Follow us

The UK data protection regulator, the Information Commissioner’s Office (ICO), has issued its first enforcement notice under the EU’s new strict data protection law, the General Data Protection Regulation (679/2016/EU) (GDPR). The notice is particularly noteworthy because it has been issued against a company located in Canada, which does not appear to have any presence within the EU.

Not only is it the first extra-territorial notice issued by the ICO under the GDPR, but it is the first action ever taken by the ICO against an entity outside the UK. It is understood that the notice is being appealed. The extraterritorial reach of the GDPR is as yet untested and, without any regulatory guidance as to interpretation, how that appeal plays out may be an early indicator as to the issues that could arise in extra-territorial enforcement under the GDPR.

Click here for the full article.



Miriam Everett photo

Miriam Everett

Partner, Global Head of Data Protection and Privacy, London

Miriam Everett
Peggy Chow photo

Peggy Chow

Of Counsel, Singapore

Peggy Chow

Related categories

Key contacts

Miriam Everett photo

Miriam Everett

Partner, Global Head of Data Protection and Privacy, London

Miriam Everett
Peggy Chow photo

Peggy Chow

Of Counsel, Singapore

Peggy Chow
Miriam Everett Peggy Chow