Information Security and Data Protection Newsletter - April 2016
Published 19 April 2016
Welcome to our new look data protection and IT security alerter, and there is no better way to launch it than with the news that we finally have agreement. On 14 April 2016, the European Parliament approved the final agreed text of the General Data Protection Regulation (the "GDPR"). The decision was made in plenary without a vote as there were no amendments or motions to reject. This follows a vote on 12 April 2016, where the European Parliament's Committee on Civil Liberties, Justice and Home Affairs approved the GDPR by a 54-3 vote.
The legislative process is now complete and once the GDPR is published in the Official Journal it will come into force following a two year implementation process. To read the final text of the GDPR, please click here.
Compliance programmes can now begin in earnest and anticipating this, the ICO has launched a 12 step guidance to implementing the GDPR at its annual data protection practitioner conference on the 12 March 2016. To see our report on the conference and the guidance please click here.
Whilst grappling with the requirements of the GDPR, the ICO has not been shy to produce new guidance under the current law with March seeing updated guidance on both encryption and direct marketing. To see our analysis of the guidance on direct marketing, please click here and our analysis of the guidance on encryption can be accessed here.
The ICO has also published the results of its App review, which makes interesting reading for all our clients utilising or developing apps. To see our guidance on ensuring your apps comply with best practice please click here.
ICO enforcement action continued at pace during March with a continued focus on nuisance calls and staff training. Please see our round up available here.
Heading over to Europe, and for those of our clients with Europe wide operations, we've had another decision on what European data protection law applies in a given scenario. Please see our case round up available here.
Moving further afield, the status of the Privacy Shield hangs in the balance. On 13 April 2016, the Article 29 Working Party (the "WP29") published its opinion on the EU-US Privacy Shield draft adequacy decision (the "Opinion"); the Opinion is a non-binding document but contains "strong concerns" on issues such as data retention, onward data transfers and the new right of redress for EU individuals, and the access by public authorities to data transferred under the Privacy Shield. Essentially, the main issues that the Privacy Shield was meant to redress after the demise of Safe Harbor. The Opinion urges the European Commission to resolve the WP29 concerns, identify appropriate solutions and review the Privacy Shield text to ensure that the level of data protection brought about by the GDPR when it comes into force, will be reflected in the Privacy Shield. WP29 has also published a working document on the justification for interferences with the fundamental rights to privacy and data protection through surveillance measures when transferring personal data (European Essential Guarantees) (the "Working Document"). To read the Opinion, please click here.
To read the Working Document, please click here.
Finally (if that's not enough excitement) we also had the news of who the preferred candidate for the replacement Information Commissioner will be. To learn more about Elizabeth Denham, click here.
Updates from across the world
To read our updates from across the world, please click here.