The e-newsletter of the Information Commissioner’s Office (ICO) for June 2017 addresses a number of important issues for firms of all types.
Firstly, the data protection regulator comments that, in the financial year 2016/17, it received more reported data protection breaches and fined more firms than ever before.
Information Commissioner Elizabeth Denham used the newsletter to repeat her plea, made on May 25 of this year, for firms to ensure they are ready for the implementation of the European Union’s General Data Protection Regulation. This comes into force on May 25 2018, and the ICO has published a guide detailing 12 steps firms should take in preparation for its implementation.
Ms Denham commented:
“If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”
Next, small and medium sized firms were reminded that they can request a one-day visit or a telephone consultation from the ICO, designed to assist firms with understanding their obligations regarding information security, records management, requests for personal data and other data protection issues.
In the light of the recent ransomware attack which affected the National Health Service, the newsletter also reminds firms and other organisations that they have a responsibility to keep the personal data they hold safe and secure. The bulletin includes a link to the ICO’s guidance on the issue of ransomware, and how to guard against these types of attacks.
Finally, the bulletin highlights some of the enforcement action the ICO has taken against firms whose electronic marketing practices breached the law. These included:
• A £100,000 fine for Onecom Limited for sending millions of spam texts about mobile phone upgrades
• A £40,000 fine for Concept Car Credit Limited, who sent hundreds of thousands of marketing texts about car finance and cars for sale, without checking that the recipients had actively consented to receiving the messages
• A £50,000 fine for Brighter Home Solutions Ltd for making marketing calls to individuals registered with the Telephone Preference Service. The firm was also served with a notice meaning it could face prosecution if it fails to improve its data protection compliance practices
• A record £400,000 fine for Keurboom Communications Ltd, which made almost 100 million automated marketing calls without seeking the prior consent of the recipients
The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article.