GDPR Friday Roundup – 17th November 2017


During Questions in the Commons Labour MP for Delyn, David Hanson, asked what steps DCMS is taking to tackle cyber attacks. Digital minister Matt Hancock responded that protecting the UK from cyber-attack is a tier 1 national security issue and the Government are investing £1.9bn in cyber-security and opened the National Cyber Security Centre this year to lead the nation’s efforts. Discussion then moved to what the Government is doing about investigating whether cyber attacks aimed at subverting our democracy have been backed by Russia. Read more here.

On the third day of the Data Protection Bill’s scrutiny in the Lords they discussed special categories of personal data and criminal convictions. The Earl of Kinnoull moved a series of amendments relating to insurance saying that the nature of insurance products’ distribution in the UK would make obtaining consent at every stage ‘horribly complex’. He cited examples such as when an insurance policy is bought by a third party saying that the Bill doesn’t adequately explain how the consent chain would work. The Earl of Kinnoull withdrew his amendments on the basis that further discussion on the subject would be had. Read more here.

Debate moved on to automated processing (see here and here), exemptions for health, social work, education and child abuse data (see here).

Written Questions

Digital minister Matt Hancock responded to a question tabled by Bim Afolami MP on how the GDPR will effect small businesses. Mr Hancock said that during negotiation the UK worked to ensure the obligations arising from the regulations are greater on an organisation only if the risk their activity poses to an individual is high. He said organisations that already operate at the standard set by the Data Protection Act 1998 should be well placed to implement the new data protection framework. Read more here.


Who’s getting it wrong?

A healthcare assistant has been fined for accessing a patient’s medical records without a valid legal reason. She accessed the information of a patient who was known to her on six occasions without a business reason and without the knowledge of the data controller. David Teague, the ICO’s regional manager for Wales said “it is disappointing that we continue to see people getting into serious trouble over behaviour which is so easily avoidable”. Read more here.


Other News

UK pawnbroker Cash Converters has warned customers about a data breach on its website. The company said a third party has potentially accessed customer usernames, passwords and addresses. Cash Converters said it is taking the breach “extremely seriously” and has reported it to the ICO. Read more here.

Leave a reply

You must be logged in to post a comment.