ICO enforcement highlights the cost of ignoring subject access requests

ICO fine for subject access request

Recent enforcement by the ICO against Magnacrest Ltd highlights the cost of ignoring not only your own data subjects, but also the ICO. Magancrest have been fined £300, with a victim surcharge of £30 and costs of £1133.75 for ignoring an enforcement notices from the ICO to deal with a subject access request, after an …

Read moreICO enforcement highlights the cost of ignoring subject access requests

ICO urges better transparency as trust in companies processing data rises slightly

ico report trust confidence data protection

In its annual review on the state of data protection awareness and trust, the ICO’s Annual Track highlights a small increase in trust of companies and organisations processing their data. The research highlights that 34% of people have high trust and confidence, compared to 21% in 2017. However, people seem to be more likely to trust public …

Read moreICO urges better transparency as trust in companies processing data rises slightly

ICO 2017-18 Annual Report: Data protection complaints and breach reports up

ICO annual report increase

  The Information Commissioner’s Office has published their 2017-2018 Annual Report (covering the 12 months leading up to 31st March 2018) highlighting an increase in activities and some challenging activities. The report is the ICO’s annual report to parliament as required by the Data Protection Act 1998. Bearing in mind that it covers the year …

Read moreICO 2017-18 Annual Report: Data protection complaints and breach reports up

DCMS consults on data protection fee exemptions

consultation

The Department for Culture, Media and Sport (DCMS) has published a consultation on exemptions under the Data Protection Act 2018 from paying a registration fee to the ICO. Under the old Data Protection Act 1998 there were obligations to notify the ICO if you process data, unless an exemption applied. Under the GDPR, which the …

Read moreDCMS consults on data protection fee exemptions

ICO Publishes DPIA Guidance consultation

GDPR transparency

The ICO has published draft guidance on the use of Data Protection Impact Assessments (DPIA), a tool used to assess the risks of processing personal data. The UK has had Privacy Impact Assessments (PIA) for some time as best practice but the GDPR enforces the need for DPIA in certain circumstances. The draft guidance: Covers …

Read moreICO Publishes DPIA Guidance consultation

Draft Data Protection (Charges and Information) Regulations 2018

Regulation

Draft Regulations on the ICO registration fees were laid before Parliament on the 20th February. These draft regulations will come into force on 25th May (to coincide with the General Data Protection Regulation (GDPR)). The new Regulations set out the ICO registration fee scheme including the fee structure: Tier 1 – micro organisations You have …

Read moreDraft Data Protection (Charges and Information) Regulations 2018

ICO launches dedicated GDPR advice line

GDPR phone helpline

On the 1st November, the Information Commissioner’s Office (ICO) launched a dedicated support helpline for SMEs and charities needing help with the new GDPR data protection changes that are coming next year. The ICO say “the phone service is aimed at people running small businesses or charities and recognises the particular problems they face getting …

Read moreICO launches dedicated GDPR advice line

ICO clarifies what’s going to happen with registration

registration fee

One of the regulatory requirements missing from the General Data Protection Regulation (GDPR) is the requirement to register your data processing activities with a supervisory authority (the ICO in the UK). Under the current regime of the Data Protection Act 1998 there is both a requirement to register and pay a fee to the ICO. The …

Read moreICO clarifies what’s going to happen with registration

Website vulnerability leads to £60k ICO fine

latest compliance news posts

The Information Commissioner’s Office (ICO) (the UK’s “data regulator”) has fined a small video game rental company £60,000 after failing to take basic action to prevent an SQL injection vulnerability with their website, which led to a data breach and access to customer details. This latest fine just indicates that any size business is at …

Read moreWebsite vulnerability leads to £60k ICO fine