Information law - brief updates
Solicitor Natalie Ruane summarises the latest information law updates.
SME Self-Assessment Tool
The Independent Commissioners Office (ICO) has launched their new SME Self-Assessment tool for Data Protection compliance. https://ico.org.uk/for-organisations/improve-your-practices/data-protection-self-assessment-toolkit/
Fine for not using 'bcc' in email field
Bloomsbury Patient Network has been fined £250 after an email was sent with a newsletter to 200 patients whose email addresses were not hidden i.e. all their addresses were in the ‘to’ field rather than the ‘bcc’ field. This meant that every recipient could see all 200 email addresses many of which contained patients’ full or partial names. As the Network is a trust and therefore the trustees are personally liable to pay the fine, the fine is therefore reflective of this. If this had been an incorporated association the fine would have been much bigger and could have been up to £500,000.
General Data Protection Regulation
The Article 29 Working Party has adopted an action plan to help it focus on its priorities to implement the General Data Protection Regulation. The Working Party’s replacement body is to be called the “European Data Protection Board” and the plan focuses on a one stop shop to assist consistency and practices. A statement about the plan can be found at http://ec.europa.eu/justice/data-protection/article-29/index_en.htm
About the author
Natalie is a Partner and leads the Employment Law & HR team and specialises in education.
Published: Monday 21st March 2016
Categorised: Information Law