Mike Bradford of Regulatory Strategies UK is a regular contributor on the subjects of privacy and data protection.  Here is his latest update on UK data protection policy and recent data breaches:

UK Data Protection Policy Declaration

In the Queen’s Speech, the government made clear its intention to ‘ensure that the United Kingdom retains its world-class regime protecting personal data’ through implementation of the General Data Protection Regulation and the EU Enforcement Directive

Revised (data) subject access guidance

The Information Commissioner’s Office (ICO) has published a revised Subject Access Code with a view to encourage organisations not only to comply with legal obligations but to see handling them as an ‘opportunity for you to improve your customer service and service delivery’.

The ICO has stated: “We consider it good practice for you to engage with the applicant, having an open conversation about the information they require. This might help you to reduce the costs and effort that you would otherwise incur in searching for the information.”

The Information Commissioner’s Office has published its response to the Department for Culture, Media and Sport’s consultation on GDPR derogations.

Readiness for GDPR: A survey conducted by Privacy Laws & Business has shown that less than half of respondents have created a data breach notification process despite notification becoming a mandatory requirement under GDPR. In addition only half of respondents have created a staff training programme despite there being an accountability requirement under GDPR.

Recent data breaches:

  • Royal Free NHS Foundation Trust and Google’s DeepMind
  • Boomerang Video Limited
  • Conservative Party call centre
  • MyHome Installations Limited
  • Morrisons supermarket chain

To read the July Newsletter click on this link: Newsletter – July 2017

For further information contact Mike Bradford or Helen Lord at Regulatory Strategies