A stricter regime for profiling07 June 2016
UK ICO Suggests Preparations for Draft EU Data Protection Regulation
Consent: In the UK many organizations rely on implied consent to processing of data. It is possible that under the Regulation the standards to be met to rely on consent will be much higher, requiring explicit consent, and an ability to demonstrate that an individual knowingly gave their consent. The ICO suggests data controllers identify where they currently rely on consent to process, and how they obtain such consent, in case the Regulation requires changes in this area. Individuals may also have greater rights to require controllers to delete their data, so the ICO suggests thinking about how this would impact on the way data controllers manage their information systems.
Breach notification: Mandatory breach notification will almost certainly be introduced in some form so organizations should start planning for this now. Attendees of Hogan Lovells' recent London cybersecurity seminar will already be aware of the importance of developing breach handling protocols to combat intrusions, and personal data breach notification processes can be incorporated within these.
Data protection by design: This is the concept that privacy issues should be taken into account when developing new systems. The ICO already promotes this as a matter of good practice, so it is not surprising that it uses preparation for the Regulation as a way of promoting its use.
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016
Grounds for processing03 June 2016