First significant GDPR fine hits Google (£44m)

Google fined for consent issues

The French data regulator, CNIL, (the French equivalent of the UK’s ICO) has fined Google €50m, a record when it comes to data protection fines. The fine follows an investigation after a complaint from privacy rights groups noyb and La Quadrature du Net in May last year about the way consent is collected by Google, for …

Read moreFirst significant GDPR fine hits Google (£44m)

When should Data Controllers be auditing their Processors?

third-party data processor due diligence checks

Whilst there has always been a responsibility on Data Controllers (those who collect and determine how personal data is processed) to ensure that their Data Processors (organisations actually doing the processing on the request of the Controller) are compliant (particularly with security) the GDPR upped the liabilities and responsibilities of both Controllers and Processors. Specifically …

Read moreWhen should Data Controllers be auditing their Processors?

ICO issues £200k fine for unsolicited text messages without valid consent

The Information Commissioner’s Office (ICO) has issued a £200,000 fine to Tax Return Limited (“TRL”) for sending out 14.8m unsolicited marketing text messages (which generated 2146 complaints). The Privacy and Electronic Communications Regulation 2003 (PECR) only permit the sending of marketing emails or text messages if the recipient consents to receiving the messages or is a …

Read moreICO issues £200k fine for unsolicited text messages without valid consent

EU Blockchain Forum publish “Blockchain and the GDPR” paper

Blockchain and GDPR

The EU Blockchain Forum, an EU forum set up to ” accelerate blockchain innovation and the development of the blockchain ecosystem within the EU, and so help cement Europe’s position as a global leader in this transformative new technology”, has just published a “thematic report” on how blockchain technology fits with the principles and laws of …

Read moreEU Blockchain Forum publish “Blockchain and the GDPR” paper

And so, a new era in data protection begins

GDPR is here

It’s a date that’s been in everyone’s minds for some time whether it’s because you’re a business targeting it as the deadline to complete your GDPR compliance project, or a consumer being bombarded by “we need to re-seek your consent” emails. The 25th May is here – the day the EU’s General Data Protection Regulation …

Read moreAnd so, a new era in data protection begins

EU’s Article 29 Working Party publishes consent guidance

EU GDPR

EU guidance on the consent rules in GDPR have now been published by the Article 29 Working Party. The guidance covers how consent works from a GDPR perspective including how to interpret “freely given”, “specific”, “informed” and “detriment”. It also adds some clarity about how to collect explicit consent is required. There’s not much in …

Read moreEU’s Article 29 Working Party publishes consent guidance

Draft Data Protection (Charges and Information) Regulations 2018

Regulation

Draft Regulations on the ICO registration fees were laid before Parliament on the 20th February. These draft regulations will come into force on 25th May (to coincide with the General Data Protection Regulation (GDPR)). The new Regulations set out the ICO registration fee scheme including the fee structure: Tier 1 – micro organisations You have …

Read moreDraft Data Protection (Charges and Information) Regulations 2018

ICO publishes draft guidance on the Controller – Processor relationship

consultation guidance

Chapter IV of the GDPR sets out responsibilities of Data Controllers and Data Processors. Whilst the general responsibility of a Data Controller is to apply the data protection principles to their business and uphold the GDPR from a compliance perspective, this section of the GDPR also sets out strict controls around the Controller and Processor …

Read moreICO publishes draft guidance on the Controller – Processor relationship