The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.
With just a few weeks to go until Brexit is due there is lots of uncertainty about what will happen if there is no deal. If a deal is agreed the EU and UK will enter into a transition period (to 31 December 2020, or possibly later) during which time the EU and UK will seek to agree to a new long-term trade deal. During this time the status-quo is likely to continue meaning unrestricted data flows between the UK and rest of the EU. In a no-deal scenario the UK will still incorporate the GDPR into UK law but with no transitional arrangements in place the UK will be seen as a third country by the EU. Organisations would therefore be wise to update privacy related documentation and agreements, map their personal data flows between the UK and EU and make sure the appropriate safeguards are in place to be able to lawfully transfer personal data.
Who’s getting it wrong?
The contact details of hundreds of adoptive parents have been disclosed in an email as a result of human error. The email, from Kent County Council’s adoption service, was sent to 300 adoptive parents and some support workers. Kent County Council said: “A member of staff working for the post-adoption support team mistakenly copied a mailing list into the carbon copy (cc) section of their email client instead of the blind carbon copy (Bcc) section. After realising their mistake, they immediately informed their manager, who then followed the relevant internal procedures. They attempted to recall the emails. We deeply regret that this happened.”
At the International Conference of Information commissioners 2019 Elizabeth Denham gave the opening address and spoke about the importance of collaboration of expertise to deal with coming challenges. Read more here.
Since the GDPR came into effect medical practices have reported a significant rise in Subject Access Requests which some practices are struggling to deal with. The ICO has put together some practical advice and tips for dealing with such requests whether made directly, by legal representatives, or insurers. Find their guidance here.
The Global Privacy Enforcement Network’s (GPEN) annual intelligence gathering operation has found that whilst there were examples of good practice, a number of organisations had no processes in place to deal with the complaints and queries raised by data subjects, and were not equipped to handle data security incidents appropriately. Read more of the findings here.