GDPR & Special Category Data – What You Need To Know

Organisations should now be looking to review their processing of special category personal data and to ensure that any special category data that is being processed is processed lawfully, fairly, securely as well as in a transparent manner. The ICO has recently published new guidance on the risks associated for...
Read More

Selling our Data – Is it worth it?

Data is used in all aspects of life, whether it is connecting with your friends via social media or paying for good online. Your personal details and your activity is collected, and sometimes this can be without your knowledge. With the recent passing of GDPR, and harsher penalties being dealt...
Read More

The writing’s on the cookie wall…

Two recent publications have shed light on the use of consent to place cookies on website users’ devices. The Dutch Data Protection Authority, Autoriteit Persoonsgegevens (the “AP“), has published guidance on the use of cookie walls, and CJEU Advocate General Maciej Szpunar has given his Opinion on the use of...
Read More

ICO 2018

1 Introduction The Information Commissioner was given the power to issue civil monetary penalties for serious breaches of the data protection principles in 2011. The vast majority of monetary penalties which have been issued by the ICO have been for breaches of the 7th principle of the Data Protection Act...
Read More

Introduction

Please see the video for the Introduction. https://vimeo.com/295136783/d8a23f32e2
Read More

BREXIT – Data protection implications for the UK

Date: Thursday October 25, 2018 This webinar is intended to provide an overview of the likely changes that Brexit will make to data protection in the UK. It will explain the data protection legislation that is applicable in the UK, provide some insight to the data protection authority that enforces...
Read More

Minimum requirements for GDPR compliance.

1. Introduction. It is  two years two months since the General Data Protection Regulation (GDPR) entered into force on the 25th May 2016. It was decided that enforcement of the GDPR would not begin until 25th May 2018. Organisations which process personal information ( data controllers) have had a long...
Read More

Unlawful Obtaining of Personal Information.

This is the third of three reports reviewing the ICO regulatory activity for 2017. This final report looks at prosecutions for the criminal offence of unlawfully obtaining personal information. Section 55 of the DPA 1998 creates two offences: A person must not knowingly or recklessly, without the consent of the...
Read More

Marketing by telephone, email or text – have you obtained consent?

This is the second of three reports reviewing the Information Commissioners regulatory activity for 2017. This report will deal with breaches of the Privacy and Electronic (EC Directive) Regulations 2003 (PECR). The purpose of the reports is to provide an in depth review of ICO regulatory activity in a specific...
Read More

Should we worry about paper files?

Norfolk County Council has recently been fined £60,000 by the Information Commissioner's Office for a breach of the seventh data protection principle (appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data)....
Read More

Information Commissioners Office – Regulatory Action during 2017

This is the first of three reports which looks in detail at the Information Commissioner's regulatory activity for 2017. This report will deal with civil monetary penalties issued for breaches of the 7th data protection principle of the Data Protection Act 1998 (often referred to as the security principle). To read...
Read More

“Carphone Warehouse should thank its lucky data stars that it got fined now” – James Castro-Edwards comments for Real Business

ProDPO Data Protection expert, James Castro-Edwards, has commented on the recent £400,000 fine issued to Carphone Warehouse following it's data breach in 2015 for Real Business. James stated that organisations of any size must “consider whether current security procedures will protect said held data.” Visit Real Business now to read...
Read More

The Insurance Institute comments on the Chartered Insurance Institute’s instruction of ProDPO

The Insurance Times has published an article commenting on the Chartered Insurance Institute's decision to use ProDPO for their outsourced data protection requirements ahead of the GDPR later this year. General counsel at the CII, Liam Russell says: “We take our data protection responsibilities very seriously and we want to...
Read More

Mandatory appointment of a data protection officer – does this apply to my organisation?

    The appointment of a data protection officer will become mandatory for many organisations in May next year as a requirement of the General Data Protection Regulation (Article 37 GDPR). For those organisations that have not yet appointed a data protection officer or are not sure if they need to hopefully...
Read More

Data minefield: a review of ‘EU General Data Protection Regulation: A Guide To The New Law’

The Law Society Gazette has reviewed EU General Data Protection Regulation: A Guide To The New Law, written by ProDPO Data Protection expert, James Castro-Edwards. The review concludes that "it has been said widely that there needs to be ‘buy-in’ at a senior level in businesses that need to implement...
Read More

In Conversation with ProDPO Data Protection expert James Castro-Edwards

ProDPO Data Protection expert, James Castro-Edwards, has been interviewed by The Law Society on issues surrounding the GDPR, as a part of their 'In Conversation With...' series. In this interview, James 'debunks myths' surrounding the GDPR, explains some of the main changes GDPR will bring, and explores how businesses, public...
Read More

A guide to the importance of Privacy Impact Assessments (PIA)

The EU Data Protection Regulation, when implemented, will require organisations which process personal information to conduct privacy impact assessments (PIA). The UK regulator, the Information Commissioner (ICO), is clearly of the view that a PIA should be central to any privacy risk assessment. Organisations that start new projects without a...
Read More

External Cyber-Attacks: Avoidable Breaches, Monetary Penalties and the limits of ‘Victim’ status

When an individual is the victim of a criminal offence and reports the circumstances to the police they, not surprisingly, expect that the police will investigate the crime and will hopefully apprehend the offenders and recover any property which may have been stolen. Where there is clear evidence that a...
Read More