Announcing the new Hub Helpline Assist service

new Hub Assist services

A problem shared, is a problem halved! We’re always looking for ways to add value for our Hub Helpline subscribers. So, today we’re really pleased to announce that as well as the unlimited email, phone and now online chat support and online resources like checklists, FAQs, policy templates, etc. we’ve launched the new Hub Assist …

Read moreAnnouncing the new Hub Helpline Assist service

When does the clock start ticking for a subject access request?

subject access time limits defined by ICO

On the face of it, it seems quite simple: you get one month to deal with a subject access request (SAR or DSAR); Article 12 of the GDPR states the information should be provided “without undue delay and in any event within one month of receipt of the request“, but exactly when does the month …

Read moreWhen does the clock start ticking for a subject access request?

Five problems with subject access requests and five solutions

5 ways to get subject access requests right

One of the well known individuals’ rights in the GDPR is the right of access or “subject access requests” (or “SAR”s or DSAR (data subject access request)). This is the right which allows a data subject (i.e. the person who’s data an organisation is processing) to ask an organisation whether they are processing personal data …

Read moreFive problems with subject access requests and five solutions

ISO releases new standard for privacy information management

ISO privacy information management

On 6th August the ISO (International Organisation for Standardization) announced what it calls the first international standard for tackling privacy information management. ISO27701 “security techniques for privacy information management” is an extension of the existing ISO27001 (information security) and ISO27002 (information security controls) established standards. Dr Andreas Wolf, Chair of the ISO/IEC technical committee that developed the …

Read moreISO releases new standard for privacy information management

Guest blog: the top 12 ways to protect your data with technology

12 ways to protect your data

  This article has been written by Aden Ottewill. Aden is the Managing Director of Prodigy IT Solutions, a Dorset-based managed service provider. With over 18 years working in the IT industry, he’s provided support to hundreds of businesses, and has seen some breath-taking security breaches. Although the Prodigy team now do the fixing, he’s passionate …

Read moreGuest blog: the top 12 ways to protect your data with technology

£160k fine for TPS and transparency failings

TPS fine

A boiler replacement company has been fined £160,000 by the ICO for calling over 850,000 people who had registered with the Telephone Preference Service (TPS) and for transparency failings. The Privacy and Electronic Communications Regulations 2003 (PECR) require businesses to have cleaned their phone number data against the TPS before using the data for live …

Read more£160k fine for TPS and transparency failings

Greek DPA -v- PwC highlights consent not suitable lawful basis for employee data

consent and employee data

The Greek equivalent of the ICO have issued a €150,000 fine of PwC for having the wrong lawful basis for processing for their employee’s data. PwC required employees to consent to the processing of their data when other lawful basis were more applicable; furthermore, PwC had also failed to properly document their lawful basis for …

Read moreGreek DPA -v- PwC highlights consent not suitable lawful basis for employee data

Patient confidentiality -v- data protection, highlight of ICO’s review of Royal Free/Google compliance

ICO to look at duty of confidentiality patient data

The ICO has published information on its review of the Royal Free NHS Foundation Trust and the Trust’s use of the Google DeepMind AI project to analyse patient data. This follows up the case from a couple of years back whereby the Trust were found to be in breach of data protection law as the …

Read morePatient confidentiality -v- data protection, highlight of ICO’s review of Royal Free/Google compliance

Cybersecurity, children’s privacy & marketing practices are main concerns according to ICO privacy tracker survey

Survey shows drop in trust

The ICO have published their Annual Tracker, a survey looking at public perceptions of privacy and data protection. The main aim of this research was: To gauge public perceptions and awareness of how data is shared with and used within organisations and to monitor any change in the trust and confidence in how data is …

Read moreCybersecurity, children’s privacy & marketing practices are main concerns according to ICO privacy tracker survey

EU Court declares website is data controller for Facebook “like” button

EU ruling on facebook like button on websites

The Advocate General has issued an opinion in Case C-40/17 relating to the use of a Facebook “like” button placed on the website of Fashion ID. The opinion sets out who is responsible for the sharing and processing of data. The Court of Justice of the European Union found that when a website features a Facebook “Like” …

Read moreEU Court declares website is data controller for Facebook “like” button