Articles

Data Protection Impact Assessments - learn about when you need to conduct a DPIA and how in this webinar hosted by Bristows LLP.

How improve your data discovery, mapping & compliance Understanding where your data is located across all your systems is an ever-evolving challenge, but forms the bedrock of your data...

Understanding where your data is and what it's used for is crucial. But in practice this is challenging. What approach can you take?

Efforts continue to try and agree the final text of the ePrivacy Regulation. Reaching a consensus has proved very challenging since the first draft was published 3 years...

On 8th January the ICO published a draft code of practice for the marketing community. It’s entitled “Direct Marketing Code of Practice”. The use of the term “Direct Marketing”...

Can you ask your customers to send on your marketing to their friends? The answer, according to the ICO’s draft Direct Marketing Code, is NO! The regulator says for...

A call for your views. The ICO's draft direct marketing code is open for public consultation. The DPN will be providing feedback. Give your comments to further...

Just when I thought January was feeling dull, I got my hands on the ICO’s much-anticipated draft Direct Marketing Code of Practice! This replaces the Regulator’s existing Direct Marketing...

If you’ve not yet planned or even considered the data protection impact of Brexit, and specifically data transfers with the European Union, you can breathe a temporary sigh of...

Privacy Predictions for 2020 - what's in store for us next year? The trends, enforcement and organisational imperatives - What do our esteemed DPN Advisory Board believe is in...

  In a bid to find consensus the European Commission has announced it’s preparing a revamped ePrivacy proposal. This follows the recent rejection by EU member states of the...

Ensuring you don’t store personal data for longer than you require it, is a core data protection principle – one which we all know is both complex and challenging...

What is responsible marketing? What core values should you embrace and what type of projects can marketers apply these values to? Here are my six pillars of responsible marketing;...

  Have you or your team gone the extra mile to ensure a privacy aware, customer focused approach to a project, initiative or marketing campaign? Or do you know...

  How do organisations protect children’s privacy online?  What are your legal and ethical responsibilities? In this webinar one of the country’s leading privacy lawyers, Robert Bond from Bristows...

   As the dark, creeping realisation dawns that a personal data breach may have occurred, staff who think something has gone wrong are faced with an urgent and important...

  In the run up to ‘GDPR Day’ on 25th May 2018 there were warnings data protection was set to become the new PPI and fears spread of ‘ambulance...

Has opt-in suffered a blow? It’s now official that opt-in for all forms of direct marketing has not proven a success for the RNLI, despite earlier reports to the...

ePrivacy Regulation – first draft 2017, so what’s happening two years on? The ePrivacy Regulation is set to replace the 2002 ePrivacy Directive (and subsequent amendments) which currently sits...

Data Breach! Are you ready should the worst happen? We’ve all seen the headlines, data breaches are weekly if not  daily news. Regulators across Europe are busy wading through...

This award has been launched to recognise a contribution made to Responsible Marketing, giving a team or an individual credit for a creative and privacy aware project or initiative.

Could the Right of Access leave consumers open to privacy risks? News that an Oxford University PhD student and cyber security researcher, managed to collect personal data about his...

Cookie guidance updated Last week, the ICO published their updated guidance on the use of cookies and other similar technologies. This is to be welcomed as there were some...

CCPA: What businesses need know The Californian Consumer Privacy Act (CCPA) ushers in new rights for Californian residents and compels companies that operate in California to implement changes or...

Publishers, advertisers, adtech firms, start-ups and privacy activists are all united in a strong interest in online advertising and programmatic delivery . After all, it represents the lion’s share...

10 Takeaways from ICO’s Update Report The ICO has published an Update Report on AdTech and Real Time Bidding (RTB). The clue is in the word “update” in that...

We’ve heard the comparison with the millennium bug – the sky didn’t fall in on 25th May… ‘where are these game-changing fines? This is the Y2K bug all over...

Transparency, Control and the Right to be Informed Let me take you back a year, to April 2018 – a time when there was a considerable flurry to ensure...

Why GDPR and Data Governance go hand in hand Like G&T, data governance is not a new concept. It has been recognised for years as a method of protecting...

The Fundraising Regulator has warned that 59 charities could be in breach of data protection law for failing to apply suppression requests made via the Fundraising Preference Service (FPS)...

10 tips for making sure your customer database is match fit GDPR provided a golden opportunity for companies to reduce the size of their databases. It was often surprising...

GDPR put a significant spanner in the world of digital advertising, which disparate parties with different vested interests have been grappling with now for months. How can organisations provide...

Data Protection Officers – What are the challenges? What areas would DPOs like more guidance on? Do you have what it takes to be a DPO? “GDPR impacted every...

“Legitimate interests is the most flexible lawful basis for processing, but you cannot assume it will always be the most appropriate” UK Information Commissioner’s Office Let’s say you want...

This survey closed on 12th February 2019. DOWNLOAD: DPO Survey Results Report Calling all DPOs! This research survey is being conducted to ask DPOs about their experience and to...

2018 data protection highlights, surprises and amusing moments, in 50 words or less, from our DPN board members and friends. We also have some predictions for the year ahead…...

The right of access is nothing new, but GDPR has caused a surge. The sheer volume of requests presents a challenge, as do the more privacy-savvy questions being asked....

Although it may be rejected amid the political maelstrom raging around Brexit, there are some key aspects of the draft EU-UK Withdrawal Agreement which concern data protection. What’s encouraging,...

On November 8th, Privacy International (PI) filed complaints under the GDPR with data protection regulators in UK, France and Ireland against data brokers Oracle and Acxiom, credit reference agencies...

As those in the know recognise, data protection is not just about GDPR. Many of us have been waiting for GDPR’s EU counterpart, the new ePrivacy Regulation for a...

The Court of Appeal has ruled this week that Morrisons must pay compensation to thousands of employees who were victims of a data beach in 2014. The supermarket chain...

As a mother of three children under the age of 12 years old and working in the data protection industry, I have the fortunate position of wearing ‘two-hats’ whilst...

We hear much about good GDPR compliance, and how to meet the seven data protection principles – to be accountable, transparent, lawful and so on. But sometimes, in order...

The current season of the hit Channel 4 show The Great British Bake Off has, like previous years, gripped the imagination of the British public, with millions tuning in...

Finding spam a nuisance and being anti-spam is a default setting for all of us these days. Even as technology evolves and our mailboxes become smarter in reducing this...

Cookie notices, splash pages and various consent management platforms are everywhere. If you’re struggling to wade through the mire that is cookie compliance, watch our cookie webinar with Robert...

A first draft of a new ePrivacy Regulation was published back in January 2017 when it had been hoped it would be implemented alongside GDPR. This clearly became far...

GDPR-weariness has flourished after the frenetic preparations in the run-up to 25th May. However, GDPR isn’t about quick fixes and compliance doesn’t stop after the sparkly new privacy notice...

In the run-up to GDPR enforcement day, many thought the only game in town when it came to lawful bases for processing personal data was Consent. It seemed Article...

Following hot on the heels of the General Data Protection Regulation (GDPR) in Europe, Californian lawmakers have passed perhaps the strictest privacy legislation in the United States to date....

I knew there would be confused messages about the GDPR, given the scale and ambition of the legislation. With that in mind, I warned clients the public’s initial understanding...

We’re now in the final stretch. Just days to go to “that date”. I’d like to think that regular visitors to the Data Protection Network have all laughed at...

How U.S. based companies are tackling GDPR compliance and how they can decide which sources of guidance will help not hinder their efforts Whether it is the release of...

With time running out everyone is feverishly trying to ensure compliance with the GDPR. But while focusing on the GDPR, are the current rules surrounding electronic marketing communications being...

Despite several months until the GDPR implementation articles are already appearing in the press, focussing on the data rights individuals will have. Many of these are inaccurate (I saw...

Rumours are circulating that the final Consent Guidance from the Information Commissioner’s Office may be further delayed, it had been anticipated early in the New Year. This presents an...

“This is so brilliant. It’s like Gardener’s Question Time for GDPR enthusiasts!” When and how might you be able to rely on Legitimate Interests as the lawful basis for...

While the data protection community has been busy grappling with the GDPR, another piece of legislation could have an even more significant impact. This is the new ePrivacy regulation,...

Are you preparing to roll out new permission statements to collect personal data to a GDPR standard, but wondering what to do about your existing data? Can it be...

In our webinar on 12th September 2017, our panel discussed and took questions on the use of Legitimate Interests as a lawful basis for processing personal data under the...

We are all clamouring for advice about the GDPR; why hasn’t the Information Commissioner’s Office provided us with comprehensive guidance on consent, profiling, children’s data, accountability? And, so the...

As final ICO guidance on consent gets pushed back to the end of the year and we still await the final text of the proposed ePrivacy Regulation, we can...

Back in March there was a clamour of excitement, with the ICO publishing draft guidance on consent under the forthcoming GDPR. The Regulator also began a consultation, for organisations...

The DPN publishes its highly anticipated guidance on  Legitimate Interest under the GDPR In the face of tighter rules surrounding consent under the forthcoming GDPR, many organisations are looking...

Unless you were just rescued from being a castaway on a deserted island for the past two years, you will be aware of the headline grabbing news about how...

For nearly twenty years individuals have been able to sign up to the Mailing Preference Service (MPS) or the Telephone Preference Service (TPS) to prevent unwanted marketing mail or...

Data sharing can have positive benefits for consumers. However, little has been done to inform them of the value they might gain when their data is shared. This has...

In the Queen’s Speech (outlining the new UK Government’s programme) a new Data Protection Bill has been announced. But don’t think this gets you off the hook with the...

For most organisations trying to ensure compliance and manage budgets, guidance on key areas of the GDPR can’t come soon enough. Susan Corless, Client Relationship Manager at TwentyCi says...

Ahead of the forthcoming UK General Election the Digital Economy Act has been passed and it brings with it a fundamental change for Direct Marketing. At present organisations can...

Charities, be very aware! You need to inform your supporters if you carry out wealth-screening, you need opted-in consent to share their data; clearly saying who you might share...

The GDPR will become a reality on 25 May 2018, but do you really know what it will mean for your business? We are beginning to get a clearer...

‘Active’ Opt-in is a near certainty – but how can obtaining ‘granular’ consent be achieved in a clear and concise manner? Will there really be no ‘grace’ period after...

The use of Legitimate Interests as a legal ground for processing personal data under the EU General Data Protection Regulation poses a number of questions – When might they...

The ICO have finally issued their much anticipated guidance on consent under the EU General Data Protection Regulation. The highlights are that consent will require an opt-in and third...

The changes the EU General Data Protection Regulation (Regulation (EU) 2016/679) ushers in shouldn’t be underestimated. It is a substantial piece of legislation with wide-ranging consequences. Are you ready?...

It’s crucial for charities to focus on ensuring they have appropriate consent from their supporters. New guidance has been published by the Fundraising Regulator on handling personal information and...

“We would like to share your details with selected third parties…” Consumers dislike it, assuming it means ‘anybody’, and in some cases they’re probably right. Adding ‘carefully selected third...

Organisations already grappling to comply with the General Data Protection Regulation now face the prospect of ensuring compliance with two regulations. The European Commission has announced it aims to...

The Digital Economy Bill which appears to be quickly making its way through Parliament could have a significant impact on Direct Marketing. The Bill which, among other things, aims...

2016 was undoubtedly a tumultuous year politically with ramifications in the data protection arena, so what’s on the horizon for 2017? Here are some thoughts from the Data Protection...

The official draft of the new ePrivacy legislation is not expected to be published by the European Commission until January 2017, however a leaked draft has given many of...

The current Data Protection Act 1998 puts the legal onus for compliance squarely onto the Data Controller. Data Processors are therefore only obliged to do as they are instructed...

Article 20 of the General Data Protection Regulation (Regulation EU 2016/679) (GDPR) gives every data subject “the right to receive the personal data concerning him or her concerning him...

Finally a decision – the UK will adopt the EU General Data Protection Regulation – GDPR – on 25th May 2018. Making the announcement, Secretary of State Karen Bradley...

A new code for privacy notices: on 7th October the UK Information Commissioner’s Office (ICO) published their new code of practice of communicating privacy information to individuals. The ICO...

Are you human? Can you be sure that the conversations you have on the web are with living, breathing human beings or machines programmed to interact with you, without...

The dreaded Subject Access Request strikes fear into the hearts of Data Compliance Officers and DPOs across the land. No SAR is the same, they must all be treated...

Sir Stuart Etherington’s review of fundraising self-regulation proposed a new kind of preference service, enabling consumers to better manage their preferences for fundraising contact by charities. This proposal was...

Since the vote to leave the European Union, Data Protection commentators have been offering their views about what the future of privacy legislation in the UK will look like....

Jumping through the data compliance hoops: Why ISO 27001 is the future for data communications The last 12 months have seen some high profile – and dare I say...

The Fundraising Regulator was launched on 7th July 2016, taking over responsibility for regulating fundraising activity by charities from the Fundraising Standards Board (FRSB). Protection of donors, particularly vulnerable...

After nine long months of negotiations, the new EU-US Privacy Shield has been born.  It replaces the Safe Harbor Agreement which was ruled invalid by the European Court of...

Theresa May, the UK’s new Prime Minister, has said it: “Brexit means Brexit.” So does GDPR matter? The short answer is yes… and you shouldn’t shelve your GDPR plans....

The UK has voted to leave the EU, but despite the political drama life isn’t going to change any time soon. Under Article 50 of the 2007 Lisbon Treaty,...

I’m watching the American presidential race with some amusement, or is that bewilderment, as I’m sure most people with half a brain are. Some of the sheer drivel being...

In Data, it never rains… but it pours. In addition to the hefty General Data Protection Regulation, organisations also need to be prepared for changes to ePrivacy rules. The...

The Information Commissioner is to be given more powers to tackle nuisance calls, texts and emails. This could see a ‘best practice’ guide becoming legally binding; a seismic shift...

“We need to await further guidance on …” is the phrase on everyone’s lips in meeting rooms across the UK. The final General Data Protection Regulation text has been...

This Summer, Elizabeth Denham takes up her position as new Information Commissioner. She replaces Christopher Graham, taking responsibility for decisions surrounding the Freedom of Information Act, data protection and...

At the DPN’s well-attended DP Exchange event in London, the message was clear: for third party data providers and users alike, more value must be placed on quality over...

How do suppliers and users of third party data adapt in the face of stricter regulation?  Andrew Bridges talks about the challenges ahead. May 2016

Many organisations need to recruit a Data Protection Officer ahead of the implementation of the EU General Data Protection Regulation (GDPR) on 25th May 2018. Sara Howers gives an...

In its recently updated Guidance on Direct Marketing, the ICO has focussed on charity fundraising, provided more clarity surrounding obtaining consent and (specifically) highlighted third-party consent. A tightening up...

While many companies located in the US welcomed the announcement of the EU-US Privacy Shield program (or the “Program”) as a replacement to the now defunct Safe Harbor, criticisms...

The British Red Cross has signed a written undertaking with the Information Commissioner’s Office. In a move likely to be viewed with interest by other charities, the organisation is...

3rd March 2016 A capacity audience at the DMA Data Protection 2016 conference heard warnings from Government and the ICO that the nuisance call industry was under concerted attack....

To say that reactions on Twitter to the new Privacy Shield have been mixed is a significant understatement. The release of the details of the scheme by the US...

Revolution in the data protection world may have passed most consumers by but the General Data Protection Regulation (GDPR) will change the way that personal data is handled.  Whilst...

Dear Santa I have a few questions for you about how you are managing my personal information. Now, this is not a formal “subject access request”, nor a “right...

We seem to hear about a new data breach every day, but how would you start to deal with it if the worst happened to your organisation? Watch our...

Now, there is no place to hide – all companies who trade in personal data for marketing purposes are squarely in the ICO’s spotlight as its crackdown on nuisance...

When the Daily Mail launched a campaign to clean up fundraising, charities knew it was a game changer. They now face a stricter regulatory world; one where ensuring people...

Talk Talk’s reputation has been seriously compromised in the aftermath of its cyber-attack and the company is taking a £30 million hit to put things right, but the list...

Losing data, selling data without permission, unsolicited text messages and dodgy telemarketing calls are the most likely offences to cost businesses money. The ICO has recently issued its largest...

The European Commission has reiterated its wish for a swift agreement on a new Safe Harbor agreement. It has urged U.S. authorities to take the next step in on-going...

This guide aims to give practical advice on how to effectively handle common queries you might receive from consumers, about how your organisation is using their personal data. Can...

Effective data compliance and customer service free up businesses to do what they do best – business. Failure in customer service, on the other hand, can hinder sales and...

What are the key areas you need to consider when collecting personal data to use for marketing purposes?  Data compliance specialist Jenny Moseley (Owner of Opt-4) gives her top...

Opt-4’s Rosemary Smith discusses the right ways to export data legally from Europe The European Data Protection directive upon which current local laws are based (Directive 95/46/EC adopted in...

As children have become more financially active at an early age, marketers have begun to interact with them directly, rather than through their parents or guardians. Although not specifically...

European data protection law gives individuals (and some business people) the right to prevent direct marketing approaches. When it comes to the telephone channel, this right can be exercised...

The perennial problem of SPAM continues to bother both privacy regulators and marketers (not to mention annoying a fair number of consumers). Seemingly countless international anti-SPAM groups have formed...

This question about applicable law is a perennial one. Where marketers are ‘pushing’ their messages to specific individuals the applicable law currently depends on the channel used. In the...

Tempting, isn’t it? You are offered an email marketing list of business individuals at half the normal price but you find that the data has been obtained from the...

Rosemary Smith, founder of the DPN and Andrew Bridges, data governance manager at Nectar owner AIMIA, chatted through their 10 biggest concerns for new data regulations coming from both...

It is not unusual in organisations for there to multiple systems which are used as repositories for personal data and marketing permissions. This can lead to a disconnect which...

The EU draft General Data Protection Regulation (“the Regulation”) includes the concept of certification and the granting of a European Data Protection Seal as a form of trust mark...

In a move which demonstrates the value of clarity when collecting data, Guardian News and Media has debuted a new privacy video to explain why customer data is so...

For the first time since the Personal Data (Privacy) Ordinance (“PDPO”) came into force in 1996, an individual has received a jail sentence for a breach of the PDPO....

If you’re coming to the role of data protection advisor (DPA) or even Data Protection Officer (DPO) for the first time you’re going to need to know the legal...

Just because you can, does not always mean you should! The exponential growth of available data (big data) means that big analytics and big research projects are expected to...

Big brands work hard to create “halos” around their products and services but becoming (and remaining) a trusted data controller has only recently become a bankable brand value. Research...

An Internet search defines privacy as “freedom from interference” but that’s only one interpretation. It is certainly not what we mean when we talk about privacy in the context...

Are UK businesses sleepwalking into data disaster? Let’s face it, data protection isn’t the sexiest subject in the world and companies have a lot of other issues to think...

As a small business, do I need to appoint someone to look after privacy compliance? Ask the question “who wants to be data protection compliance officer?” in your company...

Privacy by design (PbD) is a concept that many would think is reserved for academics and the public sector but they would be wrong! Given the significant emphasis on...