HIV Scotland has been fined £10,000 after the charity sent out an email containing the personal details of dozens of people. Emails, bcc and breaches – the latest fine, and what to learn Like buses, we have the second …
Category Archives: Data Sharing
Covid Testing in the Workplace
Categories: Consent, Data Sharing, GDPRCovid testing in the workplace – can we do it? On 29 March, lockdown restrictions eased and the “stay at home” message turned to “stay local”. Earlier in the year, the Government also extended its Covid workplace rapid testing programme …
Webinar: GDPR and Working from Home
Categories: Data Sharing, GDPR, Public Information, Security, WebinarThe Coronavirus will create numerous risks for organisations over the coming months. Many businesses are looking to home working to ensure staff can continue to be productive in the event of restrictions of movement or temporary office closures. This means …
Recent GDPR Enforcement Action in Europe
Categories: Consent, Data Sharing, Fines, GDPR, Security, Transparency, UncategorisedOctober and November have seen two significant pieces of GDPR enforcement action in Europe with the supervisory authorities in Germany and Austria both issuing multi-million Euro fines for breaches of the GDPR principles. Germany In Germany, the Berlin Data …
How to get the most out of your DPIA process
Categories: Breach, Data Protection Act 2018, Data Sharing, GDPR, Guidance, ICO, Public Information, UncategorisedIf your heart says yes, can your DPIA say it too? We wrote back in March about the common mistakes organisations make with Data Protection Impact Assessments (DPIAs). The importance of DPIAs can be seen in three recent cases. In the True Visions Productions (under the DPA 1998) the lack of DPIAs was seen by the Information Commissioner Office (ICO) as one of …
NHS Foundation Trust leaks patient email addresses
Categories: Consent, Data Protection Act 2018, Data Sharing, GDPR, ICOOn the 6th September the Tavistock and Portman Clinic sent out an email inviting just under 2,000 patients to participate in an art competition. Unfortunately for the clinic, all the email addresses leaked, visible to all the recipients. An initial …
ICO amends guidance on time limits for data subject requests
Categories: Data Sharing, GDPR, Guidance, ICOSome slightly strange events at the Information Commissioner’s Office (ICO) recently as they quietly updated their guidance around the GDPR’s time limit of “one month” for responding to data subject requests, which had been in place since before May 2018. …
5 common mistakes made with DPIAs
Categories: Breach, Consent, Data Protection Act 2018, Data Sharing, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorizedWe have outlined 5 common mistakes made with DPIAs. With the GDPR, a DPIA, or ‘Data Protection Impact Assessment’ has moved from being a good practice recommendation to being a mandatory activity for some kinds of personal data processing. The …
5 Tips for Incident Management
Categories: Accuracy, Breach, Brexit, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, DFE, Fines, Fundraising, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorizedThis article is not a guide about how to handle a notifiable breach. By now, you’re all familiar with the ICO Guidance on that. This piece is about the day to day handling of incidents based on over a decade …
We all know about PECR, right?
Categories: Accuracy, Breach, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, Events, Fines, Fundraising, GDPR, ICO, Security, TransparencyAt the Protecture seminar on e-Privacy at the end of November, Rowenna Fielding reminded us that PECR is about more than just consent for electronic direct marketing. I don’t think that Rowenna meant to alarm anyone, just a gentle poke …