Due to the fast-moving nature of this area, particularly in light of uncertainties surrounding the UK position post-Brexit, some of the latest developments, guidance, official releases and case studies from reliable and credible sources are presented and updated regularly to keep abreast of developments.
April 12, 2018. The Information Commissioner’s Office has fined Humberside Police £130,000 for failing to take appropriate and effective steps to secure the video interview of the victim of an alleged rape. The case involved unencrypted discs, containing sensitive personal data, which were left in an envelope in an officer’s desk and went missing. The force had an ...
April 12, 2018. On 9th April, the ICO held a data protection conference in Manchester. The full agenda and a recording of the auditorium sessions can be seen via this link to the ICO web page: https://ico.org.uk/global/data-protection-practitioners-conference-2018 Some of the key outputs of the conference include: Recognition that because of the culture shift involved in adapting to the ...
March 26, 2018. In addition to the ICO ‘Guide to the GDPR’, a series of short articles usefully expands on the particular requirement under the Regulation for controllers to document all activities. Link to the guidance is here.
February 28, 2018. Today (28th February 2018) marked the end of the consultation period for the Information Commissioner’s draft guidance in respect of processing children’s data under the GDPR. A final version will be published in due course, taking into account the results of the consultation. Nevertheless, the principles and requirements will not change substantially. This comprehensive and ...
February 28, 2018. The need for alignment with the European data protection framework, particularly in respect of law enforcement purposes, was emphasised by the Prime Minister recently. In her speech in Munich on 17th February, Theresa May referred to the UK’s high standards of data protection and the importance of creating stability and confidence for citizens. While much ...
February 14, 2018. The Article 29 Working Party (WP29) is an independent body that advises the European Commission about data protection matters. Established under Article 29 of the Data Protection Directive (95/46/EC), the party is composed of: Representatives of the national supervisory authorities in the Member States; Representative of the European Data Protection Supervisor (EDPS); Representative of the ...
February 14, 2018. The Article 29 Working Party (WP29) is an independent body that advises the European Commission about data protection matters. Established under Article 29 of the Data Protection Directive (95/46/EC), the party is composed of: Representatives of the national supervisory authorities in the Member States; Representative of the European Data Protection Supervisor (EDPS); Representative of the ...
February 1, 2018. The European commission issued a document on 24 January 2018, which provides a useful overview of what has been achieved so far in terms of preparing for GDPR compliance. It also sets out what is yet to be achieved by 25 May 2018. Paragraph 3.4 of the Communication addresses the need for businesses, public administrations and other ...
January 31, 2018. Privacy and data protection issues are big news, particularly since the Snowden revelations in 2013. Actions by individuals and privacy action groups over the past few years have not only increased public awareness and sensitivity but have literally changed the law. Examples include: Invalidation of the Data Retention Directive; Invalidation of the Safe Harbour Agreement; ...
January 25, 2018. The European Commission has just launched a website for the purpose of providing clarity and support for GDPR compliance. The sections on the website range from reiterating the aims and objectives of the new legislation, to providing explanatory documents aimed at the various stakeholders. Of particular interest is the guidance: ‘Public administrations and data protection’. ...
January 15, 2018. The Government has published a Procurement Policy Notice (PPN) that sets out compliance requirements for the forthcoming GDPR in this respect. Although aimed particularly at central government, it may also be relevant to other public bodies. Guidance is provided in respect of reviewing existing contracts, ascertaining duties and obligations and suggested clauses are included, which ...
January 12, 2018. A recent survey carried out for the Information Commissioner’s Office indicates a lack of trust and confidence on the part of the public when it comes to businesses and organisations processing their personal data. However, the survey does show that public bodies are more trusted than private organisations with 53% having trust in the police ...
January 12, 2018. The case of Barbulescu v. Romania Application no. 61496/08 [2016] ECHR 61 (12 January 2016) (available here ) clearly set out the limits in relation to monitoring employee communications. The case involved the dismissal of an employee as a result of his personal communications at work, which were monitored. The Grand Chamber of the European Court ...
January 12, 2018. Although the sanctions for breaching the provisions of the GDPR have been widely circulated and are far higher than the current maximum fine (£500,000), the ICO has stated many times that fines are the last option; providing support and assistance are greater priorities and the first course of action that they will take, depending on ...
January 12, 2018. The GDPR will be in force from 25 May 2018, meaning that the UK must comply with its requirements as a European Member State. However, on exiting the European Union, the UK has stated that it will retain European standards in respect of data protection and will incorporate the GDPR into its national legislation. This ...