Legal Guidance and Research / Experts / Dan Hyde
Dan Hyde#2232
LinkedIn External

Professor Dan Hyde

HCR Law
Professor Dan Hyde writes, lectures and practises innovative law. A pioneer of the law as it applies to emerging tech he is a leading cybersecurity lawyer and advised the Law Commission on its recent review of cybersecurity and data protection law in the UK. He delivers talks around the World, is a Visiting Professor of Law at Queen Mary, University of London and authored the first UK published books on cybersecurity law and the international regulation and challenges of cryptocurrency and blockchain. He is a partner at Harrison Clark Rickerbys and has been instructed in a number of high profile, ground breaking cases which frequently involve elements of cyber and emerging tech.

An Officer of the International Bar Association he has been described by the Legal 500 as “a lawyer of the highest calibre”. Dan's commentaries have broadcast on national and international television and featured in the national press.

Practice Areas

Panels

  • Contributing Author
  • Q&A Panel

Qualified Year

  • 1993

Experience

  • HCR (2020 - 2021)

Membership

  • Publications Officer, International Bar Association
  • Fraud Lawyers Association
  • City of London Law Society
  • Law Society of England and Wales

Qualifications

  • Masters in Business (Cantab)
  • Batchelor of Laws LLB (Hons)
  • Post Grad Diploma in Law
  • Admitted Solicitor

Education

  • University of Cambridge
  • Newcastle Law School
  • University of Law (Guildford)

4 Contributions by Dan Hyde

Data Protection Act 1998 offences (archived): unlawful obtaining and sale of personal data, prohibition on requiring SAR records, defences and sentencing (UK; pre‑25 May 2018)
PRACTICE NOTES
Data Protection Act 1998 offences (archived): unlawful obtaining and sale of personal data, prohibition on requiring SAR records, defences and sentencing (UK; pre‑25 May 2018)
Archived: This Practice Note is archived and no longer maintained. This Practice Note concerns the commission of data protection offences before 25 May 2018. Where a data protection offence occurred before 25 May 2018, it may still be prosecuted under the Data Protection Act 1998 (DPA 1998), even though that legislation has been repealed by the Data Protection Act 2018 (DPA 2018). Where an offence is committed on or after 25 May 2018, charges should be considered under the DPA 2018. See Practice Note: Offences under the Data Protection Act 2018. The offences of unlawful obtaining of personal data under the DPA 1998 Note that these offences cannot be committed after 25 May 2018. The DPA 1998 includes various criminal offences that can be prosecuted by the Information Commissioner or the Director of Public Prosecutions, who must give their consent for such prosecutions. Unlawfully obtaining personal data: DPA 1998, section 55, makes it an offence to obtain personal data unlawfully...
Corporate Crime
Historic notification offences under the Data Protection Act 1998 (pre‑25 May 2018): elements, exemptions, defences, corporate liability and sentencing
PRACTICE NOTES
Historic notification offences under the Data Protection Act 1998 (pre‑25 May 2018): elements, exemptions, defences, corporate liability and sentencing
Archived: This Practice Note has been archived and is not maintained. It is intended for situations where a notification offence arose before 25 May 2018. If a notification offence occurred prior to 25 May 2018, it may still be prosecuted under the Data Protection Act 1998, notwithstanding that the legislation has been repealed. Notification offences under the DPA 1998 cannot be committed after 25 May 2018. The Data Protection Act 2018 (DPA 2018) contains no corresponding notification offences, so any such offence could only have been committed historically, before 25 May 2018 when the DPA 1998 was in force. For information on the data protection offences created by the DPA 2018, see Practice Note: Offences under the Data Protection Act 2018. Notification required under the Data Protection Act 1998 Note that these offences cannot be committed after 25 May 2018. Failure to notify the Information Commissioner — under the DPA 1998, data controllers who processed personal data were required to register their processing with the Information Commissioner for the purposes of the register maintained by the ICO...
Corporate Crime
UK law enforcement and intelligence processing of personal data: DPA 2018 Parts 3–4 and DUAA 2025 reforms—principles, sensitive data, data subject rights, transfers, automated decisions, governance and compliance
PRACTICE NOTES
UK law enforcement and intelligence processing of personal data: DPA 2018 Parts 3–4 and DUAA 2025 reforms—principles, sensitive data, data subject rights, transfers, automated decisions, governance and compliance
The handling of personal data for policing objectives is expressly and specifically governed by Part 3 of the Data Protection Act 2018 (DPA 2018) and operates as a separate and distinct regime from the general processing of personal data under the UK General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR). DPA 2018, Pt 3 applies to those competent authorities that process personal data for ‘law enforcement purposes’. It includes processing for preventing, investigating, detecting or prosecuting criminal offences, or carrying out criminal penalties, and encompasses safeguarding against, and preventing, threats to public security. DPA 2018, Pt 3 transposed the EU Law Enforcement Directive (EU) 2016/680 (EU LED) into UK law. The Information Commissioner’s Office (ICO) has issued guidance specifically on duties under DPA 2018, Pt 3, which is essential reading for advisers in this field. The ICO guidance, currently under review, can be accessed here. The Data (Use and Access) Act 2025 (DUAA 2025) brings substantial changes to the DPA 2018 and UK GDPR. In respect of law enforcement processing of personal data, DUAA 2025 revises DPA 2018, Pt 3 so that it more closely aligns with those provisions of UK GDPR, in particular in relation to the...
Corporate Crime
US-EU/UK corporate investigations: managing personal data, GDPR transfer mechanisms, interviews, privilege and regulator co-operation [Archived]
PRACTICE NOTES
US-EU/UK corporate investigations: managing personal data, GDPR transfer mechanisms, interviews, privilege and regulator co-operation [Archived]
ARCHIVED: This Practice Note is archived and not maintained. It considered data protection and personal data sharing questions arising in cross-border investigations involving US and EU companies prior to the ruling in Facebook Ireland and Schrems (Case C-311/18), where the Court of Justice of the European Union struck down the EU-US Privacy Shield and confirmed that any use of standard contractual clauses (SCCs) must, in practice, provide an adequate level of protection for personal data, following a case by case evaluation of the circumstances of the transfer. For details on sharing personal data between the UK and EU in light of that judgment and IP completion day, see Practice Notes: Data protection and internal investigations, and UK GDPR and EU GDPR—transfers of personal data internationally and to international organisations. Who is the investigator? Gathering, preserving and reviewing evidence is fundamental to any investigation, whether it is: an internal company inquiry; an internal inquiry carried out under the oversight of a regulator or prosecuting authority; or a criminal investigation. At the start, the company should undertake a high-level data-mapping exercise to determine where corporate data are stored...
Corporate Crime
Expert page AD
If you expected to see yourself on this page, click here.