Latvian “ICO” issues €7k fine for right of erasure failing

right of erasure fine Latvia

The Latvian Data Protection Authority (the Data State Inspectorate of Latvia (DSI)) has issued a fine of €7000 to an online retailer for non-conformity with a data subjects “right to erasure” and not co-operating with the DSI. The individuals’ right to erasure (or right to be forgotten) allows a data subject to request that any …

Read moreLatvian “ICO” issues €7k fine for right of erasure failing

Hubdate: what’s new with the Hub? (September 2019)

Digital Compliance Updates

There’s been some key changes to the way the Digital Compliance Hub provides GDPR and data privacy and security services. If you’re a Hub subscriber, don’t worry, none of these changes affects your service, other than improving it! Digital Compliance Hub services We’ve looked at how best to differentiate the various services that we offer. …

Read moreHubdate: what’s new with the Hub? (September 2019)

What a DPO in the education sector can learn from the latest children and privacy report

report on children and privacy

When the GDPR came into force it introduced specific controls relating to children: If you rely on consent as the lawful basis for processing personal data when offering an online service aimed at children, then you also need parental consent for any child 12 or under (and that means you’ll need a mechanism for identifying …

Read moreWhat a DPO in the education sector can learn from the latest children and privacy report

New WordPress version patches a number of security vulnerabilities

WordPress security updates

An updated version, 5.2.3 (and updates to previous versions also), of WordPress has been released which fixes eight security vulnerabilities. According to WordPress’s changelog the vulnerabilities patched were mainly cross site scripting (XSS) vulnerabilities. More detail on the vulnerabilities and what they mean can be found in this article from Wordfence. If you are using …

Read moreNew WordPress version patches a number of security vulnerabilities

Court says use of facial recognition by South Wales Police lawful

police use of facial recognition

A case brought by an individual, who argued his human right to privacy had been breached along with data protection law, by South Wales Police use of automated facial recognition, has been thrown out by the High Court stating that the Police had followed the rules and their use of facial recognition technology was lawful. …

Read moreCourt says use of facial recognition by South Wales Police lawful

Will facial recognition ever be legal?

data protection facial recognition

In August, the Swedish data protection authority (i.e. the Swedish equivalent of the UK’s ICO), the Data Inspectorate, has issued a penalty fee of SEK 200,000 (approx. £16,795) to a High School that trialled the use of facial recognition via camera to record student attendance in a class. Despite the system being used in a …

Read moreWill facial recognition ever be legal?

Announcing the new Hub Helpline Assist service

new Hub Assist services

A problem shared, is a problem halved! We’re always looking for ways to add value for our Hub Helpline subscribers. So, today we’re really pleased to announce that as well as the unlimited email, phone and now online chat support and online resources like checklists, FAQs, policy templates, etc. we’ve launched the new Hub Assist …

Read moreAnnouncing the new Hub Helpline Assist service

When does the clock start ticking for a subject access request?

subject access time limits defined by ICO

On the face of it, it seems quite simple: you get one month to deal with a subject access request (SAR or DSAR); Article 12 of the GDPR states the information should be provided “without undue delay and in any event within one month of receipt of the request“, but exactly when does the month …

Read moreWhen does the clock start ticking for a subject access request?

Five problems with subject access requests and five solutions

5 ways to get subject access requests right

One of the well known individuals’ rights in the GDPR is the right of access or “subject access requests” (or “SAR”s or DSAR (data subject access request)). This is the right which allows a data subject (i.e. the person who’s data an organisation is processing) to ask an organisation whether they are processing personal data …

Read moreFive problems with subject access requests and five solutions

ISO releases new standard for privacy information management

ISO privacy information management

On 6th August the ISO (International Organisation for Standardization) announced what it calls the first international standard for tackling privacy information management. ISO27701 “security techniques for privacy information management” is an extension of the existing ISO27001 (information security) and ISO27002 (information security controls) established standards. Dr Andreas Wolf, Chair of the ISO/IEC technical committee that developed the …

Read moreISO releases new standard for privacy information management