ICO -v- SCL Elections case highlights data protection applies to non-EU citizens too

ICO data protection enforcement

The ICO have taken SCL Elections Ltd (AKA Cambridge Analytica) to court, and won, over a failure to comply with an enforcement notice issued to the company back in May 2018 further to a complaint and investigation that took place towards the end of 2017. Whilst Cambridge Analytica is probably best known for it’s part …

Read moreICO -v- SCL Elections case highlights data protection applies to non-EU citizens too

Is “do I need a DPO?” the right question?

Do I need a DPO?

When the GDPR came into force back in May last year one of the changes introduced was the concept of having a Data Protection Officer of DPO. Whilst for some organisations a DPO is now compulsory, there’s an argument for most organisations having a DPO (of some kind), mandated or not. Those mandated to have …

Read moreIs “do I need a DPO?” the right question?

Personal director liability under PECR introduced

On 17th December 2o18 a new PECR amendment regulation (Privacy and Electronic Communications (Amendment) Regulations 2018) came into force. The updated regulation extends the powers of the Information Commissioner’s Office (ICO) to enable them to fine “officers” of data controllers for breaches of the Regulation relating to electronic marketing including unsolicited marketing, automated calling, etc. …

Read morePersonal director liability under PECR introduced

ICO continues with its fee chasing: care homes on the ICO radar

ICO fines for not paying fee

Back in November 2018, the ICO issued a number of fines to organisations who failed to register under the new data protection fee scheme. Action for failure to register looks set to continue as last month the ICO issued a warning to care home services, highlighting “All organisations that are required to pay the data …

Read moreICO continues with its fee chasing: care homes on the ICO radar

Data compliance: 2019 and beyond (some predictions)

data compliance predictions 2019

From a data compliance perspective, 2018 has been quite a year thanks to the General Data Protection Regulation (GDPR). Christmas Day will mark 7 months since GDPR and the UK’s Data Protection Act 2018 (implementing the GDPR) became law in the UK. The run up to the GDPR d-day in May certainly bought data protection …

Read moreData compliance: 2019 and beyond (some predictions)

ICO issues £200k fine for unsolicited text messages without valid consent

The Information Commissioner’s Office (ICO) has issued a £200,000 fine to Tax Return Limited (“TRL”) for sending out 14.8m unsolicited marketing text messages (which generated 2146 complaints). The Privacy and Electronic Communications Regulation 2003 (PECR) only permit the sending of marketing emails or text messages if the recipient consents to receiving the messages or is a …

Read moreICO issues £200k fine for unsolicited text messages without valid consent

Which? highlights retailers breaching data protection and privacy laws with their e-receipts

marketing and e-receipts

Research from consumer rights guardian Which? has highlighted the data protection dangers of e-receipts and that some retailers are in breach of data protection and privacy rules when it comes to using them to direct market. Which? sent mystery shoppers to various high street brands and asked to receive e-receipts but with no marketing. However, …

Read moreWhich? highlights retailers breaching data protection and privacy laws with their e-receipts

ICO publishes detailed guidance on the controller-processor relationship

controller processor responsibilities GDPR

Back in September 2017 the ICO published some draft guidance for consultation setting out their views on how to interpret Chapter IV (including Article 28) of the GDPR. Chapter IV of the GDPR sets out responsibilities of Data Controllers and Data Processors. Whilst the general responsibility of a Data Controller is to apply the data …

Read moreICO publishes detailed guidance on the controller-processor relationship

ICO issues fines to organisations who failed to pay the new data protection fee

ICO fines for not paying fee

This week the ICO fined a number of organisations for failure to pay the new data protection fee. The new fee structure came into place on 25 May 2018 when the Data Protection (Charges and Information) Regulations 2018 came into force, changing the way the ICO funds its data protection work. The new Regulations require all …

Read moreICO issues fines to organisations who failed to pay the new data protection fee

What your business can learn from the ICO investigation of Uber

ico fines uber data breach

The ICO have published the conclusions of their investigation into Uber, who, back in 2016 suffered a data breach affecting around 2.7 million UK customers and 82,000 drivers. The ICO have issued a fine of £385,000 to Uber for what it sees as “avoidable data security flaws” allowing unauthorised access to the data and failings …

Read moreWhat your business can learn from the ICO investigation of Uber