IHRIM

PDP - Compliance News Updates - 12 June 2018

Online marketing companies will need to rewrite contracts as a result of new ruling
 
 
PDP header graphic
  Issue: 12.06.2018

News 
Online marketing companies will need to rewrite contracts as a result of new ruling
The European Court of Justice has ruled that companies and people who administer Facebook fan pages are jointly responsible with Facebook for data protection on those pages, effectively widening the scope of controllers. The decision means that if Facebook is infringing on the data-protection rights of users who follow a fan page, the page's administrators may also be in the firing line. Equally, if the fan-page operator infringes on people's privacy rights, Facebook may also be responsible. As a result of the ruling, Facebook and a range of other companies involved in online marketing may need to rewrite their contracts with customers across Europe. "We are disappointed by this ruling," said a Facebook spokesperson.  

UK regulator fines charity

The Information Commissioner's Office has fined the British and Foreign Bible Society £100,000 after cyber hackers gained access to more than 400,000 supporters' personal data. The Commissioner found that, although the Society was the victim of a criminal act, it failed to take appropriate technical and organisational steps to protect its supporters' personal data. The charity, which translates and distributes the Bible in the UK and around the world, has taken remedial action since it became aware of the attack, and fully co-operated with the ICO's investigation.

ICANN loses data-gathering court battle

The internet's global domain name organisation, the Internet Corporation for Assigned Names and Numbers, has lost its bid to force a German registrar to collect the personal data of technical and administrative contacts for websites the registrar approves domain names for. ICANN asked the Regional Court of Bonn to issue an order to force EPAG Domain services to collect the personal data of technical and administrative contacts of organisations that register domain names with EPAG. EPAG previously collected the information, but advised ICANN that it would stop doing so in order to comply with the GDPR. The Regional Court of Bonn ruled in favour of EPAG and said ICANN's application for an injunction to be served against the registrar was "unfounded". 

Facebook apologises after latest blunder

Facebook has apologised after admitting that a software bug changed the privacy settings of 14 million users' posts. Affected users had the privacy settings of their posts automatically set to be shared to "everyone", even if they had chosen a setting which restricted who could see them. The bug affected Facebook's internal systems between 18 and 22 May, and the social media company was not able to return the posts to their original settings until 27 May. Facebook said users who were affected by the bug will be notified of the issue on their news feed. The UK's Deputy Information Commissioner, Steve Wood, said: "The UK public can be reassured that the ICO will support the Irish Data Commissioner if required to ensure Facebook takes the appropriate steps to resolve this matter."  

Job application tool suspects data breach

A firm in the UK that manages millions of job applications around the world suspects it has suffered a data breach. PageUp's software is used for recruitment, salary information, bank details, tax numbers and other sensitive personal data. Its clients include supermarket Aldi, Clydesdale Bank and chocolate-maker Lindt. The firm has notified data regulators, including the UK's Information Commissioner's Office. The UK regulator has confirmed that it is investigating the breach.     

Facebook confirms existence of data sharing partnership

Facebook has confirmed it has a data sharing partnership with Chinese firms including Huawei, a company US intelligence previously flagged as a security threat. The agreements gave the Chinese firms some access to users' data to help them build Facebook "experiences" on their smartphones. Facebook said all the data collected remained on users' phones not servers. Huawei said its cooperation with Facebook was to improve user services. A Huawei spokesperson said: "Like all leading smartphone providers, Huawei has worked with Facebook to make Facebook's services more convenient for users. Huawei has never collected or stored any Facebook user data."

ICO on Cambridge Analytica - "this is our largest investigation"

Information Commissioner Elizabeth Denham and Deputy Commissioner of Operations James Dipple-Johnstone have appeared in front of the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament hearing on the Facebook/Cambridge Analytica case. In their opening remarks they said the ICO has over 40 of its own investigators full time on the enquiry plus external legal and forensic IT recovery experts. Elizabeth Denham told MEPs "give the GDPR some time to operate. This investigation by the ICO is unprecedented in its scale - we believe it is the largest investigation ever undertaken by a data protection authority. The investigation is providing an early opportunity to consider the GDPR against the pressures and demands of a real world contemporary case." James Dipple-Johnstone will be giving the Keynote Address at the 17th Annual Data Protection Compliance Conference, taking place in London on 11th & 12th October.

Statement in response to new plans for nuisance call directors to face fines

Steve Wood, Deputy Commissioner for Policy at the ICO, has given a statement in response to the UK government's plans (reported last week) to introduce fines for company directors heading up nuisance call firms. He said: "We welcome these proposals from the government to make directors themselves responsible for nuisance marketing. We have been calling for a change to the law for a while to deter those who deliberately set out to disrupt people with troublesome calls, texts and emails. These proposed changes will increase the tools we have to protect the public." 

More in depth data protection news and articles... 

PDP Journals logo
 
 
New GDPR Article Series 

Privacy & Data Protection journalIntroducing a special series of articles on the practical changes that organisations need to implement in order to prepare for the GDPR

Visit the
Privacy & Data Protection for a Free Sample and to Subscribe
 

Subscribe to two or more titles at the same time and receive a 15% discount off the cheapest journal.
 



17th Annual Data Protection Conference (GDPR)

17th Annual Conference


11th & 12th October 2018 - London, UK 
** London's leading two-day GDPR Conference **  

Keynote:
James Dipple Johnstone
 
How the ICO will exercise its New Powers
James Dipple-Johnstone 
Infomation Commissioner's Office (ICO)
  This year, the conference is dedicated to reviewing the practical implications of the General Data Protection Regulation, and to help organisations ensure they are compliant.
 
16th Annual Data Protection Compliance Conference

  
* Speaker Highlight *
Estelle Dehon
 
The New Transparency Obligations       
 
Estelle Dehon - Cornerstone Barristers
 
The GDPR mandates 'transparency' as a new requirement of data protection. But what exactly does it mean to be transparent, and what must organisations now do that they were not doing before? This talk provides a practical guide to transparency, and includes key takeaways from the Article 29 Working Party's recently updated guidance.

For more information and to book your place:
 

 
PDP Training logo


Our professional and practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance. Courses run throughout the year around the United Kingdom.
 
Here is a selection of courses taking place shortly:   

Accountability - How to Comply with the GDPR's Requirements
Jenai Nissim_ TLT
Jenai Nissim
TLT
For the first time in data protection law, the GDPR introduces the requirement of "accountability". In basic terms, accountability means that organisations are not only be required to comply with data protection requirements, but also that they must demonstrate that they comply.Demonstrating compliance consists of several elements, including preparing policies, monitoring compliance with internal policies and procedures, amending job roles and updating customer facing documentation such as websites and offline forms.This highly practical sessions looks at the detail of what accountability requires, and provides delegates with all the knowledge and tools necessary to achieve compliance in their organisations.It is recommended that delegates attending this session have a basic knowledge of current data protection legal requirements. Delegates with no existing knowledge may find it helpful to attend Data Protection Essential Knowledge Level 1 before attending this training course.The course is taking place on the following dates:
  • London           Wednesday, 4th July 2018
  • Manchester    Friday, 28th September 2018
  • Isle of Man     Monday, 15th October 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

Records Management 1
John Wilson, Mosaic
Organisations face increasing pressure to manage their records according to statutory and business requirements. As the use of electronic records and the deployment of electronic document and records management systems continue to increase, the core skills of the person responsible for records management become ever more important to the organisation. In many cases, appropriate data protection and FOI compliance will depend upon a good records management system.This invaluable training session, led by John Wilson, examines core concepts of good records management practice.Records Management 1 is an introductory level session that provides delegates with a thorough grounding in the fundamentals of records management, including:
  • introduction - basic concepts
  • records management tools
  • records lifecycle approach
  • designing a file plan
  • records destruction
  • legal framework / compliance
  • management of electronic records and email 
Upcoming dates for this training course are:
  • London           Tuesday, 17th July 2018
  • Manchester    Wednesday, 5th September 2018
  • Edinburgh      Thursday, 4th October 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

Records Management 2
This course examines how to implement good records management practice. Led by John Wilson, Records Management 2 is an intermediate level session that provides a grounding in the fundamentals of records management, including:
  • introduction - initiating a records management project
  • records audit
  • process mapping
  • building a business classification scheme
  • measuring performance
  • EDRMS
  • sustaining a records management programme
Delegates are encouraged to share their own experiences at the session. The day will be a mixture of presentation and practical exercises. There will be plenty of opportunity for questions.Upcoming dates for this training course are:
  • London           Wednesday, 18th July 2018
  • Manchester    Thursday, 6th September 2018
  • Edinburgh       Friday, 5th October 2018
A discount is available for delegates attending both the Level 1 and Level 2 sessions, as well as for multiple delegates attending from the same organisation.For further information and to make a booking,
  1. Visit PDP's website  
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
 
Manish Soni
Manish Soni
MacFarlanes
Breaches of information security are consistently one of the top two reasons for data protection regulator enforcement action. And fines for breaches of security are usually higher than for other types of breaches.With mandatory breach notification under the GDPR and the significant uplift in potential monetary penalties, compliance professionals need to be suitably empowered with cybersecurity knowledge and awareness to assist their organisations to both mitigate ongoing data security risks and to deal with personal data breaches. It is also useful for compliance professionals to have a basic knowledge of cybersecurity terminology to facilitate effective communications with IT Team members.This session is prepared specifically in the context of the GDPR and the objective of compliance professionals dealing more assuredly and knowledgeably with cybersecurity within their organisations. Find out more...The course is taking place on the following dates:
  • London           Monday, 2nd July 2018
  • Manchester    Tuesday, 13th November 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue

Practitioner Certificate in Data Protection - GDPR Conversion Programme
Ensure you are have the knowledge to practically implement the GDPR in your organisation.  
 
The Practitioner Certificate in Data Protection is the practical qualification which can be taken either on an intensive, flexible or distance-learning basis.
 
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the new Regulation." 
Joanne Maurizi 
MutualOne 
 
Find out more >
   

"By far the most practical resource available to help understand the complexities of the GDPR..."
A Practical Guide to UK and EU Law  

This book is an invaluable practical resource for organisations in meeting the requirements of the GDPR.
Find out more & Order your copy here >
* New course for 2018 *
Cybersecurity for Data Protection Professionals  2nd July 2018 - London
Breach Notifications Training Course 

This session is prepared specifically in the context of the GDPR and the objective of compliance professionals dealing more assuredly and knowledgeably with cybersecurity within their organisations.

Practitioner Certificate in Data Protection - GDPR Conversion Programme
The online self-study Programme for candidates who gained their qualification prior to 2018 to upgrade their qualification for the GDPR era.

"I'm delighted to have passed the GDPR Conversion Programme Examination. The Programme was both enjoyable and challenging, providing an in depth look at the changes GDPR brings and how to apply these in practice.  I am now confident that my knowledge of Data Protection Law remains up to date and comfortable that I can apply the new regulations in practice in my day to day role."
Find out more >
   


Qualify as a GDPR Data Protection Practitioner

Flexible training options allow you to train alongside other commitmentsMore information >  
"The course content was informative and well presented, with very knowledgeable trainers. The exam was challenging, so I feel a real sense of achievement in having gained this qualification."   Caroline Chalk
Head External Information Services
Civil Aviation Authority
"I found the course to be thoroughly enjoyable and enlightening in a number of areas. I have managed to apply the knowledge gained through the course already in my day to day role."
Brendan Byrne
Senior Managing Consultant Security & Privacy
IBM
"The qualification strikes the right balance of interpreting important and complicated legislation and imparting this to students with a well structured course, underpinned with simple to understand information and then a vigorous examination. Organisations should feel assured by any of its staff undertaking and passing this qualification that their information is being managed and shared securely."
Kim Bellis
Records Service Manager
Royal Cornwall Hospitals NHS Trust
"I am very pleased to have followed the Practitioner Certificate in Data Protection course and passed the examination. This will be of great benefit to my employer, as it demonstrates the value we place on this complex area of ethics and compliance."
Alan White
Data Protection Manager
Pitney Bowes
"The course which was delivered by experts in the field of Privacy and Data Protection Law was very enjoyable and engaging. The examination was based on applying legislation and knowledge to practical cases rather than a test of how much information you could remember. I am delighted that I passed the exam and to have a qualification that is very much respected, as well as letters after my name! I recommend both the course and the examination for anyone wanting to increase their knowledge of Data Protection Law."
Bleneta Carr
Investigator
Pearson Education
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the impending new Regulation."
Joanne Maurizi
Assistant Manager
mutualone
"Synectics Solutions recognises that compliance with data protection regulation is critical to all organisations that handle personal information. It has never had a greater focus than at the present time. Having looked at the training and professional qualifications available, we concluded that the PDP certification was the most appropriate for our business. The course was delivered by legal experts in the field. They were able to bring the events to life with real-life scenarios and case studies."
Steve Sands
Head of Security
Synectics Solutions
 
PDP, Canterbury Court, Kennington Park, London, SW9 6DE, United Kingdom
 
 
 

Contact IHRIM

Office open Monday to Friday
9AM to 2PM

Connect with IHRIM

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our privacy policy.

  I accept cookies from this site.
EU Cookie Directive Module Information