Category Archives: 2017

The UK Data Protection Bill [HL]

The published Bill- 218 pages. Will review the Bill soon…

data breach reporting – 5th, 6th, 7th & 8th busting myths from the ICO

What is ‘high risk’ in the context of data breach reporting or notification under the GDPR? According to the ICO’s website on breach notification: When do individuals have to be notified? Where a breach is likely to result in a high risk to the rights and freedoms of individuals, you must notify those concerned directly. [...]

UK Data Protection Bill

The Data Protection Bill (HL Bill 66) was introduced into the House of Lords on 13 September 2017. The published Bill. The press release from the Department for Digital, Culture, Media & Sport. The Bill implements the EU General Data Protection Regulation (GDPR) and will replace the Data Protection Act 1998.

4th busting myths from the ICO

Here’s the 4th myths from the ICO. Myth #4 GDPR is an unnecessary burden on organisations. Fact The new regime is an evolution in data protection, not a revolution. Read the ICO blog on GDPR is an evolution in data protection, not a burdensome revolution

Consent for GDPR compliance?

2nd and 3rd busting myths from the ICO Myth #2 You must have consent if you want to process personal data. Fact: The GDPR is raising the bar to a higher standard for consent. Myth #3 I can’t start planning for new consent rules until the ICO’s formal guidance is published. Fact: I know many [...]

Busting Myths & Fake (GDPR & data protection & privacy) news – from ICO

Keeping up with ICO’s activities over the coming weeks, months & years! Shattering the myths about #GDPR – Read the first in a new series of ICO blogs, this one about fines scaremongering — ICO (@ICOnews) August 9, 2017

UK DP Bill – GDPR into UK

Today's highlight -just catching up #DPBill UK's #GDPR Planned Reforms at — cher devey (@datachainrisk) August 7, 2017

GDPR fines

I’ve posted some GDPR stuff on My high-level map of GDPR fines (pdf) Although my PhD research is not on GDPR fines, the outcome from my research should help organisations to be better prepared to respond to data breach incidents. Not notifying affected data subjects when ordered by the data authority (ICO) fall under [...]

Article 29 Working Party newsroom

EU’s newsroom site where various info on & from the Article 20 Working Party. Currently, the guidelines: Guidelines on the right to “data portability”, wp242rev.01 pdf Guidelines on Data Protection Officers (‘DPOs’), wp243rev.01 pdf Guidelines on The Lead Supervisory Authority, wp244rev.01 pdf Guidelines on Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA), wp248_enpdf [...]

EU – Infographics on Data Protection (GDPR)

Warning – the infographics – not to be treated as ‘legal’ text.