ENSURING COMPLIANCE WITH ELECTRONIC MARKETING RULES: A CLOSER LOOK AT SOFT OPT-IN CONSENT

The ICO’s recent decision to take enforcement action against a number of organisations (both in the form of investigations and regulatory fines) for sending unsolicited email and text based electronic marketing communications to individuals should serve to prompt organisations to take stock of the ways in which they promote their products and services using electronic … Read more

European Commission publishes new draft Article 28 clauses for consultation

Alongside, and perhaps in the shadow of, the European Commission publishing its long-awaited draft new Standard Contractual Clauses (the “New SCCs”) to address the restrictions imposed by the GDPR in relation to making international transfers of personal data  (for further details see our blog post here), the European Commission has also published a set of … Read more

A change in approach to subject access? ICO Publishes Updated DSAR Guidance

Summary The ICO (the UK privacy regulator) has updated its guidance on data subject access rights, and the revised guidance appears to be aimed at giving organisations practical advice on managing and responding to subject access requests by including further detail and examples. Although the revised guidance has not changed dramatically, it is fair to … Read more

HOW TO CALCULATE A GDPR FINE – THE PROPOSED ICO WAY

The Information Commissioner’s Office in the UK (the “ICO”) has published for consultation its draft statutory guidance setting out how it will regulate and enforce data protection legislation in the UK. The document explains all of the ICO’s key powers (including information notices, assessment notices, enforcement notices and penalty notices). Perhaps most interestingly for organisations, … Read more

High GDPR fine issued but not for a data security breach

The Hamburg data protection regulator in Germany has issued a fine of €35.3 million against retail firm H&M for breaches of the GDPR relating to the excessive and unlawful collection of employee data. Interestingly, although the fine is the highest yet levied by a German regulator, it did not relate to a data security breach, … Read more

German Regulator Publishes Schrems II ‘Checklist’

The Baden-Württemberg data protection authority (“LfDI”) has issued guidance to controllers and processors following the Schrems II judgement.  The guidance includes helpful, practical tips which entities can take with respect to their current and future international transfers. Whilst aimed primarily at organisations subject to the jurisdiction of the LfDI, the guidance may be helpful for … Read more