GDPR – setting the record straight on data breach reporting

By Elizabeth Denham, Information Commissioner.

GDPR-Myths-smashed-blogOur series of blogs continues to sort the fact from the fiction by busting some of the myths around the General Data Protection Regulation (GDPR).

New requirements to report serious breaches of personal data are high up on the list of issues we need to address.

Misleading press stories have claimed that all breaches will need to be reported to the Information Commissioner’s Office and customers alike; others say all details of the breach need to be known straight away and some say there’ll be huge fines for failing to report.

With nine months to go until GDPR comes into effect, we recognise that businesses and organisations are concerned. This latest blog challenges a few of the myths that have sprung up around data breach reporting.

Continue reading

Posted in Elizabeth Denham | Tagged , , , , , | 22 Comments

GDPR is an evolution in data protection, not a burdensome revolution

By Steve Wood, Deputy Commissioner (Policy).

Myths-BlogOur new series of blogs aiming to bust some of the myths that have developed around the General Data Protection Regulation (GDPR) are proving incredibly popular and we are pleased that so many of you are finding them useful.

Here at the ICO, we took the view that it was time to sort the fact from the fiction before the new law comes into effect on 25 May 2018, given some of the misinformation and outright scaremongering out there – some of which, it must be said, seems commercially driven.

Our first two blogs covered the myths surrounding new fining powers and the issue of consent, and this week we want to talk about another widely held misconception – that the new regime is an onerous imposition of unnecessary and costly red tape.

Continue reading

Posted in Steve Wood | Tagged , , | 22 Comments

Consent is not the ‘silver bullet’ for GDPR compliance

By Elizabeth Denham, Information Commissioner.

Last week I launched a series of blogs to bust some of the myths that have developed around the General Data Protection Regulation (GDPR).

Before the new law comes into effect on 25 May 2018, I feel bound to sort the fact from the fiction.

Because there is a lot of misinformation out there and for many who are new to data protection and the GDPR it’s creating uncertainty. Organisations that want to get it right – and we know that’s the majority – can sometimes feel like rabbits in the headlights, not knowing which way to leap. Continue reading

Posted in Elizabeth Denham | Tagged , , , , , | 90 Comments

GDPR – sorting the fact from the fiction

By Elizabeth Denham, Information Commissioner.

Fake-news-fines-blogThe General Data Protection Regulation comes into force on 25 May 2018.

That’s not new news. But it is a fact.

It’s also fact that not everything you read or hear about the GDPR is true.

For the most part, writers, bloggers and expert speakers have their facts straight. And what they say – and sometimes challenge – helps organisations prepare for what’s ahead.

And there’s a lot to take in. The Data Protection Bill announced this week gives more detail of the reforms beyond the GDPR, for example.

But there’s also some misinformation out there too. And I’m worried that the misinformation is in danger of being considered truth.

Continue reading

Posted in Elizabeth Denham | Tagged , , , | 91 Comments

Information Commissioner encourages disclosure of fire safety information in light of the Grenfell Tower tragedy

By Elizabeth Denham, Information Commissioner.

In the wake of tragedies like the Grenfell Tower fire, public bodies are forced to look at all aspects of their roles and responsibilities.

They take a critical look at how they do things and evaluate how their practices can be improved.

My office is concerned with transparency. As the independent regulator of the Freedom of Information Act, my job is to ensure people have easy access to records they are entitled to see.

Continue reading

Posted in Elizabeth Denham | Tagged | 2 Comments

When is a breach not a breach?

By Steve Eckersley, Head of Enforcement.

cctv-blogThe ICO has ruled that Virgin Trains East Coast did not break data protection law when it published CCTV footage of Jeremy Corbyn looking for a seat on a service from London.

But the company did breach the law when it published images of other passengers on the same service. The ICO found that Virgin should have taken better care to obscure the faces of other people on the train. Publication of their images was unfair and a breach of the first principle of the Data Protection Act.

Continue reading

Posted in Steve Eckersley | Tagged , | 3 Comments

Subject access policy updated after court rulings on disproportionate effort

By Vivienne Adams, Senior Policy Officer.

feedback

As July arrives and brings with it summer (albeit a damp version of it here in Wilmslow so far), there are now fewer than 11 months until the arrival of the much-heralded GDPR.

As you can imagine, that means a busy time in the policy team, working on the guidance to help organisations understand the new law. But while there’s plenty of work still to do there, our work on guidance for the Data Protection Act (DPA) doesn’t stop. Continue reading

Posted in ICO, Vivienne Adams | Leave a comment

Four lessons NHS Trusts can learn from the Royal Free case

By Elizabeth Denham, Information Commissioner.

nhs-2

Today my office has announced that the Royal Free London NHS Foundation Trust did not comply with the Data Protection Act when it turned over the sensitive medical data of around 1.6 million patients to Google DeepMind, a private sector firm, as part of a clinical safety initiative. As a result of our investigation, the Trust has been asked to sign an undertaking committing it to changes to ensure it is acting in accordance with the law, and we’ll be working with them to make sure that happens. Continue reading

Posted in Elizabeth Denham, ICO | 2 Comments

The ICO Grants Programme and why the time is right to support independent research

“Once you stop learning, you start dying.”

So said Albert Einstein, and while the school year may be nearing its end and university students are already returning home for the summer, we at the ICO have launched our first ever Grants Programme for new, independent research into data protection and privacy enhancing solutions, and we believe it is a genuinely exciting development. Continue reading

Posted in ICO, Steve Wood | Tagged | Leave a comment

Interesting times, and how we navigate them

By Elizabeth Denham, Information Commissioner.

Interesting times, and how we navigate them

I remember hearing my predecessor talk about a Chinese saying “may you live in interesting times”.

I think it’s fair to say we’re living in them!

My term in office is five years, and it’s abundantly clear to me as the first year draws to a close, ‘interesting times’ will be a recurring theme of my term. GDPR, Brexit, and whatever follows those two. Add to that a general election too. Continue reading

Posted in Elizabeth Denham | Tagged , , , | 1 Comment