Author Archives: Peter Given

Data Protection Bill receives Royal Assent

24/05/2018 · by · in Data Protection

On 23 May, the Data Protection Act 2018 was finally passed into law. The new Act repeals the Data Protection Act 1998, and facilitates the implementation into UK law of the General Data Protection Regulation (EU) 2016/679, which comes into effect on 25 May. We will be publishing an article in due course that will […]

FCA and ICO update on GDPR

08/02/2018 · by · in Data Protection, EU

An update from FCA and the ICO confirms FCA’s view that firms can comply with both the GDPR and its rules. The update notes that GDPR is a board level responsibility, and firms must produce evidence to show what they have done to comply with it. FCA also notes that, although the ICO will regulate […]

GDPR compliance: the final countdown

24/01/2018 · by · in Data Protection, EU

We have written an article on the final countdown to GDPR compliance.

ICO fines 4 firms for nuisance calls and spam texts

12/01/2018 · by · in Data Protection, Enforcement

The ICO has fined four firms a total of £600,000: Barrington Claims Limited had made over 15 million automated calls about PPI; Newday Limited used other firms to send 44.7 million spam emails to promote its financial products to people who had subscribed to websites the other firms operated; Goody Market UK Limited, operator of […]

ICO fines bank for spam marketing

11/10/2017 · by · in Data Protection, Enforcement

The ICO has fined Vanquis Bank £75,000 for sending 870,000 texts and 620,000 emails promoting its credit cards to recipients who had not consented to receive them. It had used marketing lists from other organisations and relied on indirect consent rather than checking the right levels of consent had been obtained. ICO found the consent […]

Government publishes DP Bill statement of intent

09/08/2017 · by · in Data Protection, EU

We have written an article on the Government’s statement of intent for the Data Protection Bill.

ICO fines loan firm for nuisance texts

18/07/2017 · by · in Data Protection, Enforcement

The Information Commissioner’s Office has fined Provident Personal Credit Ltd £80,000 for sending nearly 1 million unsolicited texts promoting personal loans. The company used third party affiliates to send the communications, to which the recipients had not consented.

ICO publishes Information Rights Strategic Plan 2017 – 2021

05/06/2017 · by · in Data Protection

The Information Commissioner’s Office (ICO) recently published its information rights strategic plan 2017 – 2021. The strategic plan sets out the ICO’s mission to increase the trust that the public has in government, public bodies and the private sector; including trust in transparency, in the digital economy and in digital public service delivery. It also […]

The European Data Protection Supervisor publishes 2016 Annual Report

08/05/2017 · by · in Data Protection, EU

Giovanni Buttarelli, the European Data Protection Supervisor (EDPS) presented the EDPS Annual Report 2016 to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs on 4 May 2017. By way of reminder, the EDPS is the EU’s independent data protection authority, tasked with ensuring that the institutions and bodies of the EU respect […]

ICO fines financial firm for sending unsolicited texts

20/04/2017 · by · in Data Protection, Enforcement, EU

The ICO has fined Monevo Limited, a finance brokerage firm, £40,000 for sending unsolicited marketing texts without proper consent. Between April 2016 and June 2016, the company sent 44,172 texts encouraging people to apply for loans and 130 complaints were made, prompting the ICO investigation. Under the Privacy and Electronic Communications (EC Directive) Regulations 2003, […]

The Government calls for views on GDPR derogations

19/04/2017 · by · in Data Protection, EU

The UK Government has launched a Call for Views on the derogations (exemptions) from the EU General Data Protection Regulation (GDPR), which comes into force on 25 May 2018. Although there is limited scope for flexibility, the GDPR does allow member states to exercise their discretion over how certain provisions of the GDPR will apply […]

Draft GDPR Guidance receives a significant response

19/04/2017 · by · in Data Protection, EU

The Information Commissioner’s Office (ICO) recently announced that it has received a large number of responses to its consultation on the draft  GDPR Consent guidance.   The GDPR Consent guidance sets down the ICO’s recommended approach to compliance and what counts as valid consent. It also provides practical help to decide when to rely on consent […]

ICO fines credit broker for unsolicited texts

20/03/2017 · by · in Data Protection, Enforcement

The ICO has fined a credit broker £20,000 for sending unsolicited communications in breach of regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. Munee Hut markets its services partly through affiliates that send marketing texts that direct recipients to Munee Hut’s website.  Between mid-2015 and spring 2016, 885 complaints were made about receipt […]

ICO and FCA hold big data use forum

03/03/2017 · by · in Data Protection, Insurance

The Information Commissioner’s Office (ICO) and FCA have published a summary of their forum on the use of Big Data in retail general insurance. The forum, held on 16 January 2017, was to engage with the insurance industry following stakeholder concerns raised as part of FCA’s call for input, on which it published a feedback statement […]

ICO fines credit broker for unsolicited texts

17/02/2017 · by · in Data Protection, Enforcement

The ICO has fined Digitonomy Ltd £120,000 for sending millions of marketing texts without proper consent. The company is an FCA-authorised credit broker, which generates leads for its business through affiliates sending marketing texts directing readers to websites offering loans. Between April 2015 and February 2016, the company instigated the sending of nearly 6 million […]

ICO fines RSA for DP breach

12/01/2017 · by · in Data Protection, Enforcement, Financial Crime

The Information Commissioner’s Office (ICO) has issued Royal & Sun Alliance Insurance PLC (RSA) with a monetary penalty notice (£150,000) because of a serious breach of the seventh principle (the requirement to keep data secure) of the Data Protection Act 1998 by RSA. Between 18 May 2015 and 30 July 2015, a portable Network Attached […]

ICO revises Privacy Notices code of Practice

18/11/2016 · by · in Data Protection

The ICO has recently issued a revised Privacy Notices Code of Practice, which we have reviewed in our recent article on the Code for the Privacy and Data Protection Journal.

ICO fines FS institution for breach of PECR

18/11/2016 · by · in Data Protection, Enforcement

On 3 November, the ICO imposed a monetary penalty of £70,000 on Nouveau Finance Limited for marketing activities carried out on Nouveau’s behalf by a third party in contravention of the Privacy and Electronic Communications Regulations. Nouveau used a third party to send out 2.2 million unsolicited marketing texts to generate leads. This resulted in […]

UK confirms adoption of the GDPR

01/11/2016 · by · in Data Protection, EU

The UK Government has confirmed that the UK will adopt the GDPR . Secretary of State Karen Bradley MP stated: ‘We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be […]