ICO publishes useful guides on the new GDPR
data protection

ICO publishes useful guides on the new GDPR

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Head of policy and engagement at the Information Commissioner’s Office, Jo Pedder, points to useful guidance on the new EU General Data Protection Regulation that is set to come into force come May 2018.

The regulation will bring in some major changes as to how organisations are expected to look after personal data and the responsibilities in disclosing them to the authorities and affected individuals. The changes could mean huge punishments for organisations who fail to take their data protection responsibilities seriously.

Steps to take ahead of the changes

As the U.K.’s representative for the EU’s Article 29 Working Party, the ICO has provided a lot of useful tips about the changes, including a publication of 12 steps to take right now ahead of the GDPR coming in effect on 25 May 2018:

  • Increase awareness of the GDPR for the company heads, decision makers and shareholders
  • Document and organise all personal data held
  • Review current privacy notices and make necessary updates to comply with the new laws
  • Do the same as above for work protocols and how to handle with subject access requests
  • Check individual rights including method of use, sharing and removal
  • Identify the lawful basis for processing personal data
  • Review how your organisation seeks, records and manages consent from data subjects
  • Review parental/guardian consent for processing personal data belonging to children
  • Set up a data breach response procedure that mitigates damage as much as possible
  • Read the ICO’s code of practice on Privacy Impact Assessments
  • Assign a Data Protection Officer who will ensure data protection compliance
  • Check your responsibilities for cross-border data processing

Changes to profiling

The GDPR is set to change profiling, which is where an individual’s personality, behaviour, interests, habits and other characteristics are identified, analysed and predicted. Organisations may gather information like education, browser history, financial data, purchase history etc… in order to market goods and services they think an individual wants or needs.

Profiling has grown exponentially in the last few years to the stage where the presence of online personal data is rife. The GDPR is, however, set to increase the rights for data subjects and raise the bar on obligations for data controllers, which may result in huge changes to the way companies are advertising on the internet.

After 25th May 2018, organisations will need to show that the personal data they obtain is minimised, rather than gathering masses and masses of information in case it can be used for various purposes later. This information will need to be accurate given that inaccurate information can lead to organisations making the wrong classifications and decisions. The GDPR also calls for proper retention of obtained personal data by regularly reviewing the data to make sure it is still “relevant for the purpose.”

Changes on consent

If an organisation is relying on consent for the legal basis of obtaining personal data, that consent is only valid if it is “freely given, specific, informed and unambiguous.”

However, there are some circumstances when such consent may not be needed:

  • When it is necessary for the performance of a contract
  • Or it is necessary for the purposes of the controller or third party’s interest

The key word here is ‘necessary’. The GDPR will expect organisations to be able to evidence necessity. These new provisions should help to ensure that organisations aren’t just gathering huge amounts of data haphazardly to be put in a giant digital box for them to dig into whenever they want. It may also helpfully restrict the sale of information as well.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon