PDP - Compliance News Updates - 5 June 2018

EDPB publishes its first guidelines
PDP header graphic
  Issue: 05.06.2018

EDPB publishes its first guidelines
The European Data Protection Board has published the final version of Guidelines on derogations in the context of international data transfers and Guidelines on certifications under the GDPR. Derogations under Article 49 of the GDPR are exemptions from the general principle that personal data may only be transferred to countries outside of the European Economic Area if an adequate level of data protection is provided for, or if appropriate safeguards have been adduced. Certification mechanisms are accountability tools that companies may choose to implement to demonstrate compliance with the GDPR. Further detail on the guidance will be published in the upcoming edition of Privacy & Data Protection

Directors could be made personally liable for nuisance calls in UK

Company directors could be made personally liable for nuisance calls leading to potential fines of up to £500,000 under new plans  by the UK government and currently out for consultation. The ICO can currently only fine organisations for breaches of the Privacy and Electronic Communications Regulations. "For too long a minority of company directors have escaped justice by liquidating their firms and opening up again under a different name," said Digital Minister Margot James. "We want to make sure the Information Commissioner has the powers she needs to hold rogue bosses to account and put an end to these unwanted calls" she added. The consultation is open until 21st August.

Barnier rejects UK Brexit position on data protection

The UK government's proposal for a special agreement with the EU on data protection has been rejected by the EU's chief Brexit negotiator. The UK's proposed agreement went beyond the standard adequacy approach that the EU has adopted with third countries for ensuring the free flow of personal data to those locations. It also provided for an ongoing role for the ICO on the European Data Protection Board, and the ICO's participation in the EDPB's 'one stop shop' framework for resolving data protection disputes of a cross border nature. The EU found this to be unacceptable. Michel Barnier said: "What is sometimes hard for the British to understand is that we don't want to negotiate, we don't want to compromise on who we are. They want to leave, it is their choice to leave."

Facebook denies privacy breach claim

Facebook has rejected claims by the New York Times that its sharing of personal data with smartphone firms represented a breach of privacy pledges made to its members and a US regulator. The newspaper reported that the social network had given at least 60 device-makers access to users' friends' data without obtaining explicit consent. It added that in some cases, the details were stored on the firms' own servers. Facebook said that this was only done to help offer a mobile service, and that the circumstances were "very different" from those involved in the Cambridge Analytica scandal in which user data were used for different purposes. 

EDPB calls for adoption of e-Privacy Regulation

The European Data Protection Board is asking the European Commission, Parliament and Council to join forces to enact new e-Privacy rules as soon as possible now that the EU General Data Protection Regulation has gone into effect. The Board has offered advice on handling parts of the proposed e-Privacy Regulation, including the enforcement of consent requirements for cookies, ensuring privacy protections are in place for all forms of electronic communications including by "over-the-top" services, and obtaining user consent in an efficient manner before any data are processed.   

GDPR lacks clarity and threatens transatlantic trade, says US official

A lack of clarity around how new EU data protection laws apply poses a threat to EU-US trade, the US Secretary of Commerce has said. Writing in the Financial Times, Wilbur Ross criticised the guidance produced on the General Data Protection Regulation as being "too vague" and made an urgent call to EU authorities for "clearer rules and a more predictable regulatory environment to support investment and innovation". "As currently envisioned, GDPR's implementation could significantly interrupt transatlantic co-operation and create unnecessary barriers to trade, not only for the US, but for everyone outside the EU," Ross said.    

More in depth data protection news and articles... 

PDP Journals logo
New GDPR Article Series 

Privacy & Data Protection journalIntroducing a special series of articles on the practical changes that organisations need to implement in order to prepare for the GDPR

Visit the
Privacy & Data Protection for a Free Sample and to Subscribe

Subscribe to two or more titles at the same time and receive a 15% discount off the cheapest journal.

17th Annual Data Protection Conference (GDPR)

17th Annual Conference

11th & 12th October 2018 - London, UK 
** London's leading two-day GDPR Conference **  

James Dipple Johnstone
How the ICO will exercise its New Powers
James Dipple-Johnstone 
Infomation Commissioner's Office (ICO)
  This year, the conference is dedicated to reviewing the practical implications of the General Data Protection Regulation, and to help organisations ensure they are compliant.
16th Annual Data Protection Compliance Conference

* Speaker Highlight *

Eduardo Ustaran The Long Term Viability of the Privacy Shield and Model Clauses      
Eduardo Ustaran - Partner, Hogan Lovells
Some of the most commonly used methods to legitimise international data transfers are under serious scrutiny. For data exports to the United States, the Privacy Shield is an attractive option. But the constant challenges to the legality of the Shield, as well as the political climate, are questioning its survival. Commonly used tools like model clauses have also been challenged and will likely need to be revised. How can companies proceed in the uncertain world of data globalisation?

For more information and to book your place:

PDP Training logo

Our professional and practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance. Courses run throughout the year around the United Kingdom.
Here is a selection of courses taking place shortly:   
Peter Given_ Bond Dickinson
Peter Given
Womble Bond Dickinson
Organisations are legally required to notify a personal data breach to the national data protection authority unless the breach is unlikely to negatively impact individuals. Organisations are additionally obligated to inform affected, and potentially affected, individuals where the breach is likely to result in a high risk for the rights and freedoms of those individuals. This highly practical training session looks at the breach notification obligations in detail, including:
  • the types of incidents that will trigger the requirement to notify
  • actions that organisations should be taking now in order to prepare for a possible security breach
  • incident response plans and opportunities to mitigate risk
  • implications for data processors
  • what the ICO, and other relevant regulators, expect organisations to do
  • the requirement for an internal breach register and how to maintain it
  • consequences of failing to notify breaches 
It is recommended that delegates attending this session have a basic knowledge of current data protection legal requirements. Delegates with no existing knowledge may find it helpful to attend Data Protection Essential Knowledge Level 1 before attending this training course.

The next available dates for this course are:
  • London    Monday, 25th June 2018
  • London    Monday, 3rd December 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

Records Management 1
John Wilson, Mosaic
Organisations face increasing pressure to manage their records according to statutory and business requirements. As the use of electronic records and the deployment of electronic document and records management systems continue to increase, the core skills of the person responsible for records management become ever more important to the organisation. In many cases, appropriate data protection and FOI compliance will depend upon a good records management system.This invaluable training session, led by John Wilson, examines core concepts of good records management practice.Records Management 1 is an introductory level session that provides delegates with a thorough grounding in the fundamentals of records management, including:
  • introduction - basic concepts
  • records management tools
  • records lifecycle approach
  • designing a file plan
  • records destruction
  • legal framework / compliance
  • management of electronic records and email 
Upcoming dates for this training course are:
  • London           Tuesday, 17th July 2018
  • Manchester    Wednesday, 5th September 2018
  • Edinburgh      Thursday, 4th October 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

Records Management 2
This course examines how to implement good records management practice. Led by John Wilson, Records Management 2 is an intermediate level session that provides a grounding in the fundamentals of records management, including:
  • introduction - initiating a records management project
  • records audit
  • process mapping
  • building a business classification scheme
  • measuring performance
  • sustaining a records management programme
Delegates are encouraged to share their own experiences at the session. The day will be a mixture of presentation and practical exercises. There will be plenty of opportunity for questions.Upcoming dates for this training course are:
  • London           Wednesday, 18th July 2018
  • Manchester    Thursday, 6th September 2018
  • Edinburgh       Friday, 5th October 2018
A discount is available for delegates attending both the Level 1 and Level 2 sessions, as well as for multiple delegates attending from the same organisation.For further information and to make a booking,
  1. Visit PDP's website  
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
Manish Soni
Manish Soni
Breaches of information security are consistently one of the top two reasons for data protection regulator enforcement action. And fines for breaches of security are usually higher than for other types of breaches.With mandatory breach notification under the GDPR and the significant uplift in potential monetary penalties, compliance professionals need to be suitably empowered with cybersecurity knowledge and awareness to assist their organisations to both mitigate ongoing data security risks and to deal with personal data breaches. It is also useful for compliance professionals to have a basic knowledge of cybersecurity terminology to facilitate effective communications with IT Team members.This session is prepared specifically in the context of the GDPR and the objective of compliance professionals dealing more assuredly and knowledgeably with cybersecurity within their organisations. Find out more...The course is taking place on the following dates:
  • London           Monday, 2nd July 2018
  • Manchester    Tuesday, 13th November 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue

Practitioner Certificate in Data Protection - GDPR Conversion Programme
Ensure you are have the knowledge to practically implement the GDPR in your organisation.  
The Practitioner Certificate in Data Protection is the practical qualification which can be taken either on an intensive, flexible or distance-learning basis.
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the new Regulation." 
Joanne Maurizi 
Find out more >

"By far the most practical resource available to help understand the complexities of the GDPR..."
A Practical Guide to UK and EU Law  

This book is an invaluable practical resource for organisations in meeting the requirements of the GDPR.
Find out more & Order your copy here >
* New course for 2018 *
Cybersecurity for Data Protection Professionals  2nd July 2018 - London
Breach Notifications Training Course 

This session is prepared specifically in the context of the GDPR and the objective of compliance professionals dealing more assuredly and knowledgeably with cybersecurity within their organisations.

Practitioner Certificate in Data Protection - GDPR Conversion Programme
The online self-study Programme for candidates who gained their qualification prior to 2018 to upgrade their qualification for the GDPR era.

"I'm delighted to have passed the GDPR Conversion Programme Examination. The Programme was both enjoyable and challenging, providing an in depth look at the changes GDPR brings and how to apply these in practice.  I am now confident that my knowledge of Data Protection Law remains up to date and comfortable that I can apply the new regulations in practice in my day to day role."
Find out more >

Qualify as a GDPR Data Protection Practitioner

Flexible training options allow you to train alongside other commitmentsMore information >  
"The course content was informative and well presented, with very knowledgeable trainers. The exam was challenging, so I feel a real sense of achievement in having gained this qualification."   Caroline Chalk
Head External Information Services
Civil Aviation Authority
"I found the course to be thoroughly enjoyable and enlightening in a number of areas. I have managed to apply the knowledge gained through the course already in my day to day role."
Brendan Byrne
Senior Managing Consultant Security & Privacy
"The qualification strikes the right balance of interpreting important and complicated legislation and imparting this to students with a well structured course, underpinned with simple to understand information and then a vigorous examination. Organisations should feel assured by any of its staff undertaking and passing this qualification that their information is being managed and shared securely."
Kim Bellis
Records Service Manager
Royal Cornwall Hospitals NHS Trust
"I am very pleased to have followed the Practitioner Certificate in Data Protection course and passed the examination. This will be of great benefit to my employer, as it demonstrates the value we place on this complex area of ethics and compliance."
Alan White
Data Protection Manager
Pitney Bowes
"The course which was delivered by experts in the field of Privacy and Data Protection Law was very enjoyable and engaging. The examination was based on applying legislation and knowledge to practical cases rather than a test of how much information you could remember. I am delighted that I passed the exam and to have a qualification that is very much respected, as well as letters after my name! I recommend both the course and the examination for anyone wanting to increase their knowledge of Data Protection Law."
Bleneta Carr
Pearson Education
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the impending new Regulation."
Joanne Maurizi
Assistant Manager
"Synectics Solutions recognises that compliance with data protection regulation is critical to all organisations that handle personal information. It has never had a greater focus than at the present time. Having looked at the training and professional qualifications available, we concluded that the PDP certification was the most appropriate for our business. The course was delivered by legal experts in the field. They were able to bring the events to life with real-life scenarios and case studies."
Steve Sands
Head of Security
Synectics Solutions
PDP, Canterbury Court, Kennington Park, London, SW9 6DE, United Kingdom