Francesca Fellowes

Francesca Fellowes’ practice covers both commercial and intellectual property work. She has substantial experience in all aspects of non-contentious commercial work and specialises in both contentious and non-contentious intellectual property work. She also has a specialist knowledge of data protection law and in particular, advising on the compliance aspects of and project-managing multi-jurisdictional projects for global clients.

Data ProtectionVirgin Media is reportedly one of the latest UK companies to suffer a data security breach. On 5 March 2020, it published a statement on its website explaining that one of its databases had been accessed without Virgin Media’s authorisation, due to a configuration issue. It is reported that the database had been left unsecured since April 2019 and that it contained information about (approximately) 900,000 existing and potential customers. Virgin Media states that the compromised information was mostly limited to contact and product data and importantly, did not contain financial information or passwords.

The statement sets out a number of frequently asked questions, with easy to understand responses. The ICO and affected data subjects have been notified and the statement provides customers with information about possible scams and phishing attacks aimed at helping them to better protect themselves and be aware of the risks in a heightened risk environment, in light of the incident.
Continue Reading Virgin Media suffers Data Security Breach

In an October 28, 2019 blog post, Director for Regulatory Assurance, Ian Hulme, announced that the UK Information Commissioner’s Office (“ICO”) is developing a new ‘accountability toolkit’ which it plans to launch next year. The aim of the toolkit will be to support organisations in demonstrating their compliance with the ‘accountability principle’ under the GDPR

The European Data Protection Board has adopted final Guidelines on the processing of personal data using the “necessary perform a contract” lawful basis under Article 6(1)(b) of the GDPR, in the context of the provision of online services.

Article 6(1)(b) of the GDPR provides a lawful basis for the processing of personal data to the extent that the processing is:

  • Necessary for the performance of a contract to which the data subject is a party; or
  • In order to take steps at the request of the data subject prior to entering into a contract.

The Guidelines outline the elements of lawful processing under Article 6(1)(b) and focus in particular on the concept of ‘necessity’. They begin by examining the interaction between this lawful basis and other obligations under the GDPR.
Continue Reading When is it ‘Necessary’ to Process Personal Data to Perform a Contract?

Regulators across Europe, have recorded a sharp increase in the number of data-related complaints and data breach notifications since the General Data Protection Regulation (GDPR) came into force on 25 May 2018. The GDPR has radically reshaped how businesses can collect, use and store personal information. As a result of the new and expanded rights for people to know how their data is being used, and to decide whether it is shared or deleted, regulators are being overwhelmed with complaints and businesses are increasingly finding themselves subject to data breaches.
Continue Reading Post GDPR Rise in Data-Related Complaints and Data Breach Notifications