+44 (0) 1392 345 400|info@probertlegal.com


Information Commissioner’s Office 12 Steps to take now!

The Information Commissioner’s Office (“the ICO”) have published this week some of its first guidance on the new General Data Protection Regulation (“the GDPR”). The “12 Steps to take now” document Is a checklist of what organisations should be doing now to prepare for the GDPR and is available here.

The GDPR is now expected to be finalised by July 2016 and this latest ICO publication is a must for all organisations starting to plan for the changes to the law. The GDPR should be fully in force by 2018.

Where can I get specialist advice?

As experts in data protection law, Probert Legal can help you steer a path through the new legislation and ensure that your systems and procedures are robust.

For further information, contact Tracey Wakelam on traceywakelam@www.probertlegal.com

By |March 16th, 2016|Blog|0 Comments|

What should I do if there is a Personal Data Breach?

The new European General Data Protection Regulation is set to become law in Spring 2016. This will significantly change the way businesses handle any personal data that they hold.

Let’s take a look at how the new law will affect personal data breaches, and what action you need to take if this should occur.

 What is a personal data breach?

There is a new requirement on all data controllers to report breaches of security that result in the accidental or unlawful loss or disclosure of personal information, if the breach results in a risk to the rights and freedoms of the individual. There will be guidance from the European data protection authority and the Information Commissioner’s Office (“the ICO”) on what this actually means, but the organisation will have to consider whether there is any risk to the individual arising from the breach (eg identity fraud, risk to reputation) and if so then it is likely that the breach should be reported.

How long does an organisation have to report the breach?

 The breach must be reported within 72 hours of becoming aware of it. The GDPR says the time limits must be complied with “where feasible” but the ICO will expect very good reasons for non-compliance.

What obligations […]

By |March 15th, 2016|Blog|0 Comments|

What is “Privacy by Design and Default” and how does it affect my business?

The Data Protection Act is being replaced by the General Data Protection Regulation (the GDPR) which is harmonising data protection law across Europe and is expected to become law in Spring 2016. All organisations dealing with personal data will be required to comply with the GDPR by Spring 2018.

The new regulations will bring a number of important changes to the way data protection is managed. One of these is the principle of “Privacy by Design and Default”.

What does it mean?

This means that all organisations involved in developing and designing applications, services and products used to process personal information must ensure they take account of data protection. This applies at the start of the process and all all relevant stages of the development. It also applies to the organisations purchasing such a system to check that it meets these requirements.

What do I have to do to comply?

The GDPR gives some examples of measures of what should be done to meet these requirements:

  • Minimising the information that you process.
  • Pseudonymising information (see below).
  • Being transparent about what you do with the information.
  • Allowing the data subject to monitor data processing.
  • Allowing the organisation processing the information to create and improve security features.

An organisation should start with these measures, but can […]

By |March 15th, 2016|Blog|0 Comments|

Tomorrow’s Guide to Subject Access Requests

The right of an individual to ask an organisation what information they hold about them was introduced by the Data Protection Act. It has become widely used by individuals in the UK and most organisations now have established procedures for dealing with such requests.

When the new European General Data Protection Regulation comes into force, this right will remain but with some important changes. You will need to ensure that you are fully compliant with the new legislation.

What can an individual ask my organisation for?

An individual can contact your organisation and ask if you process information about them. You are required to confirm whether or not you do and the categories of information you hold (e.g. contact details). They can also ask for access to the information that you hold.

What else does my organisation have to tell them?

An individual also has the right to ask your organisation:

  • why you are processing the information;
  • how long you will store the information;
  • who you have shared that information with;
  • if you did not receive the information directly from the individual, who provided you with the information;
  • whether the information has been subject to automated decision making including profiling and where this applies other details about the decision making process.

Any correspondence with […]

By |March 9th, 2016|Blog|0 Comments|

It’s all change to European Trade Marks

On 23 March 2016, the Office for Harmonization in the Internal Market (OHIM) which deals with the administration of Community Trade Marks changed its name to the European Union Intellectual Property Office (EUIPO). This aligns with the current naming convention – as in ‘UKIPO’. Meanwhile, The Community Trade Mark will also change its name to the European Union Trade Mark – which will save the explanation as to what is a CTM.

What’s more, the fee structure has changed and OHIM state that it will result in an overall reduction in the amounts paid.

All existing trade marks and trade mark applications will automatically become European Union Trade Marks (EUTM) and the OHIM website is warning users to be vigilant against organisations sending fraudulent invoices under the old and new logos.

You can find out more about this and see the press release on the OHIM website.

Probert Legal are specialists in trade mark and intellectual property law. For further details, please contact Ed Probert at edmundprobert@www.probertlegal.com


By |March 8th, 2016|Blog|0 Comments|

Update on the EU-US Privacy Shield

The European Commission issued a press release yesterday along with draft proposals for the new Privacy Shield.

If put into place, the Privacy Shield will be one of the methods of  transferring personal information from Europe to organisations based in the USA without breaching the European data protection rules. These proposals will now be analysed by the European Data Protection watchdog and we will bring you updates as we get them.

The press release can be found here.

Probert Legal has particular expertise in this area and would be happy to talk to you about ensuring that your systems comply with the law and guidance in this area.

For more information about how we can help, contact Tracey Wakelam at traceywakelam@www.probertlegal.com

By |March 1st, 2016|Blog|0 Comments|

Are you prepared for the New General Data Protection Regulation?

In a poll of 100 hundred medium to large organisations undertaken by computing.co.uk last month,  they found that 44% of the organisations were not even aware of the change to the law or had “vague” awareness and only 20% were well prepared. The report on the survey can be found here.

If you are wondering how the changes will affect your organisation, keep an eye on our blog, we will be publishing guidance on some important points of the new regulations over the next couple of weeks.



By |March 1st, 2016|Blog|0 Comments|

Discover how the ICO investigates nuisance calls, texts and emails

The Information Commissioner’s Office (ICO) has just posted an interesting blog explaining how it investigates who is behind nuisance calls, emails and texts. Take a look here !

This provides an insight into the extensive detective work that goes on behind the scenes.

The ICO carries out mystery shopper exercises; signs up to websites and responds to adverts to monitor the correspondence it receives.

As a result, it has handed out a number of large fines this year to companies for breaking rules relating to marketing.

Make sure your company does not fall foul of the ICO.

Probert Legal has particular expertise in this area and would be happy to talk to you about ensuring that your systems comply with the law and guidance in this area.

For more information about how we can help, contact Tracey Wakelam at traceywakelam@www.probertlegal.com

By |February 25th, 2016|Blog|0 Comments|

10 things you must know about the new Data Protection rules

You may well have heard that there are some major changes in the pipeline regarding data protection law, which will take effect very soon. This is important new legislation which you really cannot afford to ignore.

The aim of the new European Data Protection Regulation is to harmonise the current data protection laws in place across the EU member states. This means you will need to make changes to the way your company handles data.

Here are the ten essential things you need to know.

1.) The Data Protection Act is being replaced by the General Data Protection Regulation (the GDPR) which is expected to become law in Spring 2016.

2.) All organisations dealing with personal data will be required to comply with the GDPR by Spring 2018.

3.) Organisations will no longer have to register with the Information Commissioner’s Office (ICO) from Spring 2018.

4.) All organisations will have to keep a list of all personal information which they hold and what they do with it.

5.) In some circumstances, loss or misuse of personal data will have to be reported to the ICO (or other appropriate body) without undue delay and where feasible, within 72 hours of the breach. There is also a requirement to inform the individual.

6.) […]

By |February 24th, 2016|Blog|0 Comments|

Your chance to influence ICO policy

With the General Data Protection Regulation on the horizon, the Information Commissioner’s Office has announced that it is revising its Privacy Notice Code of Practice.

As part of this process, the ICO wants to consult with organisations who deal with personal data and has devised a feedback questionnaire for organisations to give their views on a range of topics.

If you would like to take part, you can download the questionnaire here.

Don’t miss this chance to have some influence on ICO policy! The closing date for responses is 24 March 2016.

For advice on data protection issues, please contact Tracey Wakelam today at traceywakelam@www.probertlegal.com

By |February 24th, 2016|Blog|0 Comments|