Are you going to be audited by the ICO?

Could the ICO audit us

Article 58 of the GDPR gives data protection authorities (the national data protection regulators – ours is the Information Commissioner’s Office (ICO)) the power to carry out investigations in the form of compulsory data protection audits. The idea is that such audits enable the regulator to assess an organisation’s data and privacy compliance. What’s the …

Read moreAre you going to be audited by the ICO?

ICO fact-finding on data protection in adtech

ico to look at adtech data protection

There’s been a lot of noise recently around the use of personal data in adtech (advertising tech) including cases like the Google £44m fine from a few weeks ago, and not forgetting of course the Facebook/Cambridge Analytica scandal, so it’s probably no surprise that the ICO is launching a “fact-finding forum” where they’ll be inviting …

Read moreICO fact-finding on data protection in adtech

And so, a new era in data protection begins

GDPR is here

It’s a date that’s been in everyone’s minds for some time whether it’s because you’re a business targeting it as the deadline to complete your GDPR compliance project, or a consumer being bombarded by “we need to re-seek your consent” emails. The 25th May is here – the day the EU’s General Data Protection Regulation …

Read moreAnd so, a new era in data protection begins

ICO clarifies what’s going to happen with registration

registration fee

One of the regulatory requirements missing from the General Data Protection Regulation (GDPR) is the requirement to register your data processing activities with a supervisory authority (the ICO in the UK). Under the current regime of the Data Protection Act 1998 there is both a requirement to register and pay a fee to the ICO. The …

Read moreICO clarifies what’s going to happen with registration

Royal Free & Google DeepMind trial failed to comply with data protection law

data protection

The ICO has published its ruling on the Royal Free NHS Trust sharing of patient data with Deep Mind (a Google owned AI company). The data (1.6m records) had been shared as part of a trial to test an alert, diagnosis and detection system for acute kidney injury, but the ICO did not believe the patients …

Read moreRoyal Free & Google DeepMind trial failed to comply with data protection law

ICO issues fine for email marketing breach

latest compliance news posts

The ICO has issued a fine to Morrison Supermarkets for sending marketing consent emails to over 130k email addresses where the subjects had previously opted-out of marketing. Remember that even under the current data protection and privacy regimes you must have consent to send marketing materials. There will be no change to this with the GDPR, …

Read moreICO issues fine for email marketing breach

When B2B data is personal data and what that means with the GDPR

business data processing

Data protection in the UK is changing thanks to the European General Data Protection Regulation (the GDPR). Just like the Data Protection Act 1998 the GDPR deals with personal data, data relating to a living individual rather than a corporate entity. The mere mention of “personal data” is usually enough for B2B’ers to think it …

Read moreWhen B2B data is personal data and what that means with the GDPR