On 8th February we were extremely pleased to receive a lovely review on Google:
The European Commission has published guidance on the EU data protection rules under the General Data Protection Regulation (GDPR).
The guidance outlines what the European Commission, national data protection authorities and national administrations still need to do to bring preparations for the GDPR to a successful conclusion.
The Commission has also launched a new online tool to raise awareness of the GDPR and help citizens, businesses, in particular SMEs, and other organisations to comply with and benefit from the new data protection rules. European GDPR webpages.
The government has accepted the recommendations of the Working Group on Product Recalls and Safety and set out its plans for implementing them, including the establishment of a new Office for Product Safety and Standards (OPSS).
Priorities for the OPSS will include setting up an incident management capability to respond to national product safety issues and making the government’s product recall web pages more accessible.
The government has also announced that a detailed Code of Practice on product corrective actions (including recalls) will be published in early 2018.
These developments will be of interest to manufacturers and retailers of relevant consumer products, such as white goods, electrical goods, toys, clothes and cosmetics. OPSS webpages.
The government has launched the Small Business Commissioner (SBC) complaints scheme, giving small businesses (essentially, those with a staff headcount of less than 50) an extra means of holding larger businesses to account if there are problems about getting paid. Typically, a complaint must be brought within 12 months of the issue but this may be extended. Make a complaint.
The Charity Finance Group (CFG) has launched a new free guide for charities on the General Data Protection Regulation ((EU) 2016/679) (GDPR) . The guide aims to help charity trustees, staff and volunteers understand the practical impact that the GDPR will have on their charity and its work. Read the guide.
The Charity Commission has published a new strategy for dealing with safeguarding issues in charities. It stresses the duty of charity trustees to proactively safeguard and promote the welfare of their charity’s beneficiaries. Get a copy.
The High Court said that Wm Morrisons Supermarkets PLC, was vicariously liable for the deliberate and criminal disclosure by a rogue employee of personal data belonging to co-workers.
(Various claimants v Wm Morrisons Supermarket PLC  EWHC3113 (QB))
The UK regulator, the ICO, has ‘huge concerns’ over Uber breach – http://www.bbc.co.uk/news/technology-42079937
The short answer is no longer than necessary.
Personal data will need to be retained for longer in some cases than in others. How long you retain different categories of personal data should be based on individual business needs. A judgement must be made about:
- the current and future value of the information;
- the costs, risks and liabilities associated with retaining the information; and
- the ease or difficulty of making sure it remains accurate and up to date.
There are various legal requirements and professional guidelines about keeping certain kinds of records – such as information needed for income tax and audit purposes, or information on aspects of health and safety. If an organisation keeps personal data to comply with a requirement like this, it will not be considered to have kept the information for longer than necessary.
The CIPD have a great resource regarding HR records which can be found here.
The UK’s third generation of data protection law has entered Parliament.
The Data Protection Bill was published on 14 September 2017 and aims to modernise data protection laws to ensure they are effective in the years to come.
The Information Commissioner’s (ICO) website has been updated to include a new section about the Data Protection Bill.
This explains the relationship between the Bill and the GDPR, detailing the additional areas the proposed new legislation covers. It also includes links to the ICO’s GDPR and Law Enforcement pages and to a Data Protection Bill fact sheet.