background preloader

UK ICO

Facebook Twitter

If you hold or use personal information about your clients, employees or other people, you are legally obliged to protect that information. This toolkit helps you with what you need to know, and do.


Under the Data Protection Act 1998 (DPA) you must:

use personal information fairly and lawfully;
collect only the information necessary for a specific purpose(s);
ensure it is relevant, accurate and up to date;
only hold as much as you need, and only for as long as you need it;
allow the subject of the information to see it on request; and
keep it secure. Overview of the General Data Protection Regulation (GDPR) UK and BREXIT Perspective for GDPR. Data sharing. Accountability and governance. In brief… The GDPR includes provisions that promote accountability and governance.

Accountability and governance

These complement the GDPR’s transparency requirements. While the principles of accountability and transparency have previously been implicit requirements of data protection law, the GDPR’s emphasis elevates their significance. You are expected to put into place comprehensive but proportionate governance measures. Good practice tools that the ICO has championed for a long time such as privacy impact assessments and privacy by design are now legally required in certain circumstances. Ultimately, these measures should minimise the risk of breaches and uphold the protection of personal data. In more detail… What is the accountability principle? The new accountability principle in Article 5(2) requires you to demonstrate that you comply with the principles and states explicitly that this is your responsibility.

How can I demonstrate that I comply? You must: You can also: What do I need to record? Next steps Yes. Data protection self assessment toolkit. ICO. Car rental employees fined for conspiring to steal personal information Former employees of Enterprise-Rent-A-Car have been sentenced for conspiring to steal customer information that accident claims companies could use to make nuisance calls and sell on as personal injury claims.

ICO

Andrew Minty, Jamie Leong and Michelle Craddock all pleaded guilty at Winchester Crown Court on 4 January to conspiracy to commit offences under the Data Protection Act. Minty was fined £7,500 which he has to pay within two years or face three months custody. More details of the other fines are available on our website. GDPR guidance from Europe’s Article 29 Working Party The latest guidelines from the Article 29 Working Party in preparation for the GDPR have been adopted. Being held to ransom? UK businesses are reportedly being forced to shut down after being held hostage by ransomware. North West business raided as part of nuisance call investigation. DP Minister: Government will consult on GDPR derogations - Privacy Laws & Business. Speaking in Parliament on 12 December, Data Protection Minister, Matt Hancock, confirmed that the government is now working on the overall approach and the details of EU Data Protection Regulation (GDPR) implementation.

DP Minister: Government will consult on GDPR derogations - Privacy Laws & Business

“Details of any new legislation in this area will be made [public] in due course,” Hancock said. GDPR and accountability. IntroductionIt’s a pleasure to be here talking about privacy regulation in the digital age.

GDPR and accountability

As those of you who have come across us before will know, the ICO is one of the main regulators in the digital space. We’re the independent UK regulator enforcing the laws that govern privacy. If you’re using personal data, including for direct marketing, we’re here to help you get it right.It’s a big job. We took almost 200,000 calls on our helpline last year. And on the other side of our role, we issued more than £1million of fines to organisations that got it wrong.And it’s a job that’s getting tougher.However fast regulation moves, technology moves faster.Especially as far as data is concerned.Companies today are using data in ways that were unimaginable when the current Data Protection Act was being drafted.We’re talking about an era of no Google. UK ICO recommends personal liability of directors for breaches of data protection law. White & Case Technology Newsflash At a recent Parliamentary meeting to discuss the draft Digital Economy Bill, the UK Information Commissioner recommended imposing personal liability and accountability upon company directors.

UK ICO recommends personal liability of directors for breaches of data protection law

If such liability is imposed, it will mark a radical departure from the current law, under which directors of companies generally have no personal liability or accountability for breaches of data protection law committed by their companies. UK ICO recommends personal liability of directors for breaches of data protection law. Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources.

UK ICO recommends personal liability of directors for breaches of data protection law

Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy. Information Collection and Use by JD Supra JD Supra collects users' names, companies, titles, e-mail address and industry. How the ICO will be supporting the implementation of the GDPR. By Elizabeth Denham, Information Commissioner.

How the ICO will be supporting the implementation of the GDPR

The GDPR and You. Cyber Security: Protection of Personal Data Online: Information Commissioner’s Response to the Committee’s First Report of Session 2016–17 - Culture Media and Sport. Cyber Security: Protection of Personal Data Online: Information Commissioner’s Response to the Committee’s First Report of Session 2016–17 The Culture, Media and Sport Committee published its First Report of Session 2016–17, on Cyber Security: Protection of Personal Data Online, HC 148 on 20 June 2016.

Cyber Security: Protection of Personal Data Online: Information Commissioner’s Response to the Committee’s First Report of Session 2016–17 - Culture Media and Sport

The Information Commissioner’s response was received on 12 October 2016 and is appended to this report. ICO code of practice on privacy notices – are you confident you are complying? - Data protection and privacy global insights. By Tughan Thuraisingam Follow @tughanTT.

ICO code of practice on privacy notices – are you confident you are complying? - Data protection and privacy global insights

Information Commissioner sets out plans for GDPR guidance. Practical Tips for GDPR From UK ICO. GDPR still relevant for the UK. By Steve Wood, Interim Deputy Commissioner.

GDPR still relevant for the UK

It’s just a few weeks since we set out what guidance organisations could expect and when around a General Data Protection Regulation (GDPR) that was on track to come into force in the UK on 25 May 2018. The result of the 23 June 2016 referendum on membership of the EU now means that the Government needs to consider the impact on the GDPR. As Baroness Neville-Rolfe said at the Privacy, Laws and Business conference this week, the future will be more uncertain.

But she was right to add that while the detailed future may be different from what was envisaged 10 days ago, the underlying reality on which policy is based has not changed all that much. Overview of the gdpr 1 0. BREXIT: UK data protection laws should develop 'on an evolutionary basis' post-Brexit, says new information commissioner. In her first speech since taking office, Denham suggested that it was likely that the new EU General Data Protection Regulation (GDPR) would apply in the UK before the UK leaves the EU. She said, however, that if that is not the case or if the UK government decides to apply alternative rules to those in the GDPR post-Brexit, the UK rules would "still need to be deemed adequate or essentially equivalent" to the GDPR. The GDPR will have effect from 25 May 2018. Denham said it looks like the UK will formally exit the EU in 2019 or later. "We know it’s up to government what happens here, both in that middle period from May 2018 to whenever the UK formally leaves the EU, and beyond," Denham said in her speech in London.

Overview of the General Data Protection Regulation (GDPR) Guidance: what to expect and when. Consistent feedback from stakeholders is that our advice around the Data Protection Act has been invaluable to organisations. Whilst more guidance will need to be developed at European level, we will be offering similar detailed support around the new law. Below we set out what organisations can expect, and when. Our priorities will be in three areas, all of which will be started (and some completed) within the next six months: ICO guidanceEuropean level guidance (in the form of Article 29 Working Party guidelines)Policy outputs (to inform future ICO and European guidance) We will regularly review and adjust our priorities in light of developments with ongoing dependencies. Phase 1 – familiarisation and key building blocks.