Who’s looking after your data protection compliance?

Data protection never takes a holiday

In March 2019 a First-tier Tribunal was held between Farrow and Ball Ltd and the Information Commissioner’s Office (ICO). In its work to chase down organisations that are not paying the new data protection fee (as required by the Data Protection (Charges and Information) Regulations 2018 which came into force in UK law at the same …

Read moreWho’s looking after your data protection compliance?

Calls for views on data protection for journalists code

ICO consults on journalism code

The ICO are seeking views on a data protection code of practice for journalists use of personal data. In a blog article the ICO speaks about the rights of individuals’ data applying to journalism just as for any other purpose, but noting “protecting freedom of expression, and the inherent public interest in a free press, …

Read moreCalls for views on data protection for journalists code

ICO updates its GDPR certification guidance

GDPR certificaton schemes

The Information Commissioner’s Office has updated its guidance regarding certification schemes under GDPR. Section 5 of the GDPR sets out approaches towards codes of conduct and certification, with Article 42 specifically addressing certification. Simply put the regulation suggests the implementation of data protection certification schemes to provide a way for data controllers and processors to …

Read moreICO updates its GDPR certification guidance

£80k fine and enforcement notice for TPS and consent infringements by funeral plan firm

fine for TPS breach

The ICO has fined a funeral plan firm (Avalon Direct Ltd), £80,000 for breaches of the Privacy and Electronic Communications Regulations 2003 (PECR) for failure to meet the requirements relating to cold calling (unsolicited phone calls). In the case, Avalon, had used call data from a third-party to call up over 52,000 people who were registered …

Read more£80k fine and enforcement notice for TPS and consent infringements by funeral plan firm

ICO consults on age appropriate design code of practice

ICO consults on children code of practice

The Information Commissioner’s Office (ICO) has published a draft Code of Practice for online service providers which are used by children to protect children’s data rights. The Code provides practical guidance about designing in “data protection safeguards into online services to ensure they are appropriate for use by, and meet the development needs of, children.” The …

Read moreICO consults on age appropriate design code of practice

ICO fine pregnancy and parenting club £400k for unlawful sharing of member data

400k fine for Bounty

Bounty (UK) Limited have been fined £400,000 by the ICO for unlawfully sharing personal data with third-parties. Whilst the data subjects were asked to opt into receiving third-party marketing materials, it was not made clear that Bounty may also share their data with other types of business. As well as operating as a pregnancy and …

Read moreICO fine pregnancy and parenting club £400k for unlawful sharing of member data

£120k fine for TV company for data protection breaches at maternity clinic

tv production company fined by ico

The ICO has issued a fine of £120,000 to True Visions Productions for breaches of data protection legislation. The case involves the company recording patients at a maternity clinic at a Cambridge hospital. They set up CCTV style cameras to record patients in the clinics. None of the footage that was recorded was viewed by any …

Read more£120k fine for TV company for data protection breaches at maternity clinic

Have you suffered as a result of a data breach? You may be due compensation

have you suffered due to a breach

Slightly reminiscent of the “have you had an accident at work that wasn’t your fault” campaigns of injury lawyers, a law firm in Widnes has filed a lawsuit against Ticketmaster in relation to a security breach it suffered on the Live Nation website last year. Hayes Connor Solicitors are asking for anyone affected by the …

Read moreHave you suffered as a result of a data breach? You may be due compensation

£145k fine for data sharing process failings

ICO fine council for gang matrix breach

In April 2019 the ICO issued a fine for £145,000 to the London Borough of Newham for unlawfully disclosing personal data of more than 200 individuals who were featured on the Metropolitan Polices “Gang Matrix” intelligence database. The data in redacted and unredacted forms were shared with 44 recipients including external organisations and voluntary agencies. It’s …

Read more£145k fine for data sharing process failings

First GDPR fine in Poland for breach of Article 14 of the GDPR

GDPR fine for Article 14 breach

The Polish data protection authority (UODO) has fined a company PLN943k (about £188k) for failure to inform data subjects about how they came to have their data and how they were planning on processing it (Article 14 of the GDPR). Article 14 is part of the GDPR’s “right to be informed” provisions that require you …

Read moreFirst GDPR fine in Poland for breach of Article 14 of the GDPR