Tag Archives for " ICO "

ICO’s Denham: May 25 is not doomsday

As the opening act for the sold-out Data Protection Intensive here in London today, U.K. Information Commissioner Elizabeth Denham set to rest some of the common misconceptions she knows privacy professionals are losing sleep over as the countdown to the General Data Protection Regulation slinks near single-digits.

The approach to data protection, and the enforcement of it, should and will be the same 36 days from now as it ever was: Following the rules is the way to go. But if you fail there, yeah, there are going to be some problems.

Source: ICO’s Denham: May 25 is not doomsday

UK’s DPA releases data protection self assessment tool

The ICO’s data protection self assessment toolkit helps you assess your organisation’s compliance with data protection law and helps you find out what you need to do to make sure you are keeping people’s personal data secure.

The toolkit is made up of a number of checklists which cover data protection assurance, how to get ready for the General Data Protection Regulation, information and cyber security, direct marketing in line with the Privacy and Electronic Communications Regulation (PECR), records management, data sharing and subject access, and CCTV.The data protection toolkit is suitable for all businesses and will be particularly helpful to small to medium enterprises.

Source: Data protection self assessment | ICO

Why ISO 27001 is integral to data protection compliance

With the EU General Data Protection Regulation (GDPR)’s compliance deadline looming, any organisation that processes EU residents’ data will likely be investigating implementation options to help tackle its compliance project, if it hasn’t already done so.

Supervisory authorities such as the ICO have highlighted ISO 27001, the international standard that describes best practice for an information security management system (ISMS), as a way to provide assurance that the necessary technical and organisational requirements to prevent a data breach are in place.

Source: Why ISO 27001 is integral to data protection compliance – IT Governance Blog

GDPR no excuse for not meeting AML duties

Gambling operators will be able to meet their licensing obligations on problem gambling and anti-money laundering (AML) without breaching the General Data Protection Regulation (GDPR), the Gambling Commission has said.

In a new note issued to businesses in the British gambling market, the regulator acknowledged that some operators have concerns that the new data protection rules, which will apply from 25 May, will hamper their ability to meet their licensing duties. However, it said it would “not accept licensees simply stating that GDPR means that they are unable to comply with an aspect of gambling regulation”.

Source: GDPR no excuse for not meeting gambling licensing duties, says regulator

GDPR: UK watchdog promises ‘proportionate and pragmatic’ enforcement

The UK’s information commissioner has promised to use new powers to issue “hefty fines” for breaches of data protection law sparingly.

From 25 May, Elizabeth Denham will have the power to issue fines of up to 4% of a business’ annual global turnover, or €20 million, whichever is highest, where they are responsible for certain breaches of the new General Data Protection Regulation (GDPR). Other types of breaches could attract fines of up to 2% of annual global turnover, or €10m.

Source: GDPR: UK watchdog promises ‘proportionate and pragmatic’ enforcement

UK’s DPA issues guidance on business to business marketing

UK’s dat aprotection authority –  Information Commissioner’s Office (ICO) – has issued a guidance on business to business (B2B) marketing.

GDPR applies wherever you are processing ‘personal data’. This means if you can identify an individual either directly or indirectly, the GDPR will apply – even if they are acting in a professional capacity. So, for example, if you have the name and number of a business contact on file, or their email address identifies them (eg initials.lastname@company.com), the GDPR will apply.

Source: The rules around business to business marketing, the GDPR and PECR | ICO

Businesses face three month delay to ‘high risk’ data processing

Businesses could be forced to put major new technology projects on hold for more than three months if they trigger a duty to consult with the UK’s data protection authority on their plans to process personal data.

Organisations intending to use new technologies that involve the processing of personal data will be expected to carry out data protection impact assessments (DPIAs) before deploying those technologies under the new General Data Protection Regulation (GDPR), according to the Information Commissioner’s Office (ICO).

Source: Businesses face three month delay to ‘high risk’ data processing

UK watchdog wants disclosure rules for political ads on social media

The UK’s data protection agency will push for increased transparency into how personal data flows between digital platforms to ensure people being targeted for political advertising are able to understand why and how it is happening.

Information commissioner Elizabeth Deham said visibility into ad targeting systems is needed so that people can exercise their rights — such as withdrawing consent to their personal data being processed should they wish.

Source: UK watchdog wants disclosure rules for political ads on social media | TechCrunch

Investigators complete seven-hour Cambridge Analytica HQ search

Investigators from Britain’s data watchdog have spent nearly seven hours searching the London offices of Cambridge Analytica.

Eighteen enforcement officers entered the Cambridge Analytica headquarters in London’s West End on Friday night to search the premises after the Information Commissioner’s Office (ICO) was granted a warrant to examine its records.

Source: Investigators complete seven-hour Cambridge Analytica HQ search | News | The Guardian

Article 29 Working Party investigating Facebook-Cambridge Analytica

Reaction and developments generated by last weekend’s revelations that Cambridge Analytica processed and did not delete Facebook user data continue apace around the world.

Article 29 Working Party Chairwoman Andrea Jelinek said Wednesday the collection of EU data protection authorities is investigating the recent revelations involving Facebook and Cambridge Analytica, with the U.K. Information Commissioner’s Office taking the lead role, Euractiv reports.

Source: Article 29 Working Party investigating Facebook-Cambridge Analytica

1 2 3 8
>