A global investigation by data protection regulators, including the UK’s ICO, found that website’s privacy policies tended to be inadequate in providing the information visitors to the sites need to understand how their data is collected and processed. The ICO reviewed 30 websites in the UK and found: 26 out of the 30 didn’t specify how and where data would be stored Detail about international transfer of data (i.e. outside the EEA) was often unclear 26 out of the 30 […]
Last week Microsoft announced that it will be launching a Compliance Manager across it’s cloud offering which will help organisations meeting their online compliance requirements, citing GDPR as one such compliance challenge. Microsoft says its Compliance Manager is “designed to help organizations meet complex compliance obligations like the GDPR. It performs a real-time risk assessment that reflects your compliance posture against data protection regulations when using Microsoft Cloud services, along with recommended actions and step-by-step guidance.” The Compliance Manager should […]
Today the ICO published a new blog post about it’s approach to processing Binding Corporate Rules (BCRs) applications. BCRs are used to allow intra-group transfer of data where the transfer is outside the EEA. Simply, put they allow a business to arrange the transfer of EU related data to a part of their business that’s outside Europe. The process requires the company to submit the BCRs to a “lead authority” (determined on their HQ location), these are then discussed between […]
This week, WordPress security plugin Wordfence, reported on security vulnerabilities in three WordPress plugins, including one in the very popular SEO plugin, Yoast SEO. If you use Yoast SEO on your WordPress site and haven’t upgraded to version 5.8.0 you are advised to do so immediately. If you’re running Wordfence then you’re already protected, but should update Yoast anyway.
Hub Changelog v1.0.6 – 18th November 2017 We’re continuing to work on our detailed overview of the GDPR, within the data protection section, where we break the GDPR down into it’s main sections. This week we’ve published some information about: The lawful basis for processing Full changelog archives
On the 1st November, the Information Commissioner’s Office (ICO) launched a dedicated support helpline for SMEs and charities needing help with the new GDPR data protection changes that are coming next year. The ICO say “the phone service is aimed at people running small businesses or charities and recognises the particular problems they face getting ready for the new law” with the Commissioner herself adding: All organisations have to get ready for the new data protection rules, but we recognise […]
There’s a question about whether it’s coming quick enough, but the EU’s Article 29 Working Party appear to be on the role with their GDPR guidance. They have recently published guidance for supervisory authorities (e.g. ICO) on fining and on Data Protection Impact Assessments (DPIA), plus are currently consulting on a couple of other pieces of guidance: Guidelines on personal data breaches Guidelines on automated decision making and profiling Anyone wishing to comment on these guidelines needs to pass their […]
The Article 29 Working Party (all the EU regulators) have published guidance to help statutory bodies (regulators such as the ICO) in their deliberations over what action to take when a breach of the GDPR data protection rules occurs by a Data Controller or Data Processor. Of course, it’s well known that under the GDPR fines for serious breaches can be as much as 4% of global turnover or €20m, which ever is higher – a fact that appears to […]