The Information Commissioners Office is the UK’s independent body uphold information rights in the public interest, covering data protection legislation including the Data Protection Act, the Freedom of Information Act, the Privacy and Electronic Communications Regulations and of course the General Data Protection Regulation (GDPR). The ICO’s data protection work is currently funded through fees levied on organisations processing personal data, unless they are exempt. This is done under powers granted in the Data Protection Act 1998. The funding model is changing slightly and in February, the Government announced a new charging structure for data controllers to ensure the continued...

For non-lawyers trying to navigate their way through the sea of information out there on the web relating to data protection, one thing that can be rather confusing is working out who is who in terms of authorities. In the field of data protection, there are a few key names you need to know. The Information Commissioner’s Office The Information Commissioner’s Office, or ICO, is the UK’s independent authority set up to uphold information rights in the public interest and they have a variety of functions. Under the Data Protection Act 1998 every organisation that processes personal information has to...

A frequently asked question is whether or not an organisation needs to seek fresh or renewed consent from clients or customers once GDPR is in force. Panic has spread as organisations realise that databases may have to be trawled through as consents are sought and recorded. To be clear – you are not required to automatically refresh all existing DPA consents in preparation for the GDPR. However, it is important to check your processes for gaining consent and records of consent gained to ensure that existing consents meet the higher bar set for consent by the GDPR. Recital 171 of...

The GDPR is a European Regulation designed to do what is says on the tin. Protect data. That data being personal data, belonging to you, a citizen of the EU. It puts in place a number of obligations and responsibilities on those deciding how your personal data should be used - the data controllers, and also those with the responsibility of undertaking that processing at the request of those data controllers - the data processors. The GDPR also gives those whose personal data is being processed - the data subjects - a number of rights. Many of these rights we...

The GDPR gives individuals the right to be informed about the collection and use of their personal data. This ties in with data controller’s obligations to provide “fair processing information”. The GDPR imposes upon data controllers a requirement to be transparent about how they are going to use personal data and their justifications for doing so. It specifies the information which must be provided to individuals - which will often be done using a privacy notice or policy - and also the manner in which it is to be supplied.