The importance of knowing your service messages from your marketing messages

EE fine service message marketing

The £100,000 fine of telecoms company EE from the ICO for sending over 2.5 million direct marketing messages to customers who had opted-out is a stark reminder that you mustn’t mix your service messages from your marketing messages. Or more importantly, make sure you are clear whether something is a marketing message and don’t market to …

Read moreThe importance of knowing your service messages from your marketing messages

Why accountability is important in data protection

data protection accountability and responsibility

When the GDPR came into force (almost a year ago) it introduced a new data protection principle (or rule): Accountability. The accountability principle essentially says it’s not good enough that you think you’re compliant with data protection laws, you have to prove it.  It’s spread throughout the GDPR: Documentary evidence of processing activities Contracts between …

Read moreWhy accountability is important in data protection

Who’s looking after your data protection compliance?

Data protection never takes a holiday

In March 2019 a First-tier Tribunal was held between Farrow and Ball Ltd and the Information Commissioner’s Office (ICO). In its work to chase down organisations that are not paying the new data protection fee (as required by the Data Protection (Charges and Information) Regulations 2018 which came into force in UK law at the same …

Read moreWho’s looking after your data protection compliance?

Calls for views on data protection for journalists code

ICO consults on journalism code

The ICO are seeking views on a data protection code of practice for journalists use of personal data. In a blog article the ICO speaks about the rights of individuals’ data applying to journalism just as for any other purpose, but noting “protecting freedom of expression, and the inherent public interest in a free press, …

Read moreCalls for views on data protection for journalists code

ICO updates its GDPR certification guidance

GDPR certificaton schemes

The Information Commissioner’s Office has updated its guidance regarding certification schemes under GDPR. Section 5 of the GDPR sets out approaches towards codes of conduct and certification, with Article 42 specifically addressing certification. Simply put the regulation suggests the implementation of data protection certification schemes to provide a way for data controllers and processors to …

Read moreICO updates its GDPR certification guidance

How are you ensuring your ongoing GDPR compliance?

ensuring your ongoing GDPR compliance

When the GDPR came into force in May 2018 it introduced the principle of accountability – the data protection rule that requires you to be able to demonstrate you’re compliant. And whilst lots of businesses put in the effort to ensure they were compliant by the May deadline, GDPR compliance didn’t stop there. Article 24 …

Read moreHow are you ensuring your ongoing GDPR compliance?

£80k fine and enforcement notice for TPS and consent infringements by funeral plan firm

fine for TPS breach

The ICO has fined a funeral plan firm (Avalon Direct Ltd), £80,000 for breaches of the Privacy and Electronic Communications Regulations 2003 (PECR) for failure to meet the requirements relating to cold calling (unsolicited phone calls). In the case, Avalon, had used call data from a third-party to call up over 52,000 people who were registered …

Read more£80k fine and enforcement notice for TPS and consent infringements by funeral plan firm

ICO consults on age appropriate design code of practice

ICO consults on children code of practice

The Information Commissioner’s Office (ICO) has published a draft Code of Practice for online service providers which are used by children to protect children’s data rights. The Code provides practical guidance about designing in “data protection safeguards into online services to ensure they are appropriate for use by, and meet the development needs of, children.” The …

Read moreICO consults on age appropriate design code of practice

ICO fine pregnancy and parenting club £400k for unlawful sharing of member data

400k fine for Bounty

Bounty (UK) Limited have been fined £400,000 by the ICO for unlawfully sharing personal data with third-parties. Whilst the data subjects were asked to opt into receiving third-party marketing materials, it was not made clear that Bounty may also share their data with other types of business. As well as operating as a pregnancy and …

Read moreICO fine pregnancy and parenting club £400k for unlawful sharing of member data