When should Data Controllers be auditing their Processors?

third-party data processor due diligence checks

Whilst there has always been a responsibility on Data Controllers (those who collect and determine how personal data is processed) to ensure that their Data Processors (organisations actually doing the processing on the request of the Controller) are compliant (particularly with security) the GDPR upped the liabilities and responsibilities of both Controllers and Processors. Specifically …

Read moreWhen should Data Controllers be auditing their Processors?

ICO -v- SCL Elections case highlights data protection applies to non-EU citizens too

ICO data protection enforcement

The ICO have taken SCL Elections Ltd (AKA Cambridge Analytica) to court, and won, over a failure to comply with an enforcement notice issued to the company back in May 2018 further to a complaint and investigation that took place towards the end of 2017. Whilst Cambridge Analytica is probably best known for it’s part …

Read moreICO -v- SCL Elections case highlights data protection applies to non-EU citizens too

Is “do I need a DPO?” the right question?

Do I need a DPO?

When the GDPR came into force back in May last year one of the changes introduced was the concept of having a Data Protection Officer of DPO. Whilst for some organisations a DPO is now compulsory, there’s an argument for most organisations having a DPO (of some kind), mandated or not. Those mandated to have …

Read moreIs “do I need a DPO?” the right question?

Personal director liability under PECR introduced

On 17th December 2o18 a new PECR amendment regulation (Privacy and Electronic Communications (Amendment) Regulations 2018) came into force. The updated regulation extends the powers of the Information Commissioner’s Office (ICO) to enable them to fine “officers” of data controllers for breaches of the Regulation relating to electronic marketing including unsolicited marketing, automated calling, etc. …

Read morePersonal director liability under PECR introduced

What’s new on the Hub: January 2019

Digital Compliance Updates

Here’s an overview of new content and features added to the Hub in the last month New Controller & Processor relationship section What you need to know articles How to carry out due diligence guide Third-party data processing agreement templates (controller and processor) Compliance poster Due diligence checklist Are you compliant? interactive checklist Is my …

Read moreWhat’s new on the Hub: January 2019

ICO continues with its fee chasing: care homes on the ICO radar

ICO fines for not paying fee

Back in November 2018, the ICO issued a number of fines to organisations who failed to register under the new data protection fee scheme. Action for failure to register looks set to continue as last month the ICO issued a warning to care home services, highlighting “All organisations that are required to pay the data …

Read moreICO continues with its fee chasing: care homes on the ICO radar

Data compliance: 2019 and beyond (some predictions)

data compliance predictions 2019

From a data compliance perspective, 2018 has been quite a year thanks to the General Data Protection Regulation (GDPR). Christmas Day will mark 7 months since GDPR and the UK’s Data Protection Act 2018 (implementing the GDPR) became law in the UK. The run up to the GDPR d-day in May certainly bought data protection …

Read moreData compliance: 2019 and beyond (some predictions)

ICO issues £200k fine for unsolicited text messages without valid consent

The Information Commissioner’s Office (ICO) has issued a £200,000 fine to Tax Return Limited (“TRL”) for sending out 14.8m unsolicited marketing text messages (which generated 2146 complaints). The Privacy and Electronic Communications Regulation 2003 (PECR) only permit the sending of marketing emails or text messages if the recipient consents to receiving the messages or is a …

Read moreICO issues £200k fine for unsolicited text messages without valid consent

Which? highlights retailers breaching data protection and privacy laws with their e-receipts

marketing and e-receipts

Research from consumer rights guardian Which? has highlighted the data protection dangers of e-receipts and that some retailers are in breach of data protection and privacy rules when it comes to using them to direct market. Which? sent mystery shoppers to various high street brands and asked to receive e-receipts but with no marketing. However, …

Read moreWhich? highlights retailers breaching data protection and privacy laws with their e-receipts

ICO publishes detailed guidance on the controller-processor relationship

controller processor responsibilities GDPR

Back in September 2017 the ICO published some draft guidance for consultation setting out their views on how to interpret Chapter IV (including Article 28) of the GDPR. Chapter IV of the GDPR sets out responsibilities of Data Controllers and Data Processors. Whilst the general responsibility of a Data Controller is to apply the data …

Read moreICO publishes detailed guidance on the controller-processor relationship