Information Security and Data Protection Newsletter - May 2016
Published 17 May 2016
The countdown has begun. On the 4 May, the General Data Protection Regulation, un-catchily named Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, but we will continue to refer to it as GDPR, was published in the Official Journal and this marks the start of a two year 20 day journey towards its application in all Member States on 25 May 2018.
Over the next two years organisations will need to get to grips with what these changes mean to their data processing operations and put GDPR implementation programmes in place to ensure compliance by 25 May 2018. The UK government will be putting in place legislation where the GDPR grants flexibility to Member States to enact its own data processing laws and the Information Commissioner ("ICO") will be producing pragmatic guidance to assist organisations in understanding their obligations. We are busy canvassing areas of concern and requests for guidance from our clients to present to the ICO.
We also had the news that Canadian Elizabeth Denham has been announced as the successor to Christopher Graham as UK Information Commissioner. This followed her job interview being broadcast live on parliament TV. You can watch Elizabeth's interview here.
For regulated companies, April saw the publication of the Financial Conduct Authority's ("FCA") 2016/2017 Business Plan. This sets out the FCA's work programme and priorities for the coming year. To see our regulatory round up for data protection and innovation in the financial services sector please click here.
The House of Lords Select Committee on the European Union published its report on 'Online Platforms and the Digital Single Market'. The report is intended as a response to the European Commission's consultation on how large online platforms use their power and whether the current regulatory environment is fit for purpose. Our insurance clients utilising online platforms should read our summary and analysis of the report available here.
Continuing with the theme of data protection and innovation, the Global Privacy Enforcement Network, the informal network of Data Protection Authorities, which looks at transnational privacy and data security issues, has announced that the Internet of Things will be the focus of its annual "privacy sweep", which has took place in April. This follows previous "sweeps" reporting on online services for children, website privacy policies and mobile phone apps. See here for more information.
There has been no let up on enforcement this month. To see our ICO enforcement round up click here. Meanwhile data protection compliance of private investigators has been firmly in the spotlight with a statement by the ICO that it will be sending officers from its Criminal Investigations team to visit private investigators suspected of unlawful practices and an interesting subject access case against a private investigator which reached the High Court. See here for more information.
2016 sees the launch of the UK's second National Cyber Security Strategy. To see our summary of the UK government's report please click here.
Finally, now the GDPR is agreed it's time to look at the ePrivacy Directive! The ePrivacy Directive is implemented into UK law by Privacy and Electronic Communication Regulations covering specific rules applicable to internet service and communication providers, cookies and emarketing rules. The consultation is seeking views on the effectiveness of the current ePrivacy Directive and possible changes to the ePrivacy Directive. To review and respond to the consultation, please click here.
Updates from across the world
To read our updates from across the world, please click here.