moreover, the role of ECs in data protection was further explored and possible ways forward for its normative delineation were discussed. According to the participants, the pandemic did not bring additional legal challenges. Although practical challenges (for instance, mainly related to the provision of information to patients) were high due to the globally enacted crisis measures, the key problematic issues on (cross-border) health research, interpretations of the legal texts and compliance strategies remained largely the same.

Este conjunto de dados é um catálogo central de avaliações de impacto sobre a proteção de dados (AIPD) de projetos de cidades inteligentes que recolhem informações pessoais em espaços públicos. Ao publicá-lo num único local pela primeira vez, permitirá a transparência pública e apoiará as boas práticas entre os operadores.

Uma AIPD ajuda a identificar e minimizar os riscos de um projeto que utiliza dados pessoais.

Formulário de inscrição na DPIA: "https://www.london.gov.uk/dpia-register-form" target="_blank" style="color: rgb(158, 0, 98);">https://www.london.gov.uk/dpia-register-form

Information Commissioner DPIA: "https://data.london.gov.uk/dpia/_wp_link_placeholder" target="_blank" style="color: rgb(158, 0, 98);">https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/

A study conducted among *** websites in the UK showed that roughly ** percent of the websites was compliant with the General Data Protection Regulation (GDPR). The consent management platforms (CMP) displayed were in most cases not meeting the requirements of the EU law.

In September 2024, the Irish Data Protection Commission fined Meta Ireland 91 million euros after passwords of social media users were stored in 'plaintext' on Meta's internal systems rather than with cryptographic protection or encryption. In May 2023, the EU fined Meta 1.2 billion euros for violating laws on digital privacy and putting the data of EU citizens at risk through Facebook's EU-U.S. data transfers. European privacy legislation is seen as being far stricter than American privacy law, and the sending of EU citizens’ data to the United States resulted in the record breaking penalty being issued to the tech giant. In January 2023, after it was discovered that Meta Platforms had improperly required that users of Facebook, Instagram, and WhatsApp accept personalized adverts to use the platforms, the company was issued a 390 million euro fine by the European Commission. EU regulators claim that the social media giant broke the General Data Protection Regulation (GDPR) by including the demand in its terms of service. In addition, Meta was fined 405 million euros by the Irish Data Protection Commission (DPC) in September 2022 for violating Instagram's children's privacy settings. In November 2022, the DPC fined Meta a further 265 million euros for failing to protect their users from data scraping. GDPR violations in 2022 Social media sites and companies are not the only types of online services upon which users' data can potentially be compromised. In 2022, the online service with the biggest fine for violating GDPR was e-commerce and digital powerhouse Amazon, which was issued a 746 million euro fine. Furthermore, in December 2021, Google was penalized 90 million euros for GDPR violations. What are the most common GDPR violations? Since GDPR went into effect in May 2018, fines have been imposed for a variety of reasons. As of June 2022, companies' non-compliance with general data processing principles accounted for the largest share of fines, resulting in over 845 million euros worth of penalties. Insufficient legal basis for data processing was the second most common violation, amounting to 447 million euros in fines.

Uncover a wealth of market insights with our comprehensive Ecommerce dataset, meticulously collected using advanced web automation techniques. Our web-scraped dataset offers a diverse range of product information from various Ecommerce platforms, enabling you to gain a competitive edge and make informed business decisions.

Key Features:

Extensive Ecommerce Coverage: Our dataset spans across multiple Ecommerce platforms, providing a comprehensive view of product listings, pricing, descriptions, customer reviews, and more. Analyze trends, monitor competitor performance, and identify market opportunities with ease.

Real-Time and Dynamic Data: Leveraging cutting-edge web automation technology, our dataset is continuously updated to provide you with real-time and accurate Ecommerce data. Stay ahead of the competition by accessing the latest product information, pricing fluctuations, and customer feedback.

GDPR Compliance: We prioritize data privacy and strictly adhere to the General Data Protection Regulation (GDPR) guidelines. Our dataset collection process ensures that personal and sensitive information is handled securely and with utmost confidentiality.

Rich Attribute Set: Our dataset includes a wide range of attributes, such as product details, images, specifications, seller information, customer ratings, and reviews. Leverage this comprehensive information to conduct in-depth market analysis, product benchmarking, and customer sentiment analysis.

Customizable Data Delivery: We offer flexible data delivery options to suit your specific needs. Choose from formats such as CSV, JSON, or API integration for seamless integration with your existing data infrastructure.

Unlock the Power of Behavioural Data with GDPR-Compliant Clickstream Insights.

Swash clickstream data offers a comprehensive and GDPR-compliant dataset sourced from users worldwide, encompassing both desktop and mobile browsing behaviour. Here's an in-depth look at what sets us apart and how our data can benefit your organisation.

User-Centric Approach: Unlike traditional data collection methods, we take a user-centric approach by rewarding users for the data they willingly provide. This unique methodology ensures transparent data collection practices, encourages user participation, and establishes trust between data providers and consumers.

Wide Coverage and Varied Categories: Our clickstream data covers diverse categories, including search, shopping, and URL visits. Whether you are interested in understanding user preferences in e-commerce, analysing search behaviour across different industries, or tracking website visits, our data provides a rich and multi-dimensional view of user activities.

GDPR Compliance and Privacy: We prioritise data privacy and strictly adhere to GDPR guidelines. Our data collection methods are fully compliant, ensuring the protection of user identities and personal information. You can confidently leverage our clickstream data without compromising privacy or facing regulatory challenges.

Market Intelligence and Consumer Behaviour: Gain deep insights into market intelligence and consumer behaviour using our clickstream data. Understand trends, preferences, and user behaviour patterns by analysing the comprehensive user-level, time-stamped raw or processed data feed. Uncover valuable information about user journeys, search funnels, and paths to purchase to enhance your marketing strategies and drive business growth.

High-Frequency Updates and Consistency: We provide high-frequency updates and consistent user participation, offering both historical data and ongoing daily delivery. This ensures you have access to up-to-date insights and a continuous data feed for comprehensive analysis. Our reliable and consistent data empowers you to make accurate and timely decisions.

Custom Reporting and Analysis: We understand that every organisation has unique requirements. That's why we offer customisable reporting options, allowing you to tailor the analysis and reporting of clickstream data to your specific needs. Whether you need detailed metrics, visualisations, or in-depth analytics, we provide the flexibility to meet your reporting requirements.

Data Quality and Credibility: We take data quality seriously. Our data sourcing practices are designed to ensure responsible and reliable data collection. We implement rigorous data cleaning, validation, and verification processes, guaranteeing the accuracy and reliability of our clickstream data. You can confidently rely on our data to drive your decision-making processes.

Dataset on commits (and repositories) on GitHub making reference to data privacy legislation (covering laws: GDPR, CCPA, CPRA, UK DPA).

The dataset contains:
+ all_commits_info_merged-v2-SHA.csv : commits information as collected from various GitHub REST API calls (all data merged together).
+ repos_info_merged_USED-v2_with_loc.csv: repository information with some calculated data.
+ top-70-repos-commits-for-manual-check_commits-2coders.xlsx: results of the manual coding of the commits of the 70 most popular repositories in dataset.
+ user-rights-ω3.csv: different terms for user rights teriminology in legislation.
+ github_commits_analysis_replication.r: main analysis pipeline covering all RQs in the R programming language.

In order to perform also the initial data collection, the GitHub REST API can be used, collecting data using time intervals, for instance:
https://api.github.com/search/commits?q=%22GDPR%22+committer-date:2018-05-25..2018-05-30&sort=committer-date&order=asc&per_page=100&page=1

This dataset accompanies the following publication, so please cite it accordingly:

Georgia M. Kapitsaki, Maria Papoutsoglou, Evolution of repositories and privacy laws: commit activities in the GDPR and CCPA era, accepted for publication at Elsevier Journal of Systems & Software, 2025.

Question 2 National Audit Office (NAO) are the auditors of the NHS Pension Scheme Accounts. The main contact at NAO has not consented to the disclosure and is therefore exempt under 40 subsections 2 and 3A (a) of the Freedom of Information Act 2000, as disclosure of this information would be unfair and as such this would breach the UK GDPR first data protection principle because: a) it is not fair to disclose main contact of the NAO personal details to the world and is likely to cause damage or distress. b) these details are not of sufficient interest to the public to warrant an intrusion into the privacy of the main contact of the NAO. NAO have provided the name of the Auditor General, Gareth Davies Government Internal Audit Agency (GIAA) currently provide Internal Audit for the NHSBSA. This includes the following areas of NHS pensions for 2023/24: Member Data McCloud and other Legislative Changes . Pensions Annual Allowance Charge Compensation Scheme (PAACCS) My NHS Pensions Portal Government Internal Audit Agency (GIAA) - The main contact at GIAA has not consented to the disclosure and is therefore exempt under 40 subsections 2 and 3A (a) of the Freedom of Information Act 2000, as disclosure of this information would be unfair and as such this would breach the UK GDPR first data protection principle because: a) it is not fair to disclose main contact of the Government Internal Audit Agency’s personal details to the world and is likely to cause damage or distress. b) these details are not of sufficient interest to the public to warrant an intrusion into the privacy of the main contact of the Government Internal Audit Agency. Please click the below web link to see the exemption in full. https://www.legislation.gov.uk/ukpga/2000/36/section/40 Question 3 National Audit Office (NAO) National Audit Office 157-197 Buckingham Palace Road London SW1W 9SP Government Internal Audit Agency (GIAA) Governance Team Corporate Services Directorate Government Internal Audit Agency 10 Victoria Street Westminster London SW1H 0NB United Kingdom Question 4

During an April 2024 survey carried out among retail and e-commerce advertising decision-makers from the United Kingdom (UK), ** percent of respondents stated they planned to use Google Analytics 4 (GA4) after the phase-out of third-party cookies in Chrome in 2024. GA4 was ruled uncompliant with the European Union's General Data Protection Regulation (GDPR) in 2022.

UK whatsapp number list is one of the latest tools that will meet your needs. Moreover, this directory is the latest creation of List to Data. With this, you can contact the corporate leaders of your target firms, who might assist you in achieving your objective. Furthermore, we keep the UK whatsapp number list GDPR standards and have well-constructed verified data. We regularly update the data as well. Not to mention that it will allow you to interact with potential investors. It will therefore assist you in generating more sales leads and boosting your company’s revenue. UK whatsapp phone number data contains the contact addresses of the people who live in the country. You can get thousands of contacts and other information in this database. UK whatsapp phone number data can boost digital marketing campaigns. Running an online campaign is crucial right now if you want to stay in the spotlight. You cannot accomplish anything without the internet and digital marketing. Indeed, we all understand that at this time it is a must to communicate. We cannot overlook the fact that gadgets are used by everyone. Because of this, we must face reality and update our marketing strategy.

‘I be provided with the names, qualifications, and declarations of interest for any medical assessors who have provided opinions on my case to date.’ Our response Qualifications or Declarations of Interest The NHSBSA does not hold information on the medical assessors' qualifications or declarations of interest. This is because their medical qualifications and experience are the responsibility of the third-party medical assessment supplier. I hope, however, that the following information provides reassurance on this point: Each case is considered on its own merits by an experienced medical assessor. The contract with our supplier does not require them to tell us details of the medical assessors’ qualifications or experience. The contract requires that all assessments carried out are undertaken by suitably qualified and experienced Registered Medical Practitioners. This includes being registered on the UK General Medical Council register, with a licence to practise and meet or exceed the following requirements: they are a Registered Medical Practitioner with at least five years’ post graduate experience; and they have experience of the performance of medical and/ or disability assessment, addressing questions of causation and impact in the context of legislative or policy requirements to assist the decision maker Name(s) Regarding the name of the assessor(s), I can confirm that this information is held by the NHSBSA as it is included in the medical report received from the medical assessment supplier. All medical assessors are UK based. The name and location of the medical assessor is redacted before this report is disclosed to the claimant or their representative. Given this will allow the medical assessor to be identified, this information would not be disclosed under the exemption in section 40 subsections 2 and 3A (a) of the Freedom of Information Act. The expectation of the medical assessors is that they will remain anonymous and will therefore not be subject to contact or pressure from claimants or campaigning groups. Given the likelihood their name and location will identify the medical assessor, there is a reasonable expectation that this information will not be disclosed under FOI. Disclosing this information would be unfair and as such, this would breach the UK GDPR first data protection principle. Disclosure of the name and location is likely to result in considerable distress to the medical assessor. Therefore, this information falls under the exemption in section 40 subsections 2 and 3A (a) of the Freedom of Information Act. This is because it would breach the first data protection principle as: a. it is not fair to disclose medical assessors’ personal details to the world and is likely to cause damage or distress b. these details are not of sufficient interest to the public to warrant an intrusion into the privacy of the medical assessor The requested information is exempt if disclosure contravenes any of the data protection principles. For disclosure to comply with the lawfulness, fairness, and transparency principle, we either need the consent of the data subject(s) or there must be a legitimate interest in disclosure. In addition, the disclosure must be necessary to meet the legitimate interest and finally, the disclosure must not cause unwarranted harm. This means that the NHSBSA is therefore required to conduct a balancing exercise between the legitimate interest of the applicant in disclosure against the rights and freedoms of the medical assessor. While I acknowledge that you have a legitimate interest in disclosure of the information, the disclosure of the requested information would cause unwarranted harm. Disclosure under FOIA is to the world and therefore the NHSBSA has to consider the overall impact of the disclosure and its duty of care. The expectation of the medical assessors is that they will remain anonymous and will therefore not be subject to contact or pressure from claimants or campaigning groups. Given the certainty that the name will identify them, there is a reasonable expectation that this information will not be disclosed under the FOIA. Disclosing this information would be unfair and as such would breach the UK General Data Protection Regulation first data protection principle. Please see the following link to view the section 40 exemption in full: https://www.legislation.gov.uk/ukpga/2000/36/section/40 In addition, the medical assessor has not consented to this disclosure.

Thank you for your request for information about the following: Request You asked us: ‘I require the following under my rights in the UK GDPR, the Data Protection Act 2018, and the Freedom of Information Act 2000: • The full name and professional registration number of the independent medical assessor who reviewed or is currently reviewing my claim • The name and registered address of the organisation/company employing them • Details of who owns and/or controls that organisation, including parent companies • Details of who funded the assessor’s work on my case and the terms of payment (hourly, per case, etc.) The NHS Business Services Authority (NHSBSA) received your request on 11 August 2025. We have handled your request under the Freedom of Information Act 2000 (FOIA). Our response I can confirm that the NHSBSA holds some of the information you have requested and a copy of the information. Question 1 - The full name and professional registration number of the independent medical assessor who reviewed or is currently reviewing my claim Name(s) The following response does not relate to a specific claim or claimant. The request is being answered more generally given requests under FOIA are requester-blind, that is to say the identity of the requester is not taken into account when considering a request for information under FOIA. I can confirm that we do hold the names of the medical assessors however, we consider the names of the medical assessor to be personal data under the Data Protection Act 2018. Please be aware that I have decided not to release the names of the medical assessors as this information falls under the exemption in section 40 subsections 2 and 3(A)(a) of the FOIA. This is because disclosure of their names would result in their identification. As the requested information would allow a medical assessor to be identified, I consider this information is exempt. This is because it would breach the first data protection principle as: a) it is not fair to disclose their personal details to the world and is likely to cause damage or distress. b) these details are not of sufficient interest to the public to warrant an intrusion into their privacy. The requested information is exempt if disclosure would contravene any of the data protection principles. For disclosure to comply with the lawfulness, fairness, and transparency principle, we either need the consent of the data subject(s) or there must be a legitimate interest in disclosure. In addition, the disclosure must be necessary to meet the legitimate interest and finally, the disclosure must not cause unwarranted harm. This means that the NHSBSA is therefore required to conduct a balancing exercise between the legitimate interest of the applicant in disclosure against the rights and freedoms of the medical assessor. While I acknowledge that you have a legitimate interest in disclosure of the information, the disclosure of the requested information would cause unwarranted harm. Disclosure under FOIA is to the world and therefore the NHSBSA has to consider the overall impact of the disclosure and its duty of care. The expectation of the medical assessors is that they will remain anonymous and will therefore not be subject to contact or pressure from claimants or campaigning groups. Given the certainty that the name and will identify them, there is a reasonable expectation that this information will not be disclosed under the FOIA. Disclosing this information would be unfair and as such this would breach the UK General Data Protection Regulation first data protection principle. Please see the following link to view the section 40 exemption in full: https://www.legislation.gov.uk/ukpga/2000/36/section/40 Question 2 - The name and registered address of the organisation/company employing them The prime contractor delivering the service is: Crawford & Company Adjusters (UK) Limited The Hallmark Building 106 Fenchurch Street London EC3M 5JE Question 3 - Details of who owns and/or controls that organisation, including parent companies The parent company is Crawford & Company Adjusters (UK) Limited. Question 4 - Details of who funded the assessor’s work on my case and the terms of payment (hourly, per case, etc.) The NHSBSA administers the Vaccine Damage Payment Scheme (VDPS) on behalf of DHSC and contracts a third-party supplier for the provision of medical assessments under the scheme. The third-party supplier is paid by the NHSBSA