Updated guidance from the ICO

This guide summarises the general erasure obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.

The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018 to replace the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR). This guide is part of a series that explain some of the new or more difficult concepts introduced by the DPA 2018 and the GDPR.

This month we look at what can be learned from state-sponsored cyber attacks, how to avoid falling victim to increasingly sophisticated account takeover scams, and the ICO guidance on levels of fines for data breaches.

New technologies are a force for good – they fuel innovation, improve efficiencies, enhance communication, and increase productivity – but they also raise new challenges that can be harmful. We’ve witnessed in recent years how technology has had undesirable consequences, with data breaches and online surveillance resulting in widespread concerns over privacy, security, and the spread of disinformation. This has eroded trust in businesses and institutions, while simultaneously knocking the confidence of businesses to fully embrace technological change.

This month we look at the latest stories in the world of cyber, the lessons 2023 has taught us on how to improve cyber security, and the changes to the Online Safety Act.

The average cost of data breaches is increasing, particularly for smaller firms, while AI is increasingly used for both cyber security and malware.

Are you doing enough to manage the risk of cyber-crime and data breach in your business? Marsh Commercial will focus on the risk of cyber specifically to small practitioners, and may highlight the gaps in your cover that are leaving your business exposed.

Demystifying data. Before organisations can gain any value from data it is critical to have a clear data strategy that ties into an organisation's overall strategy.

Employees will welcome new guidance from the UK Information Commissioner’s Office (ICO) to help them comply with UK data protection rules if they monitor workers.

Businesses using or considering using biometric data and technologies will welcome a first-phase draft of proposed guidance on the application of data protection law, published by the Information Commissioner’s Office (ICO).

Businesses that fail to comply with rules requiring them to make it as easy for their website visitors to reject non-essential cookies as to accept them should consider amending their websites to ensure compliance, as the Information Commissioner’s Office (ICO) may be taking a stricter approach to enforcement in future.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Guidance from the ICO for organisations that wish to send electronic marketing messages (by phone, fax, email or text), use cookies, or provide electronic communication services to the public.

Guide from the ICO explaining the provisions of the UK GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.