How are you ensuring your ongoing GDPR compliance?

ensuring your ongoing GDPR compliance

When the GDPR came into force in May 2018 it introduced the principle of accountability – the data protection rule that requires you to be able to demonstrate you’re compliant. And whilst lots of businesses put in the effort to ensure they were compliant by the May deadline, GDPR compliance didn’t stop there. Article 24 …

Read moreHow are you ensuring your ongoing GDPR compliance?

£80k fine and enforcement notice for TPS and consent infringements by funeral plan firm

fine for TPS breach

The ICO has fined a funeral plan firm (Avalon Direct Ltd), £80,000 for breaches of the Privacy and Electronic Communications Regulations 2003 (PECR) for failure to meet the requirements relating to cold calling (unsolicited phone calls). In the case, Avalon, had used call data from a third-party to call up over 52,000 people who were registered …

Read more£80k fine and enforcement notice for TPS and consent infringements by funeral plan firm

ICO consults on age appropriate design code of practice

ICO consults on children code of practice

The Information Commissioner’s Office (ICO) has published a draft Code of Practice for online service providers which are used by children to protect children’s data rights. The Code provides practical guidance about designing in “data protection safeguards into online services to ensure they are appropriate for use by, and meet the development needs of, children.” The …

Read moreICO consults on age appropriate design code of practice

ICO fine pregnancy and parenting club £400k for unlawful sharing of member data

400k fine for Bounty

Bounty (UK) Limited have been fined £400,000 by the ICO for unlawfully sharing personal data with third-parties. Whilst the data subjects were asked to opt into receiving third-party marketing materials, it was not made clear that Bounty may also share their data with other types of business. As well as operating as a pregnancy and …

Read moreICO fine pregnancy and parenting club £400k for unlawful sharing of member data

£120k fine for TV company for data protection breaches at maternity clinic

tv production company fined by ico

The ICO has issued a fine of £120,000 to True Visions Productions for breaches of data protection legislation. The case involves the company recording patients at a maternity clinic at a Cambridge hospital. They set up CCTV style cameras to record patients in the clinics. None of the footage that was recorded was viewed by any …

Read more£120k fine for TV company for data protection breaches at maternity clinic

Have you suffered as a result of a data breach? You may be due compensation

have you suffered due to a breach

Slightly reminiscent of the “have you had an accident at work that wasn’t your fault” campaigns of injury lawyers, a law firm in Widnes has filed a lawsuit against Ticketmaster in relation to a security breach it suffered on the Live Nation website last year. Hayes Connor Solicitors are asking for anyone affected by the …

Read moreHave you suffered as a result of a data breach? You may be due compensation

£145k fine for data sharing process failings

ICO fine council for gang matrix breach

In April 2019 the ICO issued a fine for £145,000 to the London Borough of Newham for unlawfully disclosing personal data of more than 200 individuals who were featured on the Metropolitan Polices “Gang Matrix” intelligence database. The data in redacted and unredacted forms were shared with 44 recipients including external organisations and voluntary agencies. It’s …

Read more£145k fine for data sharing process failings

Data ethics – why data processing is about more than data protection

the rise in ai and data protection and data ethics

When we talk about the processing of data we usually think about data protection or the GDPR and how it applies to the lawful processing of the data. Of course, data protection regulation is all about the processing of personal data, data that can identify an individual, and whilst some of the complexities of data …

Read moreData ethics – why data processing is about more than data protection

Are you being asked to sign model clauses because of Brexit?

signing model clauses because of brexit

As the Brexit turmoil continues in the UK with the UK government still to agree on an appropriate way forward, EEA businesses are gearing up for a no-deal Brexit. When that comes to data protection, as we’ve discussed before, Brexit, particularly a no-deal Brexit could have implications for your businesses if you’re processing EU citizen’s data …

Read moreAre you being asked to sign model clauses because of Brexit?

First GDPR fine in Poland for breach of Article 14 of the GDPR

GDPR fine for Article 14 breach

The Polish data protection authority (UODO) has fined a company PLN943k (about £188k) for failure to inform data subjects about how they came to have their data and how they were planning on processing it (Article 14 of the GDPR). Article 14 is part of the GDPR’s “right to be informed” provisions that require you …

Read moreFirst GDPR fine in Poland for breach of Article 14 of the GDPR