PDP - Compliance News Updates - 4 September 2018

Data protection is one of unresolved issues in Brexit
PDP header graphic
  Issue: 04.09.2018

Data protection is one of unresolved issues in Brexit
UK Brexit Secretary Dominic Raab has said he is "stubbornly optimistic" about securing a deal after his latest talks with Micheal Barnier in Brussels. It is understood that unresolved issues include data protection, intellectual property, the role of the European Court of Justice and the crucial issue of the Irish border. On the EU's side, Michel Barnier said he needed detail from the UK on its plan to avoid a hard border in Ireland - he told journalists that remaining "bones of contention" between the two sides were being steadily eliminated with particular progress on issues of security, judicial and defence co-operation. The UK is due to leave the EU on 29th March 2019.  

Apple to require all apps to have a privacy policy

Apple is cracking down on apps that don't communicate to users how their personal data are used, secured or shared. In an announcement posted to developers, Apple says that all apps, including those still in testing, will be required to have a privacy policy as of 3rd October 2018. Apple's new requirement provides the company with a layer of protection from falling afoul of the GDPR - any app that doesn't comply going forward may be held accountable by way of its own privacy policy.          

Campaigners call for immigration exemption in UK's Data Protection Act to be scrapped

Campaign groups have launched a legal challenge against an exemption in the UK's Data Protection Act that could prevent citizens from gaining access to immigration data held on them. The Open Rights Group and EU citizens' group, the 3million, have argued that, as it stands, many people would not be able to access data that the Home Office holds on them - information which is often crucial when applying for a new immigration status. The specific issue is with an exemption for immigration (schedule 2, part 1, paragraph 4), which removes some data rights if those data are processed for the "maintenance of effective immigration control". That includes the right to access data, to restrict processing, to object to processing and the right to erasure. As well as arguing that "immigration control" has been poorly defined in the Act, the groups have claimed that the exemption creates an imbalance in different groups' data rights. The judicial review seeks to have this exemption removed from the Act on the grounds that it is incompatible with the GDPR and the EU Charter of Fundamental Rights.              

Web browser will no longer allow third parties to track users' behaviour

Mozilla has announced that the latest version of its Firefox browser will no longer allow third parties to track users' online behaviour by default. In addition to giving users the ability to choose whether they can be tracked by third parties at the start, the tech company is also aiming to fight against "fingerprinting," which gives companies the ability to identify settings on devices without users' knowledge. "This is about more than protecting users - it's about giving them a voice. Some sites will continue to want user data in exchange for content, but now they will have to ask for it, a positive change for people who up until now had no idea of the value exchange they were asked to make," Mozilla stated in a blog post.       

Singapore Commission issues guidance on data protection law

The Personal Data Protection Commission in Singapore has issued advisory guidelines on the National Registration Identity Card following the close of a public consultation. According to the guidance, organisations can collect, use or disclose NRIC numbers or copies of the NRIC only under certain specific circumstances. One situation is if they are required by the law or it is deemed necessary to accurately verify an individual's identity to a "high degree of fidelity". Another situation is when failing to provide NRIC details could pose a significant safety or security risk, or may pose a risk of significant impact or harm to an individual and the organisation. Organisations should be able to justify why they are collecting NRIC numbers when asked by individuals or the regulator. "The NRIC number is a permanent and irreplaceable identifier which can be used to unlock large amounts of information relating to an individual," the PDPC reasoned.       
More in depth data protection news and articles... 

PDP Journals logo
Privacy & Data Protection journal
Privacy & Data Protection Journal 

Subscribe to two or more titles at the same time and receive a 15% discount off the cheapest journal.

17th Annual Data Protection Conference (GDPR)

17th Annual Conference

11th & 12th October 2018 - London, UK 
** London's leading two-day GDPR Conference **  

James Dipple Johnstone
How the ICO will exercise its New Powers
James Dipple-Johnstone  
Deputy Commissioner (Operations) 
Infomation Commissioner's Office (ICO)
  This year, the conference is dedicated to reviewing the practical implications of the GDPR, and to help organisations ensure they are compliant.
16th Annual Data Protection Compliance Conference

* Speaker Highlight * 

Estelle Dehon The New Transparency Obligations 
Estelle Dehon - Cornerstone Barristers
The GDPR mandates 'transparency' as a new requirement of data protection. But what exactly does it mean to be transparent, and what must organisations now do that they were not doing before? This talk provides a practical guide to transparency, and includes key takeaways from the Article 29 Working Party's recently updated guidance.

For more information and to book your place:

PDP Training logo

Our professional and practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance. Courses run throughout the year around the United Kingdom.
Here is a selection of courses taking place shortly:
Nick Williams_ Leadership Coach
Nick Williams Leadership Coach
When implementing legal compliance measures, organisations can sometimes forget that the exercise is as much about working effectively with other people as it is about implementing a set of procedures. Investing in the leadership skills of those who will be implementing compliance measures can dramatically increase the effectiveness of programmes as well as the buy-in of key staff members.Having other staff members working with compliance personnel and supporting their goals is partly about promoting messages effectively throughout the organisation, partly about incubating champions in other departments and partly about inspiring others to see the benefit of making changes to the way that things have traditionally been done.This highly interactive session on leadership skills provides compliance professionals with the skills that they need to become more effective in carrying forward compliance objectives, including:
  • understanding the aspects of your messages that will engage and inspire others
  • learning how to effectively communicate goals, and to instil in others a desire to assist you on implementing them
  • developing, communicating and cascading knowledge of your compliance aspirations for the organisation
  • developing effective relationships with key staff members
  • influencing others with integrity
  • developing a rollout plan.
Upcoming date for this training course is:
  • London      Thursday, 4th October 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue
Keith Read, Compliance Expert
Keith Read
The UK Modern Slavery Act became law in March 2015 and has now become a very high profile issue for organisations, not least due to the recent £40M government boost to battle against modern slavery in the UK.The legislation includes several new obligations, including a requirement on organisations with a turnover of £36M or more to prepare an annual slavery and human trafficking statement. As part of their modern slavery strategy, organisations are likely to need to appoint someone senior to be responsible for compliance, as the Act has numerous repercussions and involves risk assessments, due diligence and the introduction of new policies and training practices. Modern slavery may be unfamiliar territory to many organisations.This one-day training course provides a thorough foundation in practical modern slavery, covering all the critical areas. MoreDelegates have the opportunity to work through a number of practical case examples and a major case study drawn from industry-specific scenarios, supported by relevant internationally-published Whitepapers produced by the course Trainer. The course is highly interactive, with plenty of opportunity for questions.  The next available date for this course is:
  • London     Thursday, 27th September 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
Damien Welfare_ Cornerstonoe Barristers
Damien Welfare
Cornerstone Barristers
The Data Protection Act 2018 makes key changes to data protection law in the United Kingdom. It supplements the GDPR, and the two have to be read together to have a complete picture of the UK position. It adds to the "lawful bases" on which special category data may be processed, sets out the extensive exemptions to the GDPR which apply in the UK, defines the scope of much processing in the public sector, and applies rules based on those in the GDPR to processing for activities which fall outside EU competence. This course focuses on assisting those working in mainstream data protection compliance (in both the private and public sectors) to understand the DPA 2018's implications from a practical perspective, including:
  • modifications to key definitions contained in the GDPR, and their significance
  • the lawful bases  for processing special category personal data in the UK - when and how they will apply, and how controllers can take advantage of them
  • exemptions from the GDPR in the UK
  • the age of consent of children to processing for internet society services
  • how provisions based on the GDPR are applied by the Act to activities outside EU competence
  • the conditions for processing personal data on criminal matters
  • modifications to the rights of individuals
  • public interest processing - scope and applicability
  • restrictions on the applicability of certain aspects of the GDPR in the UK
  • enhanced powers of the Information Commissioner, including entry and inspection, and the new enforcement regime
It is recommended that delegates attending this session have at least a basic knowledge of current data protection legal requirements under the GDPR. Delegates with no existing knowledge may find it helpful to attend Data Protection Essential Knowledge Level 1 before attending this training course.The course is next taking place on the following dates (further dates are available online):
  • London           Monday, 1st October 2018
  • Manchester    Monday, 12th November 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

Final few places remaining for October 2018
PC.dp Residential Programme The residential option on the Practitioner Certificate in Data Protection Programme (GDPR) provides candidates with the opportunity to study the Programme intensively on four consecutive days (rather than five for the Standard Programme)

Find out more >

Practitioner Certificate in Data Protection - GDPR Conversion Programme
Upcoming intensive training weeks in Bristol, Edinburgh and Manchester 
Ensure you are have the knowledge to practically implement the GDPR in your organisation.  
The Practitioner Certificate in Data Protection is the practical qualification which can be taken either on an intensive, flexible or distance-learning basis.
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the new Regulation." 
Joanne Maurizi 
Find out more >

Next training session taking place in London in October 2018
Leadership Skills for Compliance Professionals 
This highly interactive session on leadership skills provides compliance professionals with the skills that they need to become more effective in carrying forward compliance objectives  

"By far the most practical resource available to help understand the complexities of the GDPR..."
A Practical Guide to UK and EU Law  

This book is an invaluable practical resource for organisations in meeting the requirements of the GDPR.
Find out more & Order your copy here >

Qualify as a GDPR Data Protection Practitioner

Flexible training options allow you to train alongside other commitmentsMore information >  
"The course content was informative and well presented, with very knowledgeable trainers. The exam was challenging, so I feel a real sense of achievement in having gained this qualification."   Caroline Chalk
Head External Information Services
Civil Aviation Authority
"I found the course to be thoroughly enjoyable and enlightening in a number of areas. I have managed to apply the knowledge gained through the course already in my day to day role."
Brendan Byrne
Senior Managing Consultant Security & Privacy
"The qualification strikes the right balance of interpreting important and complicated legislation and imparting this to students with a well structured course, underpinned with simple to understand information and then a vigorous examination. Organisations should feel assured by any of its staff undertaking and passing this qualification that their information is being managed and shared securely."
Kim Bellis
Records Service Manager
Royal Cornwall Hospitals NHS Trust
"I am very pleased to have followed the Practitioner Certificate in Data Protection course and passed the examination. This will be of great benefit to my employer, as it demonstrates the value we place on this complex area of ethics and compliance."
Alan White
Data Protection Manager
Pitney Bowes
"The course which was delivered by experts in the field of Privacy and Data Protection Law was very enjoyable and engaging. The examination was based on applying legislation and knowledge to practical cases rather than a test of how much information you could remember. I am delighted that I passed the exam and to have a qualification that is very much respected, as well as letters after my name! I recommend both the course and the examination for anyone wanting to increase their knowledge of Data Protection Law."
Bleneta Carr
Pearson Education
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the impending new Regulation."
Joanne Maurizi
Assistant Manager
"Synectics Solutions recognises that compliance with data protection regulation is critical to all organisations that handle personal information. It has never had a greater focus than at the present time. Having looked at the training and professional qualifications available, we concluded that the PDP certification was the most appropriate for our business. The course was delivered by legal experts in the field. They were able to bring the events to life with real-life scenarios and case studies."
Steve Sands
Head of Security
Synectics Solutions
PDP, Canterbury Court, Kennington Park, London, SW9 6DE, United Kingdom