There may be trouble ahead…

As we approach the halfway point between the date when the EU Data Protection Regulation (GDPR) was adopted in April last year and when it applies in May next year, data controllers and processors are increasingly concentrating on practical implementation in specific sectors and on specific issues, such as Binding Corporate Rules.

PL&B’s one day conference hosted by DWF in London on 4th May is on online and offline retailing with speakers from the ICO and Wickes: The GDPR and retailing: Consent, profiling and disruptive technologies.

One of the front-page stories in the March edition of the Privacy Laws & Business United Kingdom Report is on data brokers, but is addressed to all companies which buy or rent lists. The Direct Marketing Association now supports ICO investigations leading to fines and jail sentences for individuals behind companies which break the rules. There is a useful checklist on points to check when acquiring a list. Chiming with this theme, the ICO announced yesterday, 9th March, a £270,000 fine on Media Tactics Ltd. for making 22 million nuisance calls based on lists collected without valid consents for this use.

A fascinating development is wearable tech which detects emotions (not a word we have used before!) and employers’ responsibility in processing that data. We explore Cleveland police’s use of privacy tech in the form of Experian’s Pandora platform.

The GDPR was on the minds of the 800 strong audience at the ICO’s conference in Manchester on 6 March where Elizabeth Denham emphasized consumer trust as her main theme. I attended a workshop and wrote an article on conducting Data Protection Impact Assessments where the participants discussed not only challenges but also practical recommendations for organisations and the ICO.

The 3rd and final Help! Roundtable: Reviewing Progress is being hosted by Google on 23rd March.


Stewart Dresner, Publisher


UK Report 90

Lead story:

UK Court of Appeal limits exemptions to access rights

Marcus Evans and Yasmin Lilley explain the importance of this recent court decision in the Dawson-Damer case.

Contents also include:

  • Data brokers beware: The ICO may be coming for you
  • Comment: What now for data transfers?
  • Lack of trust: ICO asks for the consumer to be put first
  • Wearables-at-work: Quantifying the emotional self
  • BCRs under the GDPR: Practical considerations
  • GDPR: Time for execution
  • Heart on your sleeve: The DP implications of wearable tech
  • Improving data quality with end-to-end data management
  • DP Impact Assessments: Challenges and recommendations
  • Events Diary
  • ICO consults on GDPR draft consent guidance
  • UK data flows – what will the future hold?
  • Government reaffirms commitment to free flow of data
  • ICO calls for transparent and proportional data sharing
  • DCMS prepares a UK position on e-Privacy
  • New information from ICO on Big Data and AI
  • ICO probes targeting of individuals in EU Referendum
  • Law Commission consults on the protection of official information