In all the hyperbole and misinformation surrounding the General Data Protection Regulation (GDPR) in recent weeks, it may have been easy to miss the UK passing its own updated data protection legislation – the imaginatively titled Data Protection Act 2018 (the Act), which helpfully also came into force on 25th May. This replaces the Data Protection Act 1998, which has …
Data Protection Act 2018- What Does It Mean To You?Read More »
One of the key aspects of data protection law is the concept of Data Controllers and Data Processors. In advance of the GDPR enforcement date (25th May), many organisations are seeking to review, update and amend their agreements with suppliers and partners, to ensure that the documentation doesn’t undermine their compliance with GDPR. For GDPR …
Unless you have been living under a rock for the past few weeks, you will have noticed that Facebook’s business practices have been coming under the microscope of public scrutiny. It’s been well-known for a long time among the data protection and marketing communities that Facebook operates by harvesting, generating and acquiring large amounts of …
Facebook and ‘CA’ – not Cambridge Analytica, but Custom AudiencesRead More »
Under powers granted under the DPA 1998, organisations that process personal data had fees levied to fund the ICO’s data protection work unless they were exempt. When GDPR comes into force on 25th May 2018, this will change. The Existing System Under the existing fee structure, most organisations, including charities are required to pay a …
The latest investigation by the Daily Mail into the use of publicly-available personal information has hit the headlines. This time, the activities of university alumni and development teams is under the spotlight. Sadly, it’s the same mixture of issues first aired into the conduct of charities back in late 2016. The article has the same, …
Taking the ‘Con’ out of ‘Consent’ In many ways, the GDPR is not very different to the Data Protection Act. This is true for the requirement to justify which of the six lawful “basis for processing” you are relying on to legitimise the processing (activity) in question. Some have been, and remain clear: in life …
The right of an individual to be told whether an organisation is processing their personal data and be given access to that data (“subject access”) is a significant one in data protection law, and was the most common type of concern reported to the ICO in 2016/17. Following the resolution of the legal cases dealing …
Changes to the ICO Subject Access Code of PracticeRead More »
This week the Fundraising Preference Service (FPS) was launched by the Fundraising Regulator, in response to concerns about charity marketing, which have been raised over the last couple of years and in anticipation of the more stringent controls on the use of personal data that GDPR will bring. The FPS is an online tool that …
The frontpage headline of The Daily Telegraph today, 4th July 2017 – “Charities face £25k fines for pestering” – risks bluring some key issues. The Fundraising Regulator is about the launch the Fundraising Preference Service (FPS). Rightly they are keen to promote this. But the Fundraising Regulator has no powers to issue fines. That still …
Charities face £25k fines for pestering? Maybe, maybe not…Read More »
So the nation has spoken – and the UK has voted to leave the EU. So where does this leave the EU General Data Protection Regulation? The ICO was quick to highlight three key points: (1) The Data Protection Act 1998 (DPA) remains the law of the land. (2) The upcoming EU reforms to data …