Our latest data protection update of news and developments over the summer months of July and August.
Key points to note are as follows:
- New developments on Subject Access Requests – both a new Code of Practice from ICO and a new case on the impact of subject access on liquidators
- There was no let-up in enforcement over the summer. Interestingly, one enforcement notice prohibited the data controller from processing personal data until it had completed a Privacy Impact Assessment (amongst other remedial actions). Is this the influence of the new draft Regulation being felt already?
- The First-Tier Information Tribunal set aside a monetary penalty of £250, 000 issued by the ICO in a decision which explores the liability controllers have for their processors as well as the ICO's potentially flawed process for deciding monetary penalties
- Article 29 Working Party Opinion on the re-use of EU public sector information
- EDPS Opinion on data protection implications of the Commission's anti-money laundering proposals.