Insights

A Wealth of Data- Using Public Information

The latest investigation by the Daily Mail into the use of publicly-available personal information has hit the headlines. This time, the activities of university alumni and development teams is under the spotlight.

Sadly, it’s the same mixture of issues first aired into the conduct of charities back in late 2016. The article has the same, slightly confused, bundling and conflating of issues:…

Read more


Nov 21, 2017

GDPR- What Are You Waiting For?

As the countdown to the GDPR enforcement date ticks away, organisations are starting to get to grips with their data protection responsibilities. However, a common theme is emerging at conferences, in online discussions and at meetings – the challenges of finding the “right” answers.

Data protection law is not a checklist of actions, or a list of ‘do and don’t’ rules. It uses language such…

Read more


Nov 09, 2017

Morrisons High Court Case

This week a trial is ongoing in the High Court which many data protection professionals and in-house lawyers are watching carefully. It is part of a class action by the employees of Morrisons (the supermarket chain) who were affected by the exposure of their payroll data in 2014 by a former colleague with a grudge; and this particular legal action is about the extent of Morrisons’ liability for…

Read more


Oct 11, 2017

Taking the 'Con' out of 'Consent'

GDPR myths and realities – legitimate interests and consent

In many ways, the GDPR is not very different to the Data Protection Act. This is true for the requirement to justify which of the six lawful “basis for processing” you are relying on to legitimise the processing (activity) in question.

Some have been, and remain clear: in life or death situations, I need to process…

Read more


Sep 13, 2017

Changes to the ICO Subject Access Code of Practice

The right of an individual to be told whether an organisation is processing their personal data and be given access to that data (“subject access”) is a significant one in data protection law, and was the most

Read more


Aug 07, 2017

FPS Goes Live!

This week the Fundraising Preference Service (FPS) was launched by the Fundraising Regulator, in response to concerns about charity marketing, which have been raised over the last couple of years and in anticipation of the more stringent controls on the use of personal data that GDPR will bring.

The FPS is an online tool that will allow individuals…

Read more


Jul 11, 2017

Charities face £25k fines for pestering? Maybe, maybe not...

The frontpage headline of The Daily Telegraph today, 4th July 2017 - "Charities face £25k fines for pestering" - risks bluring some key issues. 

The Fundraising Regulator is about the launch the Read more


Jul 04, 2017

Better the devil you know – personal data breach reporting and GDPR

The ICO Annual Report for 2016-17 has been published. Among the findings reported is the number of self-reported data protection incidents, broken down by sector.

Read more


Jun 15, 2017

Updating consent – implications of the Flybe and Honda fines

On 27th March 2017, the ICO issued Monetary Penalty Notices to Honda and

Read more


Apr 27, 2017

Back to top