January 2019 Newsletter

January 9, 2019

 

 

2018 was a big year for data protection, with a whirlwind of legal, regulatory and industry changes being introduced. This update provides a brief reflection of the past year and a look ahead at what is coming next in 2019.

 

 

Data Protection 2018

 

On the 25th May 2018 the much anticipated Data Protection Act 2018 (DPA) came in to force and enshrined the principles of the General Data Protection Regulation (GDPR) in to law. Many businesses (despite best efforts) were unprepared for the amount of work that the accountability principle brought to their organisations. The biggest challenge that has been consistent across industries and sectors is the ability to know where their personal data is and to record that in a Record of Processing Activity (ROPA) that is meaningful, useful, and maintained. Nonetheless, businesses are getting there, and DPAS has seen an increase in quality of ROPA and an understanding of how these documents can be used to create efficiencies for organisations in a data centric world.

 

 

 

Brexit

 

As 29th March 2019 draws ever closer, there is an increasing likelihood that the UK will leave with 'no deal' or without being deemed an 'adequate country' in terms of sharing personal data across borders, per Article 45 of GDPR. This will mean the UK is a 'third country' to those who are processing data in the EU and businesses will need to reassess their processing (perhaps by using their ROPAs) to ensure they are DPA and GDPR compliant.

Nigel Gooding has written a series of articles expanding on this topic which provides more information, but in short, there are 2 main actions under GDPR that UK/EU organisations will have to undertake to ensure they can continue to trade.

These are 1) businesses should be putting in place additional safeguards (per Article 46) such as Binding Corporate Rules, new contracts, new consent regimes or the development of an industry wide scheme or certification. All of these methods prove time consuming. 2) In addition UK companies will have to appoint a representative within the EU to act on behalf of UK companies under Article 27 of GDPR. Therefore your organisation should be identifying the potential risk of the UK leaving the EU and taking action now. DPAS are able to advise businesses if you have specific concerns.

PECR & ePrivacy Regulation

 

DPA/ GDPR shook up the marketing industry due to its need to work in conjunction with PECR regulations. Most businesses (unless able to rely on convoluted exemptions such as a 'soft opt-in') undertook a consent exercise to market to their customers electronically. Whilst this has resulted in a significant cut in the amount of marketing that is sent, it has also arguably meant that those receiving the material are more likely to be interested and thus actively engaging. 2019 introduces further changes, with PECR being replaced by the still to be agreed Electronic Privacy Regulation (ePR). DPAS will update you on this when there is more clarity on how ePR will affect your business but the main take aways for now are that ePR is likely to be broader in scope than PECR and will have the same penalties applicable as GDPR does.

This means the new regulations will apply not just to the use of cookies, or marketing emails, etc. as it does now, but also to current and future methods of communication. This means it will apply to instant messaging apps, machine-to- machine communications such as use of the IoT (Internet of Things) and any other areas of future development. The significance then is that the technology giants cannot design their way out of the law.

 

 

 

Whats new at DPAS!

With the new year, there are not just big commercial and

legal changes on the horizon. DPAS are excited to be expanding our

business out of London and the West Country, with new contracts starting in the North and in the Midlands.

 

 

 

Revised ROPA and
ISO27001 Security Assurance Trackers

 

Over the Christmas period we have developed new ROPA tools, which include increasingly relevant information and ISO27001 security elements with improved accuracy and reporting functions.

 

 

New DPAS Website

 

 

We have been working hard on our new website which aims to bring you more relevant content and updates about what's happening in the Data Protection world. You can also book onto our new training courses via the new website.

 

Training Courses

 

Our training courses are all now CPD accredited and we are running the following courses at our offices in Exeter during Feb, March and April:

 

 Data Breach Course (1 day)

 Data Protection Impact Assessment Course (1 day)

DPO Course (3 days) 

Foundation Course (1 day)

Data Protection and Cyber Security e-Learning (1 hour)

 

Click here for course dates or contact Mel

 

 

Wishing you all a Happy New Year and a successful 2019!

From all the team at DPAS.

 

 

 

Please reload

Our Recent Posts

Our New Support Portal

October 8, 2019

Data Protection in Airports

July 12, 2019

Has your Data Protection Officer had training?

July 11, 2019

1/1
Please reload

Tags

Please reload

©2019 Data Privacy Advisory Service Ltd. ALL RIGHTS RESERVED

LONDON | DEVON | YORKSHIRE

01392 914019

info@dataprivacyadvisory.com

 Privacy Notice

Please note all information on this website is for your help and guidance. It should not be regarded as an authoritative

or definitive statement of the law.