"We are serious about the handling of personal data and keep all your data secure." Everybody says that, don't they? That doesn't necessarily mean they won't commit a personal data breach though. Some breaches arise because of poor security which fails to prevent hackers. Others are due to carelessness or accidents by employees. Many people … Continue reading What to do in a personal data breach
This blog has given much coverage to the forthcoming General Data Protection Regulation. What changes will it bring? How will the fines jump? Will Brexit affect it becoming enforceable in the UK? Earlier this year, the Italian Data Protection Authority fined a UK web-based money transfer firm €5,880,000. The current maximum fine imposed by the … Continue reading Massive data fines in Italy
I hear odd data myths. Here's a compilation. Myth 1: UK law says I can't transfer my data outside the UK Truth: Wrong. You can transfer within the EEA, to any country on the EU Commission's adequacy list and to other countries with appropriate safeguards, such as the EU/US Privacy Shield. Myth 2: German law … Continue reading Data: sorting the truth from the lies
GDPR becomes enforceable on 25 May 2018 and, since Brexit will happen after that, UK businesses will have to comply. What do you need to know? Hefty fines It's already gained much coverage. The largest fines - the higher of 4% of annual global turnover or €20m - will be for breaches of the fundamental obligations, … Continue reading Are you ready for GDPR?
EU The European Court of Justice recently ruled that the general and indiscriminate retention of data is incompatible with the E-Privacy Directive. This was in relation to the now defunct UK Data Retention and Investigatory Powers Act but will put pressure on its replacement, the Investigatory Powers Act 2016. The EU Commission has published a new draft E-Privacy Regulation to … Continue reading Data update in EU & US
The ICO has had a busy start to 2017 issuing a number of fines for data breaches. £40,000 fine for IT Protect for making nuisance calls trying to sell call-blocking devices to people who had registered to opt out of nuisance calls £50,000 fine for LAD Media for instigating the sending of 400,000 spam texts about debt without … Continue reading Data fines in Jan 2017
Someone asked me on Twitter how the repeal of the Human Rights Act in the UK would affect an adequacy decision for UK data transfers. It is simpler to blog about it than try to squeeze the answer into numerous tweets, so here goes... For all this talk about Brexit, many people forget that the … Continue reading Does UK need privacy shield after human rights repeal?