German data protection regulator issues €9.5m fine for security failings

GDPR verify identity

The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) has issued 1&1 Telecom with a €9,550,000 fine for security failings (English translation) in its customer services department. BfDI found that 1&1 had not put in place appropriate organisational and technical measures (Article 32 of GDPR) to ensure customer data was protected after it discovered …

Read moreGerman data protection regulator issues €9.5m fine for security failings

Did you think the ePrivacy Regulation was dead? Think again

eprivacy regulation back

Back in the months leading upto GDPRmaggedon there was talk of a new ePrivacy Regulation that would replace PECR in the UK and streamline cookie and electronic marketing rules (along with some other stuff) and that this would come into force at the same time of GDPR, making a tidy transition to a new GDPR …

Read moreDid you think the ePrivacy Regulation was dead? Think again

ICO publishes new guidance on special category data

GDPR special category data

The ICO have published new guidance on the the processing of special category data. Special category data is data considered to be more sensitive and therefore requiring extra protection. This includes data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (when used for ID purposes), …

Read moreICO publishes new guidance on special category data

Third EU review of Privacy Shield confirms continued adequacy

EU US Privacy Shield

The EU-US Privacy Shield decision was adopted in 2016. It protects the personal data rights of EU citizens when their data is processed by US organisations that have signed up to the scheme. This is one of the ways that data can flow outside the EU to the US (the other being via standard contract clauses) …

Read moreThird EU review of Privacy Shield confirms continued adequacy

Latvian “ICO” issues €7k fine for right of erasure failing

right of erasure fine Latvia

The Latvian Data Protection Authority (the Data State Inspectorate of Latvia (DSI)) has issued a fine of €7000 to an online retailer for non-conformity with a data subjects “right to erasure” and not co-operating with the DSI. The individuals’ right to erasure (or right to be forgotten) allows a data subject to request that any …

Read moreLatvian “ICO” issues €7k fine for right of erasure failing

Hubdate: what’s new with the Hub? (September 2019)

Digital Compliance Updates

There’s been some key changes to the way the Digital Compliance Hub provides GDPR and data privacy and security services. If you’re a Hub subscriber, don’t worry, none of these changes affects your service, other than improving it! Digital Compliance Hub services We’ve looked at how best to differentiate the various services that we offer. …

Read moreHubdate: what’s new with the Hub? (September 2019)

What a DPO in the education sector can learn from the latest children and privacy report

report on children and privacy

When the GDPR came into force it introduced specific controls relating to children: If you rely on consent as the lawful basis for processing personal data when offering an online service aimed at children, then you also need parental consent for any child 12 or under (and that means you’ll need a mechanism for identifying …

Read moreWhat a DPO in the education sector can learn from the latest children and privacy report

New WordPress version patches a number of security vulnerabilities

WordPress security updates

An updated version, 5.2.3 (and updates to previous versions also), of WordPress has been released which fixes eight security vulnerabilities. According to WordPress’s changelog the vulnerabilities patched were mainly cross site scripting (XSS) vulnerabilities. More detail on the vulnerabilities and what they mean can be found in this article from Wordfence. If you are using …

Read moreNew WordPress version patches a number of security vulnerabilities

Court says use of facial recognition by South Wales Police lawful

police use of facial recognition

A case brought by an individual, who argued his human right to privacy had been breached along with data protection law, by South Wales Police use of automated facial recognition, has been thrown out by the High Court stating that the Police had followed the rules and their use of facial recognition technology was lawful. …

Read moreCourt says use of facial recognition by South Wales Police lawful