Is this the end of US Privacy Shield?

EU-US Privacy Shield

Last week the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) called on the EU Commission to suspend the EU-US Privacy Shield agreement, saying Privacy Shield doesn’t provide enough protection for EU citizens’ data. What’s Privacy Shield? Privacy Shield was adopted in 2016, replacing the previous agreement (Safe Harbor) which had been determined in 2015, to be inadequate in meeting EU standards of data protection. In essence the Privacy Shield provides the grounds by which US businesses can […]

And so, a new era in data protection begins

GDPR is here

It’s a date that’s been in everyone’s minds for some time whether it’s because you’re a business targeting it as the deadline to complete your GDPR compliance project, or a consumer being bombarded by “we need to re-seek your consent” emails. The 25th May is here – the day the EU’s General Data Protection Regulation (GDPR) comes into force. It impacts any business or organisation operating in the UK that is processing personal data, and updates the previous EU Data […]

Data Protection Bill to receive Royal Assent 23rd May


According to the Parliament website both the House of Commons and House of Lords have agreed on the text of the Data Protection Bill which now awaits Royal Assent, which is scheduled for tomorrow (23rd May 2018). The Bill will become the Data Protection Act 2018. It’s main aims are to: implement the GDPR into UK law set out how the UK applies the derogations available under the GDPR bring the Law Enforcement Directive into UK law update the laws […]

ICO publish consent guidance and update cookie consent rules

consent and cookies

We’ve been waiting for some time, for the Information Commissioner’s Office (ICO) to publish it’s final consent guidance. It’s been in draft since March last year and waiting on the Article 29 Working Party’s own guidance. Last week however, they published their final guidance. You can read it here: There’s not many differences from the original draft from last year other than the removal of the time limit on how long consent lasts – they were indicating probably around 2 […]

EU’s Article 29 Working Party publishes consent guidance


EU guidance on the consent rules in GDPR have now been published by the Article 29 Working Party. The guidance covers how consent works from a GDPR perspective including how to interpret “freely given”, “specific”, “informed” and “detriment”. It also adds some clarity about how to collect explicit consent is required. There’s not much in here that should come as a surprise, but hopefully the fact this is now published, should hopefully be an indication that the ICO’s own consent […]

WordPress 4.9.5 security release


On April 3rd WordPress released a security update to the WordPress core. Described as “the core team’s ongoing commitment to security hardening” the new released, 4.9.5, fixes three security issues. You are strongly urged to make sure you update to this latest version, which you may have to do manually if: You don’t have automatic updates turned on (your web developer may have turned it off) You have a problem with auto-updates caused by the v4.9.3 bug (fixed by 4.9.4) […]

Highly critical Drupal code security alert

Drupal Notice

The Drupal team have published a highly critical update to the Drupal core which they say plugs a vulnerability that “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.” The vulnerability is within multiple subsystems of Drupal 7.x and 8.x and is severe enough that patches have been released for some unsupported versions. If you’re running Drupal for your website you are strongly urged to upgrade or patch […]

Now with added GDPR policies


We have for sometime been offering some GDPR policies for members to adapt for their own needs. Now that suite has been updated with even more. Now you can download policy templates for: Data Protection Policy Data Protection Marketing Compliance Policy Data Protection Breach Policy Subject Access Request Policy GDPR & IT Security Policy Privacy Notice All the policies are free to Hub subscribers, but you will need to have been using the Hub for at least 14 days before […]

Legitimate Interest guidance published

legitimate interest

The Information Commissioners’ Office (ICO) has published detailed guidance on the use of legitimate interests as the lawful basis for processing. The guidance sets out details about legitimate interest, when you can use it and how to use a legitimate interest impact assessment (LIA) to determine whether it is lawful for you to process data as a legitimate interest. Fundamentally there is little change under GDPR in terms of legitimate interest but the GDPR’s principles of transparency and accountability mean […]

ICO Publishes DPIA Guidance consultation

GDPR transparency

The ICO has published draft guidance on the use of Data Protection Impact Assessments (DPIA), a tool used to assess the risks of processing personal data. The UK has had Privacy Impact Assessments (PIA) for some time as best practice but the GDPR enforces the need for DPIA in certain circumstances. The draft guidance: Covers what’s expected when you carry out a DPIA as well as information about what they are and in what circumstances you would use them How […]