ICO 2017-18 Annual Report: Data protection complaints and breach reports up

ICO annual report increase

  The Information Commissioner’s Office has published their 2017-2018 Annual Report (covering the 12 months leading up to 31st March 2018) highlighting an increase in activities and some challenging activities. The report is the ICO’s annual report to parliament as required by the Data Protection Act 1998. Bearing in mind that it covers the year in the lead up to the GDPR deadline (25th May) and so doesn’t cover any impact (initial or long term), it still presents some interesting […]

EU and Japan agree data protection adequacy

Japan EU Adequacy

  This week the EU and Japan have agreed to recognise each others data protection regulations as “adequate” meaning that once the formalities are completed (later this year), Japan will be added to the list of non-EU countries who have adequate data protection regimes. The GDPR and the Data Protection Directive before it, puts in place restrictions on the transfer of personal data outside the EU. Transfer only being allowed when the country where the data will be processed: Has […]

WordPress 4.9.7 security release


If you’re running WordPress for your website you’ll want to make sure you update to the latest version, 4.9.7 which fixes a security vulnerability whereby certain users could delete files from outside the upload folder. If you’ve not already, you are advised to update. For more information including details of a number of bug fixes, visit the WordPress site. Wondering why we report on WordPress security updates? WordPress usage accounts for up to 60% of the CMS (Content Management System) […]

DCMS consults on data protection fee exemptions


The Department for Culture, Media and Sport (DCMS) has published a consultation on exemptions under the Data Protection Act 2018 from paying a registration fee to the ICO. Under the old Data Protection Act 1998 there were obligations to notify the ICO if you process data, unless an exemption applied. Under the GDPR, which the new (2018) Act implements there are no such conditions for registration, but the new Data Protection (Charges and Information) Regulations, which came into force on […]

Is this the end of US Privacy Shield?

EU-US Privacy Shield

Last week the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) called on the EU Commission to suspend the EU-US Privacy Shield agreement, saying Privacy Shield doesn’t provide enough protection for EU citizens’ data. What’s Privacy Shield? Privacy Shield was adopted in 2016, replacing the previous agreement (Safe Harbor) which had been determined in 2015, to be inadequate in meeting EU standards of data protection. In essence the Privacy Shield provides the grounds by which US businesses can […]

And so, a new era in data protection begins

GDPR is here

It’s a date that’s been in everyone’s minds for some time whether it’s because you’re a business targeting it as the deadline to complete your GDPR compliance project, or a consumer being bombarded by “we need to re-seek your consent” emails. The 25th May is here – the day the EU’s General Data Protection Regulation (GDPR) comes into force. It impacts any business or organisation operating in the UK that is processing personal data, and updates the previous EU Data […]

Data Protection Bill to receive Royal Assent 23rd May


According to the Parliament website both the House of Commons and House of Lords have agreed on the text of the Data Protection Bill which now awaits Royal Assent, which is scheduled for tomorrow (23rd May 2018). The Bill will become the Data Protection Act 2018. It’s main aims are to: implement the GDPR into UK law set out how the UK applies the derogations available under the GDPR bring the Law Enforcement Directive into UK law update the laws […]

ICO publish consent guidance and update cookie consent rules

consent and cookies

We’ve been waiting for some time, for the Information Commissioner’s Office (ICO) to publish it’s final consent guidance. It’s been in draft since March last year and waiting on the Article 29 Working Party’s own guidance. Last week however, they published their final guidance. You can read it here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/consent/. There’s not many differences from the original draft from last year other than the removal of the time limit on how long consent lasts – they were indicating probably around 2 […]

EU’s Article 29 Working Party publishes consent guidance


EU guidance on the consent rules in GDPR have now been published by the Article 29 Working Party. The guidance covers how consent works from a GDPR perspective including how to interpret “freely given”, “specific”, “informed” and “detriment”. It also adds some clarity about how to collect explicit consent is required. There’s not much in here that should come as a surprise, but hopefully the fact this is now published, should hopefully be an indication that the ICO’s own consent […]

WordPress 4.9.5 security release


On April 3rd WordPress released a security update to the WordPress core. Described as “the core team’s ongoing commitment to security hardening” the new released, 4.9.5, fixes three security issues. You are strongly urged to make sure you update to this latest version, which you may have to do manually if: You don’t have automatic updates turned on (your web developer may have turned it off) You have a problem with auto-updates caused by the v4.9.3 bug (fixed by 4.9.4) […]