Category: Company Update

DATE November 25, 2020 1:23 pm POSTED BY CATEGORY Blog

A Look Back At The Past 100 Days In The Land Of Data Protection

Way back in September the ICO issued its Accountability Framework and the age-appropriate design code of conduct took effect giving operators of information society services until September 2nd 2021 to ensure that their services complied with the 15 principles.  The Accountability Framework.  The ICO’s Regulatory Action Policy was published setting...
View Article »
DATE November 24, 2020 11:53 am POSTED BY CATEGORY Blog

The Evolution of SARs

It’s funny how you remember the first Subject Access Request you ever worked on.  It’s like a rite of passage that leaves an indelible mark.  The first SAR in question was the first in a spate of inbound SARs back in 2007 when the Outsourced DPO was the outsourced DPO...
View Article »
DATE November 20, 2020 11:03 am POSTED BY CATEGORY Blog

Data Protection Post Brexit

The decision to leave the EU is causing a period of profound change and uncertainty for British businesses, as we near the end of the transition period, and many things remain unclear in the world of data protection. Next week DPPs consulting team will unpick the complex issues during a...
View Article »
DATE November 17, 2020 9:05 am POSTED BY CATEGORY Blog

The ICO’s monetary penalty notice issued to Ticketmaster

The ICO’s monetary penalty notice issued to Ticketmaster makes interesting if not worrying reading.  LOTS of buck passing preceded and arguably slowed identification of the compromise.  Indeed, a customer notified Ticketmaster via Twitter about the vulnerability 6 or 7 weeks before Ticketmaster and their incident response team identified it. It...
View Article »
DATE November 16, 2020 11:05 am POSTED BY CATEGORY Blog

Data Processor Agreements Post Brexit

The Outsourced DPO picked up an inbound support ticket this morning querying whether a data processor agreement was still relevant or required amending in light of Brexit and Schrems 2. The processor agreement in question was that issued by the Danish Data Protection Authority, Datatilsysnet which has taken some flak...
View Article »
DATE November 10, 2020 12:34 pm POSTED BY CATEGORY Blog

Outsourced DPO – ignore the ICO at your peril

Studios MG, a small software development company was issued with a monetary penalty notice in the sum of £40,000 last month for sending unsolicited direct marketing materials by email with out consent.  Reading the ICO’s report(https://ico.org.uk/media/action-weve-taken/mpns/2618388/studios-mg-limited-mpn.pdf), it seems that SMG were not readily forthcoming in engaging with the ICO during...
View Article »
DATE November 4, 2020 11:58 am POSTED BY CATEGORY Blog

The Outsourced DPO – how not to chat someone up in 2020

Yesterday, a colleague sent the Outsourced DPO this link https://metro.co.uk/2020/09/10/bar-worker-messaged-model-after-getting-number-from-test-and-trace-13250543/.  Sure it happened in September so it may already be old news.  It reminded me of a case way back in 2011 (sometimes it pays to have been working in the field of data protection for decades!) https://www.bbc.com/news/uk-scotland-edinburgh-east-fife-15885865 in which...
View Article »