The Data Protection Bill

The UK’s third generation of data protection law has entered Parliament.

The Data Protection Bill was published on 14 September 2017 and aims to modernise data protection laws to ensure they are effective in the years to come. 

The Information Commissioner’s (ICO) website has been updated to include new section about the Data Protection Bill.

This explains the relationship between the Bill and the GDPR, detailing the additional areas the proposed new legislation covers. It also includes links to the ICO’s GDPR and Law Enforcement pages and to a Data Protection Bill fact sheet.

Notification under the Data Protection law

When the General Data Protection Regulations (GDPR) come into effect next year there will no longer be a requirement to notify the Information Commissioner’s Office (ICO) as there is now.

There is a provision in the Digital Economy Act which means it will remain a legal requirement for data controllers to pay the ICO a data protection fee. These fees will be used to fund the ICO’s data protection work. As now, any money the ICO receives in fines will be passed directly back to the Government.

The new system will aim to make sure the fees are fair and reflect the relative risk of the organisation’s processing of personal data. The size of the data protection fee will still be based on the organisation’s size and turnover and will also take into account the amount of personal data it is processing. The final fees will be approved by Parliament before being put into place.

Cookie banner frustration

The European Commission has proposed new regulations that would limit the way companies track users on the internet.

Part of that plan would see the removal of website banners that provide disclaimers on cookie policies and instead have the user’s browser preferences automatically apply to each site they visit. In addition companies will need to get explicit consent from a user before being allowed to track their online activities.

If passed, the new rules will come into effect by May 2018.

Read more… (opens in a new tab)

Wetherspoons decided it’s safer to delete customer data – Developer Tech

Pub chain JD Wetherspoons has quite a fanbase in the UK, but the company has decided it’s safer to delete all its customer data than risk it being hacked.

Source: Wetherspoons decided it’s safer to delete customer data – Developer Tech

Do you own a residential building over 18 metres high which is cladded?

Melanie Dawes the Permanent Secretary of the Department for Communities and Local Government (DCLG) has sent a letter to owners, landlords and managers of private residential blocks in England.

DCLG are offering, private owners of residential buildings an opportunity to test cladding on blocks over 18 metres high through arrangements put in place with the Building Research Establishment (BRE).

These checks will be paid for by DCLG, and the information will be available to DCLG from BRE.

Where owners consider that they may have concerns about cladding on buildings over 18 metres high, there is a process to follow described in the letter.

DCLG have provided an email for enquiries:

The letter and downloadable data return form are available here.

Fundraising Regulator's Guidance on Data Protection

The Fundraising Regulator has published guidance on processing personal data and consents relating to fundraising by charities to help them better understand their responsibilities in relation to donor consent, data protection and legitimate interests to be ready for the EU General Data Protection Regulation. The guidance can be found here.


Data Protection

The new Information Commissioner, Elizabeth Denham, recently said;

“Ask yourself: What are people expecting us to do with their personal data?”

She went on to say:

“Your answer should be in a good, clear privacy notice, but you must also have people’s trust that you won’t change your mind, do something different or do something new. It’s about building relationships and maintaining them.”

“That was one of my messages to the fundraising sector during the conference we jointly hosted …. with the Charity Commission and Fundraising Regulator. But it applies to organisations across the board, be they government departments, large accountancy firms, health trusts or small businesses.”

“I think it’s clear that in recent years people feel they’ve lost control of their own data. But it is within your gift to alleviate that feeling of helplessness people have over what happens to their personal details.”