How to avoid an unneccesary DPIA
A Data Processing Impact Assessment (DPIA) is a process designed to help organisations systematically analyse, identify and minimise the data protection risks of a project or plan.
What impacts will a no deal Brexit have on data protection?
In a no deal Brexit, what rules will apply to privacy, data protection, direct marketing and electronic communications?
GDPR five months on: ICO guidance update
It's been five months since GDPR became enforceable. The 25 May deadline has come and gone, but organisations must continue to focus on their data protection obligations - the Information Commissioner has referred to this as an ongoing compliance journey.
Another week, more breach related fines - and check if you need to register!
The ICO continues to undertake enforcement action under the previous Data Protection Act 1998. It applies where the breach was before 25 May 2018, when the GDPR and Data Protection Act 2018 came into force.
GDPR... What next...?
The 25 May 2018, when GDPR, and the associated UK Data Protection Act 2018, came into force was a landmark date for data privacy, but fast forward nearly six months, what should you be doing now?
Three eras - the sunset of £500K, the dawn of GDPR enforcement and the horizon of Brexit
In just a short space of time, the ever-evolving world of data protection and cyber has seen yet more change:
Notification: Facebook - you have a £500,000 fine from the Information Commissioner's Office
Facebook is set to be fined £500,000, the maximum amount possible, for two breaches of the Data Protection Act 1998 (DPA 1998).
Well this is the start of the regulated journey to compliance. Much has been achieved in the just over two years since the GDPR was published in the Official Journal of the European Union, but the data protection landscape is an evolving one.
Consent: Double-edged sword and the progression towards other legal bases for processing
The GDPR sets out six lawful 'bases' for processing, consent being one of them. However, consent has historically been the favoured basis as genuine consent puts individuals in control, building customer trust as well as enhancing your reputation.
Data retention - what impact does the GDPR have for employers?
The GDPR will undoubtedly involve a shake-up of the way businesses approach and, crucially, evidence their data protection compliance, not least in terms of how they retain personal data. We consider the implications of GDPR on data retention below.
GDPR - 100 days and counting: Are you ready?
With just 100 days to go until the General Data Protection Regulation (GDPR) comes into force, many employers are still grappling with the requirements of the new regime. What steps should employers be taking to ensure they are ready for 25 May 2018?
Data subject access requests - Access granted
Recent court decisions have highlighted that data subject access requests are no longer simply a tool to check whether data is processed lawfully, but have become a recognised litigation tactic.
Liability ruling in UK data leak class action
Last week the High Court ruled a large retail company to be vicariously liable for a leak of its employees' data, in the first US-style class action in the UK involving a personal data breach.
GDPR - less than 6 months left...
With 177 days to go until The General Data Protection Regulation kicks in, what should businesses be doing when faced with this deadline?
GDPR - A general overview
The General Data Protection Regulation ('GDPR') takes effect from 25 May 2018 and was introduced to further harmonise and modernise data protection procedures.
New EU Data Protection Regulation: New Regulation Approved
It has taken a lengthy legislative process but on 14 April 2016 the European Parliament voted to replace the existing EU Data Protection Directive with the General Data Protection Regulation; a significant landmark in data protection legislation.
New EU data protection regulation: compliance in an evolving privacy landscape
Some four years in the making, the General Data Protection Regulation (the Regulation) is now in an agreed form pending formal ratification by the EU.
The EU-US Privacy Shield - a new safe harbor?
The European Court of Justice ruled last October that the data sharing framework between the EU and US, referred to as Safe Harbor, is no longer valid.
Monitoring employees' communications: EU case sends wrong message
Employers should be cautious after a recent decision was widely reported as a 'green light' to read employees' person communications at work; this is not the case.
European Copyright Law - four megatrends
With concrete proposals for amendments to European copyright law not due until this autumn, now is a good time to take stock.
New audit powers for the ICO
As of 1 February, the Information Commissioner's Office (ICO) can force public healthcare organisations to undergo compulsory audits of their Data Protection Act 1998 compliance, a power that previously only applied to central government departments.
Google v Vidal-Hall: how the cookie crumbled in the Court of Appeal...
Last month saw the Court of Appeal upholding the judgment of the High Court that 3 claimants resident in England could bring claims in England against US-based Google Inc for misuse of private information and breach of the Data Protection Act 1998 (DPA).
Privacy watchdog: baring its teeth to protect consumers
In our increasingly complex world information security and data misuse is under ever greater scrutiny.
ICO issues Enforcement Notice in response to Office data security breach
Shoe retailer, Office, has become the latest retailer to have its knuckles wrapped by the Information Commissioner's Office (ICO) following a data protection breach which resulted in more than one million customer records being exposed.
Are you collecting the right marketing consents?
Well-known chain store John Lewis has been ordered to pay damages to an individual who received marketing emails without having consented to receiving them.
EU Data Protection Reform - The removal of red tape for SMEs
One step closer to implementation of the reforms relating to EU data protection regulation, this article looks at some of the implications that the reforms are likely to have for SMEs.
A new dawn for defamation?
The Defamation Act 2013 comes into force on 1 January 2014. We provide details of the new regulations that will govern website operators when on notice of a complaint about online material.
Ministry of Justice fined £140k for 'sensitive personal data' breach
The Ministry of Justice has been fined £140,000 by the Information Commissioner's Office (ICO) for a serious breach of the Seventh Data Protection Principle.
Data protection reform: A softening of approach?
Proposed data protection reforms have been the subject of much discussion, debate and lobbying since the draft regulation was first issued in January 2012.
Data protection: Time to take action
On 25 January 2012, the European Commission decided that a substantial overhaul of data protection regulation is required and issued its proposals for change.
New guidance leaves crucial data protection compliance questions unanswered
One of the best known rights enshrined in the Data Protection Act 1998 is the right of individuals to make data subject access requests (DSARs) of any organisation they believe is holding - described by the Act as processing - their personal data.
Google auto complete function: Time to clean up its act?
Have you ever been impressed with the ability of Google to read your mind when you type a phrase into the search box and it finishes off your sentence?
Bring your own device: ICO publishes new guidance
A survey by the Information Commissioner's Office (ICO) has revealed that 47% of all UK adults now use their personal smart phone, laptop or tablet computer for work purposes - known as 'bring your own device' (BYOD).
Loss of disciplinary data leads to large fine
The Nursing and Midwifery Council has been fined £150,000 by the Information Commissioner's Office for losing three DVDs which contained evidence relating to a disciplinary investigation.
Online behavioural advertising: The new rules
From 4 February 2013, organisations using targeting advertising online - known as 'online behavioural advertising' (OBA) - will be required to tell web users about their use of OBA and allow them to opt-out of having their data collected and used for OBA.
Construction blacklisting: ICO under scrutiny
The Information Commissioner's handling of the blacklisting of construction workers scandal is under scrutiny in Parliament.
Are you breaching your ongoing duty of care under the Data Protection Act?
£325,000 - the largest Civil Monetary Penalty issued to date by the Information Commissioner's Officer (ICO) for breach of the Data Protection Act (DPA).
Cloud computing: Data protection issues
According to a recent article by Shoosmiths, the cloud software market generated $22 billion in revenue in 2011, and expects growth to $67.3 billion by 2016
Failure to rectify data mix-up leads to ICO fine
The Information Commissioners Office has fined an insurance company for mixing up two customers' accounts and failing to rectify the mistake
Data protection notification: Is your organisation committing a criminal offence?
Some organisations may be falling foul of the Data Protection Act 1998 by failing to notify details of their personal data processing to the Information Commissioner's Office (ICO).