Pension company fine highlights perils of bad advice and non-compliance

ICO fines company for unsolicited emails

Grove Pension Solutions Ltd has been fined £40,000 for sending just over 2 million unsolicited emails. What’s interesting about this case is that a third-party was used to send the emails making use of hosted marketing campaigns. They even checked with a data protection expert and lawyer before instructing the marketing program to be carried …

Read morePension company fine highlights perils of bad advice and non-compliance

Small businesses at greater data and cyber-security risk

small businesses not doing enough to protect cyber security

According to the Would you be ready for Cyber Attack? report from Business in the Community small businesses are not investing as much time or money into their own cyber-security as medium size businesses. The report also makes the point that often small and medium businesses can be a threat to the security of larger businesses …

Read moreSmall businesses at greater data and cyber-security risk

ICO fines Vote Leave for marketing consent failings

ICO fines vote leave for marketing consent failings

Vote Leave has been fined £40,000 by the ICO for sending over 196,000 unsolicited text messages in the run up to the 2016 Brexit referendum. The enforcement has been actioned as a breach of the Privacy and Electronic Communications Regulations (PECR) which regulate (amongst other things) direct marketing activities. Specifically PECR requires organisations to have …

Read moreICO fines Vote Leave for marketing consent failings

ICO building an AI auditing framework

ICO AI Framework

The ICO have launched a new AI Auditing Framework blog which will provide updates and discussion around their work on developing a framework to give them “a solid methodology to audit AI applications and ensure they are transparent, fair; and to ensure that the necessary measures to assess and manage data protection risks arising from them are …

Read moreICO building an AI auditing framework

Security Alert: WordPress 5.1.1 security release

WordPress security updates

As of March 12th 2019, WordPress 5.1.1 is available. This is a security and maintenance release meaning that it patches some security issues. Details of the vulnerabilities are limited in their release notes, but if you’re running a WordPress site you should check that your site is updated to the latest release to make sure …

Read moreSecurity Alert: WordPress 5.1.1 security release

Are you going to be audited by the ICO?

Could the ICO audit us

Article 58 of the GDPR gives data protection authorities (the national data protection regulators – ours is the Information Commissioner’s Office (ICO)) the power to carry out investigations in the form of compulsory data protection audits. The idea is that such audits enable the regulator to assess an organisation’s data and privacy compliance. What’s the …

Read moreAre you going to be audited by the ICO?

Review of data protection compliance indicates room for improvement

data protection research indicates room for improvement

The annual Global Privacy Enforcement Network (GPEN) “sweep” is a joint study carried out across the world by data protection regulators (including the UK’s ICO). This year the study looked at how organisations have taken responsibility for complying with data protection laws, particularly the core concepts of accountability (which of course was key GDPR change). …

Read moreReview of data protection compliance indicates room for improvement

EDPB confirms status of EU-UK data flows in a no-deal scenario

EDBP publishes no-deal Brexit opinion

At it’s Seventh Plenary Session, the European Data Protection Board (EDPB) adopted a note on data transfers under the GDPR in the event of a n0-deal Brexit. The EDPB, who work towards a consistent approach to data protection application across Europe (replacing the old Article 29 Working Party) and is made up of representatives from …

Read moreEDPB confirms status of EU-UK data flows in a no-deal scenario