Author: Deborah Ferguson
Hand holding globe with mountain background

ICO’s International Strategy

ICO’s International Strategy: Helping protect UK public’s personal information in a global environment   Last month the ICO published an International Strategy, designed to help it meet global data protection challenges. This includes GDPR, Brexit, changing technology, and increased globalism. The chief aim of the strategy is to strengthen privacy and protection for the UK public regardless of where risks are. Four main international concerns are highlighted: While the UK remains a member of the EU, to operate as an influential data protection authority at European level – as well as when the UK leaves, and during any period of transition. In an increasingly globalised world experiencing rapid growth of online technologies, to maximise the ICO’s delivery against its objectives and relevance. To ensure that UK data protection practice and law is used as a benchmark for the highest global standards. To address the uncertainty of legal protections when it

Keep reading
Padlock on top of credit cards and laptop

GDPR Update – Third Party Data

As of today there is still no movement on the ICO’s guidance, when it comes to naming the company we’re processing data for. Recital 42 states that the recipient “should” know the identity of the data controller (your client). The important word here is “should”, rather than “must”.   We work very closely with the DMA to ensure we’re 100% compliant when it comes to GDPR. During a recent DMA web conference call, their Legal team suggested that the ICO may still loosen further their final version of guidance for GDPR; keeping it closer to the Data Protection Act’s current form. This means that businesses can opt in prospects to a “narrow band” of topics or subjects (such as Internet Security, or Financial Technology). Their details can then be rented out on a subscription basis. If the ICO changes that “should” to a “must”, you’ll be in need of a

Keep reading
Old fashioned telephone

Legitimate Interest vs Consent

By the end of this year, the ICO plans to provide guidance on the “legitimate interest” provisions of the GDPR. By legitimate interest we mean certain cases where organisations rely on claiming they have a legitimate interest in processing the data they collect: eg, when making live telephone calls or sending communications by post.   The ICO says it will publish guidance to explain exactly when legitimate interest can be used to justify contacting someone or processing their data. In the meantime, let’s take a look at the difference between legitimate interest and consent – and how this works with invisible processing.   Legitimate interest As An Option   As a business, legitimate interest may well seem the better option for you, or at least for a good percentage of yoir own data. But there will be tests that you need to be able to fulfil, such as being specific about

Keep reading
Padlock securing a data cable

ICO Information Rights Strategic Plan

With GDPR just seven months away, consumers are less concerned about the exact details, or what kind of legislation may follow it. The burning questions seem to be whether their data is properly protected, who will be holding businesses accountable, and what privacy rights they possess. As a regulator of all of this, the ICO needs to be consistent and continuous when it comes to giving relevant information: ie, listening to the concerns of the consumer and being able to provide answers. Seeing the impending changes brought about by GDPR as a powerful opportunity to have a positive and direct impact on public trust, the ICO have issued a new Information Rights Strategic Plan. Rather than being about procedures, policies, or paperwork, it focuses more on how businesses can make a difference to the trust people have in what happens to their personal data.   For anyone engaging in the

Keep reading
server room

Profiling: What the ICO Has To Say

The use of profiling can help businesses understand more about their target audiences, make better informed decisions about who to reach out to, and process data with better intelligence. Such information can give us insights into how a person behaves and what their personality is like, as well as what their interests and habits are – through consumer, social, or user profiling. With the evolution of profiling technology to help us achieve our marketing goals, it’s no wonder more and more businesses are using this technique to help widen their competitive gap.   However, if your profiling activity results in unfair discrimination, you may need to re-think your strategy now in preparation for GDPR. Lets’ take a look at the benefits and risks according to the ICO:   Benefits: More effective market segmentation Enables risk and fraud analysis Aligns offers and prices with individual consumer demand Contributes to improvements in

Keep reading
lock through book

5 Key GDPR Obligations Infographic

As an ISO27001 accredited company, we’re already working to the highest possible standards when it comes to GDPR compliance. From May 25th 2018, you’ll need to ensure you’re encrypting data and upholding the privacy and integrity of the information you’re handling. In order to reduce risk and avoid hefty fines, you must start preparing now.   Did you know that 26% of businesses are not on course to meet the changes that will be imposed by GDPR? We’ve prepared this infographic to walk you through the five essential, key obligations you need to abide by in order to stay compliant. It also explains the steps we can take to ensure your business takes accountability of your subject’s data privacy and upholds subject data rights:     To prepare for GDPR and ensure you’ve taken all necessary steps to avoid a potential fine of 4% of your annual worldwide turnover, or

Keep reading
Computer keyboard with caution warning cone

Using GDPR As A Framework For Success

With the General Data Protection Regulation (GDPR) set to be implemented in the EU by May 2018, this is the final year for you to adapt and make the necessary changes. All organisations which handle personal data will need to comply with the requirements of the regulation, which has obligations around subject consent, data breach notification, and the processing and transfer of data. Still, despite the masses of information available surrounding GDPR and what it means, only last month research by the DMA reported that despite  93.6% of businesses believing that GDPR is applicable to their business – 62% have no plans in place to prepare for GDPR.   With the potential of substantial fines of up to 4% of global revenue being imposed for non-compliance e.g. administrative failures and security breaches, your business needs to start preparing for the GDPR now. Additionally, GDPR has consequences in other respects. There

Keep reading
AI robot lady

Artificial Intelligence vs The Human Touch

AI has come a long way since the term was first coined by Stanford professor John McCarthy in 1956. Gartner predicts that by 2020, 85% of customer service interactions will be powered by AI bots. Even sooner than that, Gartner says in less than two years-time digital assistants will be able to mimic human chat. That not only includes listening and speaking, we’re talking conversing with a sense of history, present-moment context, varying tone and an awareness of timing. They’ll “know you” and recognise your face, just as a friend would. Freaking out yet? Rewind back to current day. In today’s world, although chatbots have been around for years and seem to be advancing extremely quickly, the limitations are prevalent. Since Facebook Messenger’s WeChat debuted at its F8 developers conference last April 2016, tests report that the technology “could fulfil only about 30% of requests without human agents.” To add

Keep reading

GDPR: How to Avoid Becoming a Moving Target

If you think Brexit means you don’t have to worry about the GDPR, think again. The ICO (Information Commissioner’s Office) states that “The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.” With this in mind, and with less than 13 months to go before the GDPR goes live, what should you be doing to ensure you don’t get penalised for being non-compliant? Regulations are fast changing. According to the DMA, as many as a quarter (26%) of businesses are not on course to meet the fast-approaching GDPR changes, with B2B marketers being the least prepared.  Mixed attitudes towards the GDPR signal that some UK businesses are already GDPR compliant; some are halfway – using the new framework as a baseline minimum; whilst others are choosing to keep their heads buried in the sand right up until the last minute.

Keep reading