Free tools and resources for Data Protection Officers!

Tag Archives for " ICO "

GDPR: more than 8,000 data breaches notified to ICO

More than 8,000 data breaches have been reported in the UK since the General Data Protection Regulation (GDPR) took effect in May, the information commissioner has said.

Elizabeth Denham revealed the number in a speech in New Zealand earlier this week. Denham said the GDPR had also sparked a rise in data protection complaints raised with her office.

Full article: GDPR: more than 8,000 data breaches notified to ICO

No-deal Brexit will block critical data transfers from EU

Despite bringing the General Data Protection Regulation (GDPR) into UK law in the form of the Data Protection Act 2018, leaving the EU without a deal in place means Britain will be, for a time, classed as a ‘third country’ until an adequacy agreement can be implemented.

This means that while some data can be transferred from the UK to European Economic Area (EEA) countries, something supported by the UK government, there will be a stop to all flow of personal information in the opposite direction until a data adequacy agreement comes into force, according to the ICO.

Full article: No-deal Brexit will block critical data transfers from EU, warns ICO | IT PRO

New Guidance on GDPR Data Processing Contracts Published by the UK ICO

The U.K. Information Commissioner’s Office (ICO) recently published guidance on contracts between controllers and processors. This new guidance provides a more in-depth and detailed discussion of the key issues than did a previously released primer published by the ICO, which set out key points along with helpful checklists.

The new guidance discusses (1) when a contract is needed and why, (2) specifically what terms need to be included in the contract, (3) the responsibilities and liabilities of controllers when using a processor, and (4) the responsibilities and liabilities of processors.

Full article: New Guidance on GDPR Data Processing Contracts Published by the UK ICO

‘Sandbox’ advice could inform GDPR codes of conduct

Trade associations could develop codes of conduct to help businesses comply with the General Data Protection Regulation (GDPR) through a new ‘regulatory sandbox’ being set up by the Information Commissioner’s Office (ICO), the UK watchdog has said.

The precise framework for sandbox participation has still to be set, but the data protection authority gave guidance on how it might work in its response paper.

Source: ‘Sandbox’ advice could inform GDPR codes of conduct, says ICO

ICO issues the first fines to organisations that have not paid the data protection fee

Organisations across the business services, construction and finance sectors are among the first to be fined by the ICO for not paying the data protection fee.

All organisations, companies and sole traders that process personal data must pay an annual fee to the ICO unless they are exempt. Fines for not paying can be up to a maximum of £4,350.

Source: ICO issues the first fines to organisations that have not paid the data protection fee. | ICO

DP Impact Assessments: EDPB Differs Slightly from ICO Position

The European Data Protection Board (EDPB) has recently published its Opinion on the (United Kingdom) Information Commissioner’s list of processing activities which would require a Data Protection Impact Assessment under the GDPR.

In its Opinion, the EDPB appears to be moving away from the idea that processing of genetic or loca­tion data, on its own, might be enough to trigger the mandatory DPIA requirements of the GDPR. This news will perhaps come as a relief to organi­sations currently struggling to come to grips with the “new” DPIA process and the resources and time that it demands. But, should we be surprised by the EDPB’s Opinion and will it have a significant impact in practice on the way organisations consider and conduct DPIAs?

Full article: DP Impact Assessments: EDPB Differs Slightly from ICO Position

Uber fined more than $1 million by U.K. and Dutch authorities

Uber was fined a combined $1.17 million by British and Dutch authorities Tuesday for a 2016 data breach that exposed the personal details of millions of customers. The penalties come from the U.K.’s Information Commissioner’s Office and the Dutch Data Protection Authority.

Source: Uber fined more than $1 million by U.K. and Dutch authorities

Uber fined £385,000 for data breach affecting millions of passengers

Uber’s European operation has been fined £385,000 for a data breach that affected almost 3 million British users, the Information Commissioner’s Office has announced.

In November 2016, attackers obtained credentials to access Uber’s cloud servers and downloaded 16 large files, including the records of 35 million users worldwide. The records included passengers’ full names, phone numbers, email addresses, and the location where they had signed up.

Source: Uber fined £385,000 for data breach affecting millions of passengers

UK ICO Issues Warning to Washington Post Over Cookie Consent Practices

UK Information Commissioner’s Office (“ICO”) issued a warning to the U.S.-based The Washington Post over its approach to obtaining consent for cookies to access the service. The Washington Post presents readers with option of free access to a limited number of articles dependent on consent to the use of cookies and tracking for the delivery of personalized ads. To avoid a third party ad tracking (and advertising), a higher fee premium subscription should be choosed.

ICO concluded that since The Washington Post has not offered a free alternative to accepting cookies, consent cannot be freely given and the newspaper is in contravention of Article 7(4) of the EU General Data Protection Regulation (“GDPR”).

Source: UK ICO Issues Warning to Washington Post Over Cookie Consent Practices

UK police ‘gang matrix’ breached data laws

The Metropolitan police’s list of gang suspects breached data protection laws, potentially causing damage and distress to a disproportionate number of young black men, an investigation by the Information Commissioner’s Office (ICO) has found.

The list, called the gangs violence matrix, has also been criticised by human rights campaigners, who say it racialises the war on gangs and stigmatises black youngsters.

Source: Met’s ‘gang matrix’ breached data laws, investigation finds

>