For the purposes of the Data Protection Act the quick definition is data which identifies a living individual.
The Information Commissioners Office has put together a quick reference guide to help. Please click here to access the guide which will open in a new window.
There are plenty of databases out there but whether they can be used to send marketing material will depend on the basis on which the personal information concerned was collected. The general rule is that unsolicited marketing can be sent to individuals where they have agreed to this or where it is likely to be within their reasonable expectations. For example, if an individual goes on holiday with a particular travel company then it is reasonable for that company to send a brochure advertising similar holidays the next year, unless the individual has made it clear that they do not wish to receive such marketing.
Therefore, the buyer of a list needs to check the basis on which the information was collected and whether any of the individuals have objected. The buyer should also establish whether the individuals would only expect to receive marketing via a particular medium, for example by mail. When using the telephone or email the special rules governing electronic marketing should also be complied with.
Unsolicited marketing emails should only be sent to individuals who have consented (and consent cannot be assumed if an individual does not respond).
If it is established that the list buyer can use the personal information for marketing they should only market products and services which are similar to those that the information has been used to market previously. Further guidance on electronic mail marketing can be found here
The Data Protection Act requires that any personal information held should be adequate, relevant and not excessive, and that it should not be kept for longer than is necessary. The new owner of a database should decide how much of the information they need to keep. Any unnecessary personal information should be deleted. Personal information should not be held simply on the basis that it might become useful one day.
Identity theft at epidemic levels, warns Cifas – Read more on the BBC website
Are you sleepwalking into trouble?
Read more on the BBC…
Wider Gravity Forms Stop Entries is a new plugin that helps website owners protect the privacy of form submissions by preventing entries from being stored in the database. Read more…
Source: Gravity Forms Stop Entries Plugin Aims to Help Sites Comply with the EU’s GDPR – WordPress Tavern
People to have more control over their personal data and be better protected in the digital age under new measures announced by Digital Minister Matt Hancock.
The Government has committed to updating and strengthening data protection laws through a new Data Protection Bill which will:
- Make it simpler to withdraw consent for the use of personal data
- Allow people to ask for their personal data held by companies to be erased
- Enable parents and guardians to give consent for their child’s data to be used
- Require ‘explicit’ consent to be necessary for processing sensitive personal data
- Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
- Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
- Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
- Make it easier for customers to move data between service providers
New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.
Businesses will be supported to ensure they are able to manage and secure data properly. The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or 4 per cent of global turnover, in cases of the most serious data breaches.
The intention of the Data Protection Bill is to implement the GDPR in full, put the UK in a strong position to secure unhindered data flows once it has left the EU, and give businesses the clarity they need about their new obligations.
The GDPR will apply fully from 25th May 2018. If you would like to know the steps to take to comply with the new rules please register for our series of email guides here.
I saw this on the BBC and thought you should see it:
Customers ‘furious’ with TNT after cyber-attack meltdown – http://www.bbc.co.uk/news/technology-40861982
Recently we seem to have had a spate of marketing emails from people without any regard for the rules on privacy!
We all make mistakes but a lack of knowledge of the rules puts their business reputation at risk and exposes them to a substantial fine.
If you provide unsolicited marketing material, the Information Commissioner’s Office produces a handy Direct Marketing Checklist which includes a guide to the marketing rules. You can download it here.
Employees are ignoring company policies on confidential data which jeopardises businesses compliance according to research by Sharp. Read more…