Information Commission's Office (ICO)

The latest in the series of blogs from the UK Information Commissioner’s Office (ICO) looks at some of the myths around data breach reporting under the General Data Protection Regulation (GDPR). Given the misleading press stories on this topic, the ICO’s blog should provide some welcome clarification for concerned businesses as they prepare to comply with the GDPR.

Myth 1: All personal data breaches will need to be reported to the ICO.

This is not correct. It will be mandatory to report a personal data breach to the relevant supervisory authority under the GDPR if it is likely to result in a risk to people’s rights and freedoms. However, you don’t need to report the breach if this risk is unlikely.

Continue Reading ICO sets the record straight on data breach reporting under the GDPR

“Do as I say, not as I do”

It is difficult to miss the irony of the ICO’s first-awarded fine for nuisance calls since taking over the Telephone Preference Service (TPS), as reported in our earlier blog in December.

IT Protect Ltd., a Bognor Regis firm in the business of selling a call-blocking device that purportedly stops unwanted marketing calls, was fined £40,000 on 11 January by the ICO for making nuisance calls. After more than 30 complaints were received, the ICO investigated and found that IT Protect Ltd. had been making unsolicited marketing calls for more than a year to people registered with the TPS.
Continue Reading “Do as I say, not as I do”: A business specialising in blocking unsolicited marketing calls is fined for making unsolicited marketing calls

Office of Fair Trading (OFT) research into how online businesses use consumers’ information to influence prices has raised concerns over how UK companies collect and use consumer data. The report on Personalised Pricing found that many consumers are concerned with the extent of personal information collected and used online. OFT points out that websites failed