Free tools and resources for Data Protection Officers!

Tag Archives for " ICO "

Average data breach fine doubles in one year

City AM reports that the average financial penalty issued by the UK regulator for data fines has doubled over the last year, and now stands at £146,000. City law firm RPC, which made the calculations, also concludes that fines imposed by the Information Commissioner’s Office (ICO) in the twelve months to September 30 th 2018 increased to near the £5m mark – an increase of 24% on the same time span in 2017.

Source: Average data breach fine doubles in one year

Is the ICO’s view of “lawful processing” under the GDPR wrong?

What makes processing “lawful” under the GDPR? The Information Commissioner (ICO) has stated that the word “lawfulness” has general application, as it did under the previous Data Protection Act (DPA1998). Though this view may be wrong. There is a significant risk that the level of the protection afforded to data subjects in the UK (and in Europe) is much diminished.

Full article: Is the ICO’s view of “lawful processing” under the GDPR wrong?

Facebook fined £500,000 for Cambridge Analytica scandal

Facebook has been fined £500,000 by the UK’s data protection watchdog for its role in the Cambridge Analytica data scandal. The Information Commissioner’s Office (ICO) said Facebook had let a “serious breach” of the law take place. The fine is the maximum allowed under the old data protection rules that applied before GDPR took effect in May.

Source: Facebook fined £500,000 for Cambridge Analytica scandal – BBC News

ICO to help business with innovation and Privacy by Design

The UK’s data protection authority – Information Commissioner’s Office – will set up a Regulators’ Business and Privacy Innovation Hub to support businesses, with other regulators, to comply and understand privacy and data protection – for example by helping them to build privacy in right from the start in innovative products and services.

The Hub will work alongside the ICO’s Regulatory Sandbox – an initiative to create a safe space where organisations are supported to develop innovative products and services using personal data in innovative ways.

Source: ICO to help business with innovation and Privacy by Design – Privacy Laws & Business

UK DPA releases data protection self-assessment checklist for sole traders

The ICO has launched a self-assessment checklist that will help sole traders and self-employed individuals to assess their compliance with new data protection laws. The checklist is aimed at improving understanding of data protection and making sure sole traders are keeping people’s personal data secure. It shows sole traders how compliant they are by generating a rating based on their responses and provides handy links to relevant ICO guidance and further information. It also includes practical suggestions of how to stay in line with the law.

Source: New data protection self-assessment checklist for sole traders | ICO

GDPR complaints stack up across the EU as regulators prepare to issue fines

It’s almost five months since Europe’s General Data Protection Regulation (GDPR) went into effect. Meanwhile, EU member states start to tally up GDPR complaints. Numbers have started rolling in from data protection authorities across Europe. As one of the first companies to be warned by a DPA, French startup Teemo might prove that regulators are more interested in keeping companies in line than collecting fees – once Teemo brought itself into compliance, the CNIL considered the issue closed.

Full article: GDPR complaints stack up across the EU as regulators prepare to issue fines – MarTech Today

Pro-privacy company Brave files GDPR complaint against Google

Brave filed a complaint with UK and Irish regulators over potential GDPR violations. The company, which develops the privacy-focused Brave browser, alleges that Google and others are auctioning user data and that the information not only contains sensitive details such as sexuality, ethnicity, and political opinions, but also that it is not secured correctly.

Source: Pro-privacy company Brave files GDPR complaint against Google – TechSpot

UK’s DPA Clarifies Position in Respect of International Transfers Under the GDPR

The UK’s supervisory authority for data protection, the Information Commissioner’s Office (“ICO“), has published guidance in relation to international transfers under the GDPR. Of particular interest is the ICO’s stated position that a transfer of personal data to a non-EEA data importer does not constitute a restricted transfer in cases where the General Data Protection Regulation (“GDPR“) applies directly to the processing which will be undertaken by that data importer.

Source: Uk: Ico Clarifies Position In Respect Of International Transfers Under The Gdpr

Organisations must improve transparency and accountability as citizens still don’t trust them with their data

The UK’s Information Commissioner is reminding organisations to be transparent with people’s personal information, after a survey revealed trust and confidence in how organisations handle personal data is still low, despite an improvement across sectors.

Source: Organisations must continue to improve transparency and accountability as ICO survey shows most UK citizens still don’t trust organisations with their data

>