Blog

According to a recent opinion from the Advocate General (advisor to the highest court in Europe) an IP (internet protocol) address is personal data, if it can be combined with other information that an organisation holds and results in the identification of the person visiting the website.

If you have cookies on your website which collect IP addresses, then this may be an issue for you. If you are processing personal data using cookies, it must be reflected in your Privacy Policy and you may also need a cookie pop up for first time users to your website.

If you would like to discuss IP addresses or any other data protection query, please contact Probert Legal Limited – experts in data protection law covering Exeter, Devon, Cornwall and the rest of the UK, Contact Tracey Wakelam at tw@www.probertlegal.com.

The General Data Protection Regulation was published on May 4, 2016 in the Official Journal of the European Union. It will become law in Europe in 20 days and UK organisations will then have 2 years to ensure that they are fully compliant with its requirements. The text is available here.

If you would like advice on how your organisation can start preparing for the new data protection legislation, please contact Tracey Wakelam at traceywakelam@www.probertlegal.com. Exeter solicitors covering Devon, Cornwall and the rest of the UK.

We reported at the end of last year that the GDPR would be in force by mid-March and so you may be wondering what is happening with its progress. The draft regulation has been the subject of further discussions within the European Council during the last couple of months, but on Friday the Council finally published its opinion on the text. This opinion will be sent to the European Parliament and it is expected that they will put the new regulation into place next week. We will keep you updated!

As experts in data protection law, Probert Legal can help you steer a path through the new legislation and ensure that your systems and procedures are robust.

For further information, contact Tracey Wakelam on traceywakelam@www.probertlegal.com. Solicitors in Exeter covering Devon, Cornwall and the rest of the UK.

The Information Commissioner’s Office (‘the ICO”) published amendments to its guidance for direct marketing organisations last week. The link to the ICO blog on the changes can be accessed here.

The new European General Data Protection Regulation will bring a number of important changes to the way data protection is handled by companies. The GDPR will require private sector organisations to appoint Data Protection Officers in a number of situations.

Unlike the Data Protection Act (DPA), both the controller of the data and the organisations appointed to process the personal information by the controller must appoint a DPO.

How do we know if a Data Protection Officer is required?

A DPO will be required in the following circumstances:

• When the organisation’s core activities require regular and systematic monitoring of data subjects on a large scale. In order to decide whether this applies, the organisation will have to consider the nature, scale and purpose of the processing.
• When the organisation is processing one of the “special categories of personal data” (see definition below) or criminal convictions or offences.
• Where the organisation is specifically required by law to appoint a DPO.

This is one of the areas where guidance should be issued by the European Data Protection Authoritiy as a matter of priority.

What about groups of companies?

A group of companies or organisations may appoint one DPO providing that they all have easy access to that individual.

Who should be appointed as a DPO?

The […]