Tracey

About Tracey Wakelam

Tracey’s experience covers a range of information law, intellectual property issues with an emphasis of data protection and privacy matters. Tracey has also advised on a wide variety of commercial contracts. Before joining Probert Legal, Tracey spent three years as Senior Legal Officer for the Commercial Team at Cornwall Council. Here she was the lead legal advisor to CORMAC, Cornwall Council’s highway company. Tracey also provided legal advice to all council departments on commercial matters. Prior to this Tracey spent three years as Legal Advisor to the Office of Government Commerce Legal Team in Westminster where she advised on commercial contracts and trade mark and copyright licensing. Tracey was instrumental in setting up the first formal licensing scheme for the UK government owned brands PRINCE2 and ITIL.

Yet more changes to Data Protection Laws!

As if we didn’t have enough changes on the horizon in the world of Data Protection Law, the UK government has decided to add yet more to the mix with its recently published “DP Bill – Statement of Intent”. This statement aims to give some details about how the UK government intends to implement the data protection reforms both from Europe and its own new laws.

We already know that the General Data Protection Regulation will become UK law in May next year and since this is before the date that the UK leaves the EU, then we will have to prepare and comply with its requirements. The government has already said that it will ensure that the provisions of the GDPR remain UK post Brexit, a necessity for data transfers between the UK and Europe once it is no longer an EU member.

So why has the government now decided to put yet more legislation into place? Well, this bill adds some details to questions that the GDPR has not yet answered. So, we know now that the government intends the age upon which a child can make their own decisions in relation to his or her data will be 13. The government has […]

By |August 24th, 2017|Blog|0 Comments|

New Rules for Online Content Providers – good news for consumers, but more headaches for app and website owners!

If you have ever tried to access your Apple music or Spotify account abroad, you have probably found that if either told refused you access for being “out of territory” or let you in only to kick you out again a few days later. Well the EU have come up with a solution to this problem with the “Regulation on cross-border portability of online content services”.

The regulation basically requires anyone operating an website/app which allows consumer to access online content in return for a fee, to access the same content in any other member state where they are temporarily resident.

There are some limits to this, the consumer must be a resident of a member state and the website/app owner can carry out reasonable checks on residency. The quality of the content does not have to of the same standard as that in the member state that the consumer resides, unless the website/app owners makes quality guarantees in its terms and conditions. If this is the case, then these guarantees must apply to content accessed across the EU. In addition, the regulation does not apply where the content is free, unless the website/app owners wishes to make it available.

Whilst this is great news for […]

By |August 24th, 2017|Blog|0 Comments|

PREPARATION FOR THE GENERAL DATA PROTECTION REGULATION: YES/NO checklist

There is an accompanying GUIDANCE NOTE which runs to 10 pages and is too large to include as part of a blog.  Please contact Tracey Wakelam at  TraceyWakelam@probertlegal.com to get your free copy.

 

Awareness and Training
Notification to the board of the GDPR and its implications
Appointment of senior staff with DP responsibilities
Do we need to appoint a DPO?
Reporting structure for DP compliance
Will any budget or further budget be allocated?
Roll out general DP training for all staff
Is any additional training required for staff with specific DP responsibilities
Procedure in place for new starters/refresher courses
 

 Identify what Personal Information is held

Can you Identify all systems where personal information is held?
If you cannot identify what personal information you hold – carry out a data protection audit
 

How did you collect the personal information and what do you do with it?

How did you collect the personal information? Have you documented this?
Under what condition in the GDPR will you be processing the personal information? Have you documented this?
What do you do with the information? Have you documented this?
Who do […]

By |April 24th, 2017|Blog|0 Comments|

Have your say on the GDPR Consent guidance!

The Information Commissioner’s Office (ICO) has just issued a draft version of their guidance on consent under the upcoming General Data Protection Regulation (GDPR). They have asked for any comments or input on the guidance to be sent to them by 31 March 2017.

The draft guidance gives further detail on what the ICO will expect organisations to be doing in order to properly obtain consent to process personal data. Amongst other issues, the draft guidance makes it clear that pre-ticked boxes will no longer meet the requirements of consent, as the consent needs to be unambiguous and requires a clear affirmative action.

The ICO also emphasises how important it is to keep good records of consent and to check that existing consents meet the new requirements after May 2018. If an organisation is unable to meet the new requirements for consent, then they should be looking to see if they can met another lawful basis for processing personal data under the GDPR.

If you want to have your say on the guidance, the consultation and draft guidance can be found here.

The GDPR is going to be the biggest change to data protection laws since the Data Protection Act came into force in 1998. If […]

By |March 8th, 2017|Blog|0 Comments|

New ePrivacy rules planned for Europe

The European Commission has published plans for new legislation to safeguard the privacy of an individual when using electronic communications. The Commission wants to update the current rules to take new technology into consideration. The main changes are:

  • Extending eprivacy to new providers of electronic communications (eg Whatsapp, Messenger, FaceBook etc).
  • Changing the rules on cookies so that users are not bombarded with pop ups asking for consent.
  • Tighter rules on electronic marketing (such as making marketing companies identify themselves using prefixes).

The proposals also state that the Commission intends to be more pro-active in negotiating with other countries to reach “adequacy decisions” which allows the free flow of personal data to that country. They also want to see more use of the other tools in place to allow international data transfers.

The Commission wants to see this legislation in place by the time the General Data Protection Regulations come into force in May 2018. This means that the changes could potentially affect the UK before it leaves the EU. In any event, it is highly likely that the UK will implement this legislation post Brexit if it wishes to continue to trade with EU countries.

The statement from the Commission can be found here.

If […]

By |January 16th, 2017|Blog|0 Comments|

The GDPR set to become UK Law

The Information Commissioner’s Office has confirmed the position of the UK government in relation to the upcoming changes to the EU data protection laws. The government has stated that it will opt into the full General Data Protection Regulation (GDPR) regardless of what happens with Brexit.

The blog on the ICO’s website can be found here and gives more detail on what the ICO will be doing to assist organisations to plan for future compliance with the GDPR.

The GDPR is going to be the biggest change to data protection laws since the Data Protection Act came into force in 1998. If you would like to discuss how these changes will affect your organisation, please contact Tracey Wakelam at traceywakelam@probertlegal.com. Exeter solicitors covering Devon, Cornwall and the rest of the UK.

By |November 7th, 2016|Blog|0 Comments|

Information Commissioner’s view on the Privacy Shield

We have previously blogged on the Privacy Shield and the changes to international data transfers. We now have guidance from the Information Commissioner’s Office on what an organisation needs to do when undertaking personal data transfers to countries outside of the EU and where that country has not been declared to provide adequate protection by the EU.  The ICO confirms that the Privacy Shield has been declared to provide adequate protection for international transfer by the European Commission and also that organisations can still rely on the model contractual clauses and binding corporate rules.  However, the guidance does state that there are ongoing court cases which may impact on the Privacy Shield and also the Article 29 Working Party who scrutinize EU data protection laws have stated that they will review the Privacy Shield in a year’s time.  So there still may be more changes to come. We will keep you updated and the ICO has promised further guidance before the end of the year.

The ICO guidance is available here.

If you would like advice on how your organisation can start preparing for the new data protection legislation, please contact Tracey Wakelam at traceywakelam@probertlegal.com. Exeter solicitors covering Devon, Cornwall and the […]

By |August 9th, 2016|Blog|0 Comments|

Information Commissioner’s Office to be told to produce Direct Marketing Code

The planned new legislation of the Digital Economy Bill will give greater weight to the ICO’s code of practice for direct marketing.  The ICO has published a code for direct marketing organisations for several years now and it is not expected that this will be revised in the foreseeable future. The current code will however be given additional weight and businesses which employ direct marketing techniques should check that they are fully complying with the code. The ICO published the latest version of its code of practice earlier this year and this can be found here.

If you would like advice on how your organisation can start preparing for the new data protection legislation, please contact Tracey Wakelam at traceywakelam@probertlegal.com. Exeter solicitors covering Devon, Cornwall and the rest of the UK.

 

By |July 26th, 2016|Blog|0 Comments|

BREXIT or not, the General Data Protection Regulation requirements will still apply to UK businesses

This week we have had confirmation from Baroness Neville-Rolfe (Parliamentary Under Secretary of State at the Department for Business, Innovation and Skills) and from the Information Commissioner that whatever path the UK takes in order to implement BREXIT, the requirements of the GDPR will have to be complied with by UK businesses wanting to transfer personal data to and from the EU.  The speech of Baroness Neville-Rolfe can be found here and the blog article from the ICO is here.

We have produced a video on the main points for UK business and can offer advice and guidance on implementation of its requirements.

If you would like advice on how your organisation can start preparing for the new data protection legislation, please contact Tracey Wakelam at traceywakelam@probertlegal.com. Exeter solicitors covering Devon, Cornwall and the rest of the UK.

By |July 12th, 2016|Blog|0 Comments|

New ICO Guidance on the General Data Protection Regulation

The Information Commissioner’s Office has just published its latest guidance on the  General Data Protection Regulation (GDPR). The ICO began drafting the guidance before the BREXIT referendum, but has confirmed again that it is still relevant to organisations wishing to transfer personal data to and from the EU. The guidance is a good overview of the changes that need to be implemented between now and 2018 and can be accessed here.

If you would like advice on how your organisation can start preparing for the new data protection legislation, please contact Tracey Wakelam at traceywakelam@probertlegal.com. Exeter solicitors covering Devon, Cornwall and the rest of the UK.

By |July 12th, 2016|Blog|0 Comments|