|
|
Data protection is one of unresolved issues in Brexit
UK Brexit Secretary Dominic Raab has said he is "stubbornly optimistic" about securing a deal after his latest talks with Micheal Barnier in Brussels. It is understood that unresolved issues include data protection, intellectual property, the role of the European Court of Justice and the crucial issue of the Irish border. On the EU's side, Michel Barnier said he needed detail from the UK on its plan to avoid a hard border in Ireland - he told journalists that remaining "bones of contention" between the two sides were being steadily eliminated with particular progress on issues of security, judicial and defence co-operation. The UK is due to leave the EU on 29th March 2019.
|
Apple to require all apps to have a privacy policy
Apple is cracking down on apps that don't communicate to users how their personal data are used, secured or shared. In an announcement posted to developers, Apple says that all apps, including those still in testing, will be required to have a privacy policy as of 3rd October 2018. Apple's new requirement provides the company with a layer of protection from falling afoul of the GDPR - any app that doesn't comply going forward may be held accountable by way of its own privacy policy.
|
Campaigners call for immigration exemption in UK's Data Protection Act to be scrapped
Campaign groups have launched a legal challenge against an exemption in the UK's Data Protection Act that could prevent citizens from gaining access to immigration data held on them. The Open Rights Group and EU citizens' group, the 3million, have argued that, as it stands, many people would not be able to access data that the Home Office holds on them - information which is often crucial when applying for a new immigration status. The specific issue is with an exemption for immigration (schedule 2, part 1, paragraph 4), which removes some data rights if those data are processed for the "maintenance of effective immigration control". That includes the right to access data, to restrict processing, to object to processing and the right to erasure. As well as arguing that "immigration control" has been poorly defined in the Act, the groups have claimed that the exemption creates an imbalance in different groups' data rights. The judicial review seeks to have this exemption removed from the Act on the grounds that it is incompatible with the GDPR and the EU Charter of Fundamental Rights.
|
Web browser will no longer allow third parties to track users' behaviour
Mozilla has announced that the latest version of its Firefox browser will no longer allow third parties to track users' online behaviour by default. In addition to giving users the ability to choose whether they can be tracked by third parties at the start, the tech company is also aiming to fight against "fingerprinting," which gives companies the ability to identify settings on devices without users' knowledge. "This is about more than protecting users - it's about giving them a voice. Some sites will continue to want user data in exchange for content, but now they will have to ask for it, a positive change for people who up until now had no idea of the value exchange they were asked to make," Mozilla stated in a blog post.
|
Singapore Commission issues guidance on data protection law
The Personal Data Protection Commission in Singapore has issued advisory guidelines on the National Registration Identity Card following the close of a public consultation. According to the guidance, organisations can collect, use or disclose NRIC numbers or copies of the NRIC only under certain specific circumstances. One situation is if they are required by the law or it is deemed necessary to accurately verify an individual's identity to a "high degree of fidelity". Another situation is when failing to provide NRIC details could pose a significant safety or security risk, or may pose a risk of significant impact or harm to an individual and the organisation. Organisations should be able to justify why they are collecting NRIC numbers when asked by individuals or the regulator. "The NRIC number is a permanent and irreplaceable identifier which can be used to unlock large amounts of information relating to an individual," the PDPC reasoned.
|
|
|
More in depth data protection news and articles...
|
Privacy & Data Protection Journal
Subscribe to two or more titles at the same time and receive a 15% discount off the cheapest journal.
|
Keynote:
How the ICO will exercise its New Powers
James Dipple-Johnstone
Deputy Commissioner (Operations)
Infomation Commissioner's Office (ICO)
|
This year, the conference is dedicated to reviewing the practical implications of the GDPR, and to help organisations ensure they are compliant.
The New Transparency Obligations
Estelle Dehon - Cornerstone Barristers
The GDPR mandates 'transparency' as a new requirement of data protection. But what exactly does it mean to be transparent, and what must organisations now do that they were not doing before? This talk provides a practical guide to transparency, and includes key takeaways from the Article 29 Working Party's recently updated guidance.
For more information and to book your place:
|
|
Our professional and practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance. Courses run throughout the year around the United Kingdom.
Here is a selection of courses taking place shortly:
|
When implementing legal compliance measures, organisations can sometimes forget that the exercise is as much about working effectively with other people as it is about implementing a set of procedures. Investing in the leadership skills of those who will be implementing compliance measures can dramatically increase the effectiveness of programmes as well as the buy-in of key staff members.Having other staff members working with compliance personnel and supporting their goals is partly about promoting messages effectively throughout the organisation, partly about incubating champions in other departments and partly about inspiring others to see the benefit of making changes to the way that things have traditionally been done.This highly interactive session on leadership skills provides compliance professionals with the skills that they need to become more effective in carrying forward compliance objectives, including:
- understanding the aspects of your messages that will engage and inspire others
- learning how to effectively communicate goals, and to instil in others a desire to assist you on implementing them
- developing, communicating and cascading knowledge of your compliance aspirations for the organisation
- developing effective relationships with key staff members
- influencing others with integrity
- developing a rollout plan.
Upcoming date for this training course is:
- London Thursday, 4th October 2018
|
The UK Modern Slavery Act became law in March 2015 and has now become a very high profile issue for organisations, not least due to the recent £40M government boost to battle against modern slavery in the UK.The legislation includes several new obligations, including a requirement on organisations with a turnover of £36M or more to prepare an annual slavery and human trafficking statement. As part of their modern slavery strategy, organisations are likely to need to appoint someone senior to be responsible for compliance, as the Act has numerous repercussions and involves risk assessments, due diligence and the introduction of new policies and training practices. Modern slavery may be unfamiliar territory to many organisations.This one-day training course provides a thorough foundation in practical modern slavery, covering all the critical areas. MoreDelegates have the opportunity to work through a number of practical case examples and a major case study drawn from industry-specific scenarios, supported by relevant internationally-published Whitepapers produced by the course Trainer. The course is highly interactive, with plenty of opportunity for questions. The next available date for this course is:
- London Thursday, 27th September 2018
|
The Data Protection Act 2018 makes key changes to data protection law in the United Kingdom. It supplements the GDPR, and the two have to be read together to have a complete picture of the UK position. It adds to the "lawful bases" on which special category data may be processed, sets out the extensive exemptions to the GDPR which apply in the UK, defines the scope of much processing in the public sector, and applies rules based on those in the GDPR to processing for activities which fall outside EU competence. This course focuses on assisting those working in mainstream data protection compliance (in both the private and public sectors) to understand the DPA 2018's implications from a practical perspective, including:
- modifications to key definitions contained in the GDPR, and their significance
- the lawful bases for processing special category personal data in the UK - when and how they will apply, and how controllers can take advantage of them
- exemptions from the GDPR in the UK
- the age of consent of children to processing for internet society services
- how provisions based on the GDPR are applied by the Act to activities outside EU competence
- the conditions for processing personal data on criminal matters
- modifications to the rights of individuals
- public interest processing - scope and applicability
- restrictions on the applicability of certain aspects of the GDPR in the UK
- enhanced powers of the Information Commissioner, including entry and inspection, and the new enforcement regime
It is recommended that delegates attending this session have at least a basic knowledge of current data protection legal requirements under the GDPR. Delegates with no existing knowledge may find it helpful to attend Data Protection Essential Knowledge Level 1 before attending this training course.The course is next taking place on the following dates (further dates are available online):
- London Monday, 1st October 2018
- Manchester Monday, 12th November 2018
For further information and to make a booking,
- Visit PDP's website
- Telephone PDP at +44 (0)207 014 3399
- Download the PDF Training Catalogue
|
|
|
|
|
|
|