We are one (penultimate) step closer to the final adoption of new Standard Contractual Clauses (“SCCs”) by the European Commission. The final version of a long overdue update to the 2004 (in case of controller-to-controller)/2010 (in case of controller-to-processor) model clauses which companies use to safeguard personal data transfers to controllers/processors outside the EEA under … Continue Reading
As businesses in the hospitality and leisure industries are permitted to re-open in England, the Government is asking them to keep a temporary record of their customers and visitors, in order to support NHS Test and Trace. This information will be requested by NHS Test and Trace in the event that someone who has tested … Continue Reading
The ICO has created an information hub for organisations and individuals with guidance on how to tackle data protection issues in their response to COVID-19. The ICO’s main message is that the data protection law will not stop organisations in responding to the crisis. The hub contains several sections dedicated to organisations, individuals concerned about … Continue Reading
Virgin Media is reportedly one of the latest UK companies to suffer a data security breach. On 5 March 2020, it published a statement on its website explaining that one of its databases had been accessed without Virgin Media’s authorisation, due to a configuration issue. It is reported that the database had been left unsecured … Continue Reading
An unhappy new year for Currys PC World and Dixons Travel stores, as the ICO has issued owners DSG Retail Limited with a Monetary Penalty Notice of £500,000 for serious security failings involving Point of Sale (“POS”) terminals in stores. Although the incident was investigated and addressed under the pre-GDPR legislation, the fine represents the … Continue Reading
The ICO has published draft guidance (the “guidance”) on data subject access requests (“DSARs”), which updates the previous code of practice, last issued in 2017. This guidance takes into account the relevant provisions of the GDPR and UK Data Protection Act 2018 (“DPA”). The ICO will be consulting on this draft guidance until 12 February … Continue Reading
This summer the ICO has issued significant fines in relation to high profile data breaches since acquiring its new “GDPR charged” powers. With less publicity, but nonetheless important given the increasing awareness of the rights of data subjects to claim damages for breaches of data protection legislation, the Ministry of Justice has recently announced that … Continue Reading
Many readers may be reading this blog when a notification from their fitness tracker pops up instructing them to stand up. Children are now beginning to wear trackable devices too. These devices are connected to the internet and may process a child’s personal data. Many children have and use social media accounts and there is … Continue Reading
The Data Protection (Charges and Information) Regulations 2018 came into force in May 2018. Generally, these Regulations mean that Controllers must pay the ICO an annual data protection fee unless they are exempt. The exemptions are relatively limited. The requirement to pay an annual fee replaces the previous requirement to register with the ICO. The … Continue Reading
