DPO Archives » Fox Red Risk

Tag: DPO

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

ICO statement in response to an announcement made by the Metropolitan Police Service on the use of live facial recognition
In October 2019 we concluded our investigation into how police use live facial recognition technology (LFR) in public places. Our investigation found there was public support for police use of LFR […]
ICO attends the second ICIC FOI case handling workshop
Hosted by the Gibraltar Regulatory Authority, the annual workshop provides an opportunity for different jurisdictions across the globe to share working practices and ideas. ICO colleagues in […]
ICO publishes Code of Practice to protect children’s privacy online
Today the Information Commissioner’s Office has published its final Age Appropriate Design Code – a set of 15 standards that online services should meet to protect children’s […]
ICO yn cyhoeddi Cod Ymarfer i ddiogelu preifatrwydd plant ar-lein
Heddiw, mae Swyddfa'r Comisiynydd Gwybodaeth wedi cyhoeddi ei Chod Dylunio Oed-briodol – sef set o 15 o safonau y dylai gwasanaethau ar-lein eu bodloni i ddiogelu preifatrwydd plant.
Blog: Adtech - the reform of real time bidding has started and will continue
The adtech real time bidding (RTB) industry is complex, involving thousands of companies in the UK alone.

Public Information & GDPR – I can do what I like with it…wrong!

There seems to be this idea floating around that if the data is collected from publicly available sites then it is fair game for marketers. If someone has created a profile on LinkedIn for example and their email address can be harvested (say by a recruiter or data miner connecting with you) then this public

Cookie consent after C-673/17 – To Consent or not to Consent…

Firstly, this is legal information about cookie consent, not legal advice… The judgement of the CJEU case C-673/17 is now doing the rounds and as one has come to expect when it comes to Data Protection recently, there is a lot of hot air and bluster about what the ruling means. Is this some form of paradigm shift in

Climate Change Solved: GDPR mitigates climate change risk!

01/10/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours

GDPR & CCPA: Two Nations Divided by a Common Language

CCPA & GDPR: Two Nations Divided by a Common Language

15/07/2019 DPO Blog, Security Advisory Blog admin

With six months to go before the California Consumer Privacy Act CCPA goes live in California, it seems we are progressively moving towards common ground when it comes to international privacy law…or are we…?

Are the big GDPR fines finally coming into land – and does it matter?

08/07/2019 CISO Blog, DPO Blog admin

So what was my prediction? Well, based on previous major data breaches (such as the TalkTalk breach) I hypothesised that, it seems to take the ICO around 12-18 months from a major incident occurring, to the ICO carrying out an investigation and subsequently issuing a fine…and then of course the inevitable appeal wrangling for reduction of the original fine amount. Therefore, if there were to be an in-scope breach on the 26th May 2018 it would likely be between May and November 2019 before a large fine would be finally agreed.

GDPR Process Inventory – 7 items to record

12/04/2018 DPO Blog admin

As a Controller, it is pretty challenging to meet the requirements of GDPR without great records detailing where, what and how personal data is processed. If you’re an organisation with more than 250 employees, there is a requirement to document your processing activities (See Article 30) but if you’re one of those organisations with less than 250 people, then you have a [partial] get-out-of-jail card. The thing is, even if it’s not mandatory, it’s still incredibly useful to document processing activities. This will help you comply with all the other aspects of GDPR you are still ‘on-the-hook’ for. In this brief article, we will look at 7 items which all organisations – small or big – should (or in certain cases must) include in an inventory of their processing activities.