PDP - Compliance News Updates - 14 July 2020


Compliance News from PDP


Issue: 14.07.2020

Latest News

UK regulator publishes guidance to businesses collecting personal data for contact tracing

The ICO has published advice for businesses tasked with helping the government Test and Trace for COVID-19 as they reopen workplaces. Deputy Chief Executive at the ICO Paul Arnold said: “We appreciate the challenge that many businesses face in introducing unfamiliar arrangements at speed. Our focus is on supporting and enabling them to handle people's data responsibly from the outset and, while we will act where we find serious, systemic or negligent behaviour, our aim is to help the thousands of businesses that are doing their best to do the right thing.” The guidance offers five simple steps: ask for what is needed, be transparent, carefully store data, don’t use them for other purposes, and erase them in line with guidelines. Robert Bond is speaking on ‘Covid-19 and data protection’ at the 19th Annual Data Protection Conference, taking place on 8th & 9th October 2020.

Australian and UK regulators open joint investigation into Clearview AI

The Office of the Australian Information Commissioner and the ICO have opened a joint investigation into the personal information handling practices of Clearview AI, focusing on the company’s use of ‘scraped’ data and biometrics of individuals. The joint investigation is being conducted under the Global Privacy Assembly’s Global Cross Border Enforcement Cooperation Arrangement and the Memorandum of Understanding between the OAIC and the ICO. The regulators say that they will engage with Supervisory Authorities who have raised similar concerns.

EDPS says 5 page DPIAs won’t suffice

The European Data Protection Supervisor has published a report on the use of data protection impact assessments (DPIAs) within EU institutions. The report, based on replies by 39 EU institutions, bodies and agencies, appears to be the first comparative study of various DPIAs (17 in total were reviewed) and of the reasons for carrying out or not carrying out a DPIA. Among the notable findings, the EPDS states in its report that "given the comprehensive analysis and the weighing of different risks needed to produce a meaningful DPIA, a five page solution would at any rate seem to be less than required". Legal experts at International law firm NautaDutilh disagree, saying: “A well thought-out 4-page DPIA is not necessarily worse than a hastily assembled 20-page DPIA – instead, the focus should lie on whether the assessment was given the necessary attention.”

Belgian SA fines unnamed company

The Belgian Data Protection Authority has fined a company for unlawfully sending repeated marketing communications to an individual, breaching several of his data subject rights. The company, whose request for anonymity was granted by the regulator, breached GDPR principles of fairness, data minimisation and accuracy, transparency, and access rights. It also failed to take sufficient technical and organisational measures. According to the Belgian regulator, the fine is fairly low in comparison with the annual turnover of the company.

Microsoft and Zoom join Hong Kong data 'pause'

Microsoft and Zoom have said they will not process data requests made by the Hong Kong authorities while they take stock of a new security law. China passed the law on 30th June, criminalising acts that support independence and making it easier to punish protesters. The companies follow Facebook, Google, Twitter and the chat app Telegram, which had already announced similar pauses in compliance.

19th Annual Data Protection Compliance Conference

8th & 9th October 2020 - Central London, UK

This year, the conference is dedicated to examining the developments in data protection; the continued practical implications for organisations of complying with the GDPR, as well as what could be next for organisations a post-COVID/Brexit era

Conference Chair

Bridget Treacy,


Hunton Andrews Kurth

Bridget Treacy leads the UK Privacy and Cybersecurity practice at Hunton Andrews Kurth LLP... Read more

Bridget Treacy

Find out more

For more information and to book your place:

  • Visit PDP Conferences
  • Send us an This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Telephone +44 (0)207 014 3399

Book your place here >

PDP Training logo

Classroom & eLearning

Training Courses

Our dedicated eLearning platform

A range of training courses can now be undertaken from your home or office.

PDP's dedicated eLearning platform provides ‘on demand’ access to courses, allowing you study as and when is suitable for you – 24/7.

Utilising videos, supplementary documentation and multiple-choice self-assessment questions (so that you can test your understanding as you progress through the materials), our Expert Trainers bring their highly practical knowledge and expertise to each of the eLearning courses.

On completion of your training, you can print your own completion certificate.

Discounts are available for multiple users and group licenses.


Find out more about eLearning Solutions >

Classroom-based Training

Our highly-practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance to better assist them in their daily roles.

Classroom-based Training Courses run throughout the year in cities around the United Kingdom.

* Featured Training Courses*

The Role of the Data Protection Officer

(available on an eLearning and Classroom basis)

Role of the Data Protection Officer

The role and functions of the Data Protection Officer are wide-ranging, from handling information access requests to liaising with senior management on compliance strategies, from devising plans for training staff members to conducting gap analysis, and from handling complaints from customers and employees to dealing with investigations by data protection regulators.

The day-to-day work of the DPO is critical to the smooth running of organisations and to establishing and maintaining effective and productive relationships with the organisation’s customers, staff members and other relevant individuals. DPOs play a central role in ensuring that the organisation meets its data protection responsibilities and in avoiding unwanted attention from regulators.

This course analyses the role and duties of the DPO in a practical context and provides delegates with the information that they need to become more effective and efficient.

Available to start immediately 'on-demand' via eLearning. Alternatively, Classroom sessions are scheduled to run in the autumn.

Find out more about this course >

Data Protection Essential Knowledge - Level 1

(available on an eLearning and Classroom basis)

Data Sharing in the Public Sector training session - London

This course is an introductory level course for all those that are new to data protection, or those that require a refresher on the fundamental concepts. It is designed for people who work with, or will work with, data protection issues on a regular basis.

This invaluable and practical training session, which is fully up to date with the requirements of the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the likely implications of Brexit (during the UK's transition period and beyond), examines core concepts of practical data protection compliance.

Attendance at the Classroom version of this course can be used as a credit towards gaining the Practitioner Certificate in Data Protection

Available to start immediately 'on-demand' via eLearning. Alternatively, Classroom sessions are scheduled to run in the autumn.

Find out more about this course >

Data Protection Essential Knowledge - Level 2

(available on an eLearning and Classroom basis)

Targeted Online Advertising

The Level 1 and Level 2 courses taken together constitute a complete training package on the fundamentals of data protection. This session provides a thorough grounding in the important aspects of data protection practice.

This session is fully up to date with the requirements of the GDPR, the Data Protection Act 2018 as well as the likely implications of Brexit. The course provides a thorough grounding in the following important aspects of data protection practice:

  • transferring data to third parties - the legal requirements for transferring data between organisations
  • data retention - the restrictions on keeping data, and how to establish a retention schedule
  • the main exemptions, including 'crime and tax' and 'disclosures required by law'
  • the role and powers of the data protection regulator, including the circumstances where fines can be imposed
  • an introduction to when it will be necessary to carry out a Data Protection Impact Assessment

Attendance at the Classroom version of this course can be used as a credit towards gaining the Practitioner Certificate in Data Protection

Available to start immediately 'on-demand' via eLearning. Alternatively, Classroom sessions are scheduled to run in the autumn.

Find out more about this course >

How to Conduct a Data Protection Audit

(available on an eLearning and Classroom basis)

How to Conduct a Data Protection Audit

Data protection compliance audits, or reviews, are invaluable for organisations in assessing their current state of data protection compliance.

The Information Commissioner’s Office (ICO) has recommended that regular compliance reviews are undertaken as part of ongoing internal management of data protection.

This course offers practical guidance on conducting data protection audits/reviews

  • the purpose of data protection audits/reviews
  • deciding what to review: how to identify the areas that are relevant
  • undertaking the audit: guidance on the practical methodology as well as how, what and who to ask in relevant staff interviews
  • determining whether audited processes meet both data protection requirements and internal policies/procedures
  • what to look for when auditing arrangements with third party suppliers
  • how to report the results of an audit and how to recommend any remedial action that is needed
  • the ICO’s recommendations for conducting audits

Available to start immediately 'on-demand' via eLearning. Alternatively, Classroom sessions are scheduled to run in the autumn.

Find out more about this course >

Distance Learning Programme

Practitioner Certificate in

Data Protection

(eLearning Programme)

Qualify as a Data Protection Practitioner from the comfort of your own home

"The Distance Learning Programme is excellent. In terms of motivation to study, I found this relatively easy to do."

Andrew Lanigan


Find out more >

Handling Access Requests

Handling Subject Access Requests (eLearning)

This 'on demand' course, comprising of videos, written materials and self-assessment questions, gives delegates the information they need to set up an effective SAR handling process in their organisation, and looks at how to avoid the common pitfalls that arise

“I enjoyed the eLearning version of this course. The mixture of video and written materials kept me engaged.”

Melissa Adjorlolo

BBC Legal

Find out more >

Job Opportunity


Governance & Compliance Officer (12 month fixed-term)

Salary: £31,483 - £36,920

Location: Merseyside, UK

The successful candidate will be responsible for supporting the Head of Corporate Governance (also Data Protection Officer) in leading the development and management of the governance arrangements for ONR, and delivering data protection compliance.

Closing date:

26th July 2020

Find out more

UK's leading Data Protection Book - New Edition


Data Protection: A Practical Guide to UK Law (2020)




Pre-order - Data Protection - A practical guide to UK Law

Find out more >

Privacy & Data Protection Journal

Latest edition of Privacy & Data Protection Journal

The Journal is an invaluable source of news, practical articles and expert guidance for professionals in the fields of data protection and information security.

The Editorial Board comprises the world's leading experts in field of data protection and data privacy.

Digital subscriptions also available

Find out more >

PCDP Distance Learning Programme


Training Courses

A range of PDP's leading training courses can be undertaken on an eLearning basis, including:

Accountability - Achieving Compliance

Conducting Data Protection Impact Assessments

Data Protection Essential Knowledge Level 1 & 2 


Data Security 


Handling Subject Access requests

How to Conduct a Data Protection Audit


Role of the Data Protection Officer

Records Management - Level 1

Our dedicated Online eLearning Platform utilises on-demand videos, supplementary documentation and self-assessment multiple-choice questions

Find out more >

Practitioner Certificate in Data Protection

(Standard Classroom Programme)

Records Management Training

Find out more >

"The course content was informative and well presented, with very knowledgeable trainers. The exam was challenging, so I feel a real sense of achievement in having gained this qualification."

Caroline Chalk

Civil Aviation Authority

"I found the course to be thoroughly enjoyable and enlightening in a number of areas. I have managed to apply the knowledge gained through the course already in my day to day role."

Brendan Byrne


"The qualification strikes the right balance of interpreting important and complicated legislation and imparting this to students with a well structured course, underpinned with simple to understand information and then a vigorous examination. Organisations should feel assured by any of its staff undertaking and passing this qualification that their information is being managed and shared securely."

Kim Bellis

Royal Cornwall Hospitals NHS Trust

"I am very pleased to have followed the Practitioner Certificate in Data Protection course and passed the examination. This will be of great benefit to my employer, as it demonstrates the value we place on this complex area of ethics and compliance."

Alan White

Pitney Bowes

"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the impending new Regulation."

Joanne Maurizi


"Attaining the Practitioner Certificate in Data Protection evidences that I have the in-depth knowledge and understanding of data protection issues required to ensure our firm remains compliant with the requirements of the legislation. The intensive 5 day course delivered by data protection experts was extremely informative, and provided me with essential technical background and practical work based scenarios before undertaking the exam."

Helen Hassen

Brewin Dolphin

"Synectics Solutions recognises that compliance with data protection regulation is critical to all organisations that handle personal information. It has never had a greater focus than at the present time. Having looked at the training and professional qualifications available, we concluded that the PDP certification was the most appropriate for our business. The course was delivered by legal experts in the field. They were able to bring the events to life with real-life scenarios and case studies."

Steve Sands

Head of Security

Synectics Solutions