EU adopts data protection adequacy decision regarding Japan

EU Japan agree data protection adequacy

In September 2018 the EU launched its process for adopting an adequacy decision under the GDPR after negotiations concluded between the EU and Japan in July 2018. This process completed on 23rd January 2019 when the European Commission formally adopted the adequacy decision. The agreement, which comes into effect immediately means that it is now …

Read moreEU adopts data protection adequacy decision regarding Japan

First significant GDPR fine hits Google (£44m)

Google fined for consent issues

The French data regulator, CNIL, (the French equivalent of the UK’s ICO) has fined Google €50m, a record when it comes to data protection fines. The fine follows an investigation after a complaint from privacy rights groups noyb and La Quadrature du Net in May last year about the way consent is collected by Google, for …

Read moreFirst significant GDPR fine hits Google (£44m)

When should Data Controllers be auditing their Processors?

third-party data processor due diligence checks

Whilst there has always been a responsibility on Data Controllers (those who collect and determine how personal data is processed) to ensure that their Data Processors (organisations actually doing the processing on the request of the Controller) are compliant (particularly with security) the GDPR upped the liabilities and responsibilities of both Controllers and Processors. Specifically …

Read moreWhen should Data Controllers be auditing their Processors?

ICO -v- SCL Elections case highlights data protection applies to non-EU citizens too

ICO data protection enforcement

The ICO have taken SCL Elections Ltd (AKA Cambridge Analytica) to court, and won, over a failure to comply with an enforcement notice issued to the company back in May 2018 further to a complaint and investigation that took place towards the end of 2017. Whilst Cambridge Analytica is probably best known for it’s part …

Read moreICO -v- SCL Elections case highlights data protection applies to non-EU citizens too

Is “do I need a DPO?” the right question?

Do I need a DPO?

When the GDPR came into force back in May last year one of the changes introduced was the concept of having a Data Protection Officer of DPO. Whilst for some organisations a DPO is now compulsory, there’s an argument for most organisations having a DPO (of some kind), mandated or not. Those mandated to have …

Read moreIs “do I need a DPO?” the right question?

Personal director liability under PECR introduced

On 17th December 2o18 a new PECR amendment regulation (Privacy and Electronic Communications (Amendment) Regulations 2018) came into force. The updated regulation extends the powers of the Information Commissioner’s Office (ICO) to enable them to fine “officers” of data controllers for breaches of the Regulation relating to electronic marketing including unsolicited marketing, automated calling, etc. …

Read morePersonal director liability under PECR introduced

What’s new on the Hub: January 2019

Digital Compliance Updates

Here’s an overview of new content and features added to the Hub in the last month New Controller & Processor relationship section What you need to know articles How to carry out due diligence guide Third-party data processing agreement templates (controller and processor) Compliance poster Due diligence checklist Are you compliant? interactive checklist Is my …

Read moreWhat’s new on the Hub: January 2019

ICO continues with its fee chasing: care homes on the ICO radar

ICO fines for not paying fee

Back in November 2018, the ICO issued a number of fines to organisations who failed to register under the new data protection fee scheme. Action for failure to register looks set to continue as last month the ICO issued a warning to care home services, highlighting “All organisations that are required to pay the data …

Read moreICO continues with its fee chasing: care homes on the ICO radar