PDP - Compliance News Updates - 2 June 2020

Compliance News from PDP

Your weekly news update has a new look... we hope you like it.

Issue: 02.06.2020

Latest News

Test and Trace has not passed DPIA in UK

Public Health England did not complete a Data Protection Impact Assessment prior to launching the Covid-19 coronavirus Test and Trace programme on 28th May 2020, it has emerged. The programme, which went live on 28th May without the benefit of its accompanying contact-tracing app, helps track down and isolate the contacts of anybody who tests positive for Covid-19. Recipients of positive test results will be required to share information on their recent contacts (members of their own household and others they have been in direct contact with or within two metres of for over 15 minutes) who must then self-isolate for a fortnight. The data collected include names, gender, dates of birth, home postcodes, telephone numbers and email addresses. Public Health England will retain the data it collects via the programme for 20 years. Labour MP Ben Bradshaw accused the government of launching Test and Trace before it was ready in order to divert attention away from the Dominic Cummings scandal.

Federal Court in Germany rules on obligation to obtain cookie consent

The long-awaited decision of the German Federal Court on the requirements that must be met in order to obtain valid cookie consent has now been issued. The Court held that using cookies for marketing or market intelligence purposes generally requires user consent; that this applies irrespective of whether cookies collect personal data or not; and that consent must be given through active confirmation by the user. Further, the Court ruled that pre-checked checkboxes do not suffice either under the German Tele Media Act or the GDPR; and to satisfy the requirement of an informed consent, information must be detailed but not excessive, as overwhelming amounts of information prevent that users effectively take not of the information they are provided with.

Finland SA issues first fines

The Supervisory Authority in Finland has issued its first fines against three Finnish companies for their infringements of data protection laws. The infringements concerned inadequate informing of data subjects (100,000 euros), failure to carry out a Data Protection Impact Assessment (16,000 euros) and the collection of unnecessary personal data (12,500 euros). The decisions are not legally binding yet, and the companies may appeal against the decisions to an administrative court. The SA said that more administrative fines will follow in the upcoming weeks.

Conducting Data Protection Audits - eLearning

PDP is pleased to announce that the training course How to Conduct a Data Protection Audit is now available to study from home by way of eLearning. All PDP's eLearning courses feature video presentations, written materials and self-assessment multiple-choice questions. A full list of available eLearning training courses can be viewed here.

Telco discloses data breach

Nippon Telegraph & Telephone, the 64th biggest company in the world according to the Fortune 500 list, has disclosed a security breach. NTT says hackers gained access to its internal network and stole information on 621 customers from its communications subsidiary, NTT Communications, the largest telecommunications company in Japan, and one of the biggest worldwide. The hack took place on 7th May, and NTT says it became of the intrusion four days later, on 11th May. NTT says it took down the hacked systems as soon as it learned of the incident. The company is still investigating the breach, but says it plans to notify all customers "when it becomes clear what should be notified."

Working from Home – Advice for Controllers

In his recent article, ‘Working from Home – dos and don’ts for controllers’, Robert Bond of Bristows reminds organisations of several aspects of data protection compliance that they may be overlooking in the Covid-era. One piece of advice is to revisit the organisation’s privacy policy, which may need updating to cover new processing activities, to deal with any sharing of personal data, and to provide updated information on how individuals should go about exercising their data subject rights. Robert also stresses the need for relevant staff training on data security issues while they are working remotely, as well as specifying a list of security considerations including instigating data tracking and deletion procedures, moving to two-factor authentication and producing guidance on the increased risks associated with home working. The full article is published in the June edition of Privacy & Data Protection.

19th Annual Data Protection Compliance Conference

8th & 9th October 2020 - Central London, UK

This year, the conference is dedicated to examining the developments in data protection; the continued practical implications for organisations of complying with the GDPR, as well as what could be next for organisations a post-COVID/Brexit era

Conference Chair

Bridget Treacy,

Partner,

Hunton Andrews Kurth

Bridget Treacy leads the UK Privacy and Cybersecurity practice at Hunton Andrews Kurth LLP... Read more

Bridget Treacy

Workshop Hightlight

Workshop D.  Regulating the Robots: the Emergence of AI Regulation

Dan Whitehead - Senior Associate, Hogan Lovells

This Workshop looks at key issues that organisations should be considering when starting to formulate AI solutions, both from a privacy perspective and wider regulatory context, including:

·     the requirements for fair processing and how AI might be impacted

·     adequate protection of personal data while using AI-enabled products and services

·     the impact of the EU’s impending regulation of AI

·     implications of the ICO’s AI Auditing Framework and its ‘Explain AI’ guidance

Dan Whitehead

Find out more

For more information and to book your place:

·     Visit PDP Conferences

·     Send us an This email address is being protected from spambots. You need JavaScript enabled to view it.

·     Telephone +44 (0)207 014 3399

Book your place here >

PDP Training logo

Classroom & eLearning

Training Courses

Our dedicated eLearning platform

A range of training courses can now be undertaken from home on a self-study basis.

Through the use of PDP's dedicated eLearning platform, a range of our leading Training courses can be undertaken remotely at a pace to suit you.

Utilising videos, supplementary documentation and self-assessment questions, our Expert Trainers bring their highly practical knowledge and expertise to each of their eLearning courses.

On completion of your training, you can print your certificate at home.

Discounts for multiple users and group licenses available

eLearning-graphic

Find out more about eLearning Solutions >

Classroom-based Training

Our highly-practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance to better assist them in their daily roles.

Classroom-based Training Courses run throughout the year in cities around the United Kingdom.

**This week's Featured

Training Courses**

Data Protection Essential Knowledge - Level 1

 

(available on an eLearning and Classroom basis)

This course is an introductory level course for all those that are new to data protection, or those that require a refresher on the fundamental concepts. It is designed for people who work with, or will work with, data protection issues on a regular basis.

This invaluable and practical training session, which is fully up to date with the requirements of the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the likely implications of Brexit (during the UK's transition period and beyond), examines core concepts of practical data protection compliance.

Attendance at the Classroom version of this course can be used as a credit towards gaining the Practitioner Certificate in Data Protection

The next Classroom sessions are taking place on the following dates (further dates outlined online):

·     Belfast      Monday, 14th September 2020

·     London     Monday, 21st September 2020

·     Bristol       Monday, 28th September 2020 

Data Sharing in the Public Sector training session - London

Find out more about this course >

Data Protection Essential Knowledge - Level 2

 

(available on an eLearning and Classroom basis)

Targeted Online Advertising

The Level 1 and Level 2 courses taken together constitute a complete training package on the fundamentals of data protection. This session provides a thorough grounding in the important aspects of data protection practice.

This session is fully up to date with the requirements of the GDPR, the Data Protection Act 2018 as well as the likely implications of Brexit. The course provides a thorough grounding in the following important aspects of data protection practice:

·     transferring data to third parties - the legal requirements for transferring data between organisations

·     data retention - the restrictions on keeping data, and how to establish a retention schedule

·     the main exemptions, including 'crime and tax' and 'disclosures required by law'

·     the role and powers of the data protection regulator, including the circumstances where fines can be imposed

·     an introduction to when it will be necessary to carry out a Data Protection Impact Assessment

Attendance at the Classroom version of this course can be used as a credit towards gaining the Practitioner Certificate in Data Protection

The next trainer-led sessions are taking place on the following dates (further dates outlined online):

·     Belfast       Tuesday, 15th September 2020

·     London       Tuesday, 22nd September 2020

·     Bristol       Tuesday, 29th September 2020

Find out more about this course >

eLearning courses

Role of the Data Protection Officer (eLearning)

This online 'self-study' course analyses the role and duties of the DPO in a practical context and provides delegates with the information that they need to become more effective and efficient.

Classroom version of this course is also available

Find out more >

eLearning - Practitioner Certificate in Data Protection

Practitioner Certificate in

Data Protection

(eLearning Programme)

"I found the online qualification suited my learning style and particularly liked the ability to work at my own speed."

Nicola Young

University of Portsmouth

Find out more >

PDP Conferences

19th Annual Data Protection Compliance Conference

(Social-distancing measures will be implemented if necessary)

8th & 9th October 2020

This year, the conference is dedicated to examining the developments in data protection; the continued practical implications for organisations of complying with the GDPR, as well as what could be next for organisations (in a post-COVID / Brexit era)

Find out more >

Privacy & Data Protection Journal

Latest edition of Privacy & Data Protection Journal

The Journal is an invaluable source of news, practical articles and expert guidance for professionals in the fields of data protection and information security.

The Editorial Board comprises the world's leading experts in field of data protection and data privacy.

Digital subscriptions also available

Find out more >

PCDP Distance Learning Programme

eLearning

Training Courses

A range of PDP's leading training courses can be undertaken on an eLearning basis, including:

Data Protection Essential Knowledge Level 1 & 2 

 

Data Security 

 

Handling Subject Access requests

How to Conduct a Data Protection Audit

 

Role of the Data Protection Officer

Our dedicated Online eLearning Platform aids learning utilising videos, supplementary documentation and self-assessment questions

Find out more >

Practitioner Certificate in Data Protection

(Standard/Classroom Programme)

Records Management Training

Find out more >