I hear odd data myths. Here's a compilation. Myth 1: UK law says I can't transfer my data outside the UK Truth: Wrong. You can transfer within the EEA, to any country on the EU Commission's adequacy list and to other countries with appropriate safeguards, such as the EU/US Privacy Shield. Myth 2: German law … Continue reading Data: sorting the truth from the lies
GDPR becomes enforceable on 25 May 2018 and, since Brexit will happen after that, UK businesses will have to comply. What do you need to know? Hefty fines It's already gained much coverage. The largest fines - the higher of 4% of annual global turnover or €20m - will be for breaches of the fundamental obligations, … Continue reading Are you ready for GDPR?
EU The European Court of Justice recently ruled that the general and indiscriminate retention of data is incompatible with the E-Privacy Directive. This was in relation to the now defunct UK Data Retention and Investigatory Powers Act but will put pressure on its replacement, the Investigatory Powers Act 2016. The EU Commission has published a new draft E-Privacy Regulation to … Continue reading Data update in EU & US
The ICO has had a busy start to 2017 issuing a number of fines for data breaches. £40,000 fine for IT Protect for making nuisance calls trying to sell call-blocking devices to people who had registered to opt out of nuisance calls £50,000 fine for LAD Media for instigating the sending of 400,000 spam texts about debt without … Continue reading Data fines in Jan 2017
Someone asked me on Twitter how the repeal of the Human Rights Act in the UK would affect an adequacy decision for UK data transfers. It is simpler to blog about it than try to squeeze the answer into numerous tweets, so here goes... For all this talk about Brexit, many people forget that the … Continue reading Does UK need privacy shield after human rights repeal?
Big news! The Secretary of State Karen Bradley MP recently confirmed that the UK Government will be opting in to the General Data Protection Regulation (see Q72) and the Information Commissioner has said “I see this as good news for the UK...The ICO is committed to assisting businesses and public bodies to prepare to meet the requirements of the GDPR … Continue reading GDPR in force 2018. Nothing new there
Someone asked me recently what's the status of a customer logo in relation to data. Specifically, if a SaaS provider stores customer logos in their system - for example, for white labelling the customer's login screens for staff - do those logos need to be treated as customer data or can they be treated as public domain data? … Continue reading Customer logo = data?