Data Protection update

Posted: October 11, 2023 // Author: Board Originator Ltd.

We are designing data protection compliance systems right now, to include in SEEIO.

The UK continues to run its DPA regime a lot like Europe.

  • EU developments will remain relevant to UK companies who reach into the EU.
  • Also, EU court decisions may influence thinking in the UK, tangentially.

The UK regulator of data protection (Information Commissioner/ICO) has a big focus on protecting younger members of the population, and wrote a Code encouraging better practices with regards to the young: “Age Appropriate Design”. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/introduction-to-the-childrens-code/

The ICO is working on a Code of Practice for Direct Marketing under s122 of the DPA. The Code will impact how you market to a large number of your customers.

Currently in draft, the Code would have wide scope:

  • Applying to whatever ideals and aims you communicate (not just facts)
  • Companies would be expected to have systems that DEMONSTRATE compliance with GDPR.

Hence, the importance of getting a subscription to SEEIO governance platform:

  • We take GDPR very seriously in our organisation – we have policies and procedures, and a Module underway.

Things you should avoid doing, that would fall on the wrong side of regulators:

  • Marketing scams,
  • Targeting vulnerable people,
  • Misuse of CCTV footage,
  • Over-use of employment monitoring,
  • Failing to have an Artificial Intelligence Usage policy in your workplace.

Things to do, to help you avoid disgrace:

  • Read the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426 (PECR)
  • Be aware the ICO wants to see enhanced security of UK data centres and cloud services
  • Be aware the Data Protection and Information Bill (Session 2022-23) – still at First Reading Stage – proposes to strengthen ICO enforcement and introduce bigger fines for infringement of the PECR.

PECR covers, amongst other things:

  • Cookies
  • Smart metres
  • Data transfers
  • Data subject rights.

The Digital Regulation Cooperation Forum appears in every way to be keen to shore up what the UK does in terms of end-to-end encryption – which is a strategy that is bound to pay off in a Quantum world.

Ofcom, ICO and CMA are working on having a more harmonised enforcement approach – sharing data and intelligence.  It is possible that companies would be penalised by more than one regulator.  The ICO is trying to achieve quicker handling of investigations.

Disclaimer

The blogs of Board Originator Ltd / SEEIO and any of its contractors, agents or employees are for the general interest of the readership only.  We do not endorse any news or information we may publish in our blog.  Our blog is not intended to and does not constitute legal or professional advice to any person or business.  Our posts are general news items or updates that may interest our followers and consist of a brief overview therefore are incomplete on information and may contain errors at any time.  Readers are not to rely on our blog content and those that do rely, do so at their own risk.  We accept no responsibility to readers for our blog and we will not be held liable for statements in or third party links within our blogs.  Any common law liability is also excluded as permitted by law.  We do not accept any liability for damages whether direct, indirect, special, consequential or otherwise under any circumstances, whether foreseeable or otherwise.  Please also see our extensive website terms and conditions in the footer of our website.