Trusted Partners on your Privacy Journey
TikTok faces the maximum fine of 4% of global annual turnover
TikTok faces the maximum fine of 4% of global annual turnover
We are proud to be ServiceNow partners and have integrated our popular Smart Privacy workflows and content with ServiceNow's powerful new privacy management system. Combining our expertise with this powerful platform means we can be sure we are offering best in class Privacy Management Software to our Clients.
The UK ICO has marked the anniversary of its Age Appreciation Design Code (or the Children’s Code) which was fully rolled out in September last year. This code aims to ensure that all online services follow its fifteen headline standards and comply with their obligations under data protection law to protect children’s online data. Since 2021, the Children’s Code has affected social media platforms, video games, video streaming services, and targeted personal ads, and influenced other countries to review their national children’s privacy protection regulations.
In his speech, John Edwards said:
“This code makes clear that children are not like adults online, and their data needs greater protections. We want children to be online, learning, playing, and experiencing the world, but with the right protections in place to do so.
There’s more for us to achieve. We are currently looking into a number of different online services and their conformance with the code as well as ongoing investigations. And we’ll use our enforcement powers where they are required.”
ICO will continue to improve their approach by increasing the amount of research and collaborations with certain organisations to make sure the Children’s Code has a significant impact on others.
For further information related to the Children’s Code, please visit https://ico.org.uk/for-organisations/childrens-code-hub/
The UK Government has now put on hold the ‘GDPR replacement’ Data Protection and Digital Information Bill which it had previously introduced into Parliament after nearly a year of consultation and response.
The Government have now indicated that they will work on creating a new, "business and consumer friendly British data protection system". Watch this space!
On 7 April 2022, the European Data Protection Board (EDPB) announced that it had adopted a statement on the announcement of an agreement in principle on the new Trans-Atlantic Data Privacy Framework. The EDPB welcomed the progress made by the European Commission and the United States on a data privacy framework for cross-border transfers. In particular, the EDPB praised the US Government’s efforts to develop ‘unprecedented’ safeguards for EEA data subjects whose data is transferred to the US. Further, the EDPB reminded businesses that the agreement does not yet constitute a legal framework that can be relied on to transfer personal data to the US and reiterated that businesses must continue to implement supplementary measures to facilitate transfers of data to the US.
You can read the statement here
One decision was adopted under the GDPR and the other for the Law Enforcement Directive (covering the Police and other law enforcement bodies).
Both adequacy arrangements include limiting the adequacy decision to 4 years. This is the first time, an adequacy decision about a third country has included a sunset clause to limit the duration of the adequacy finding. The adequacy arrangements have now entered into force which means that European companies can now send personal information from the EEA to the UK without using other transfer mechanisms such as standard contractual clauses for data transfers.
The decision documents and European Press Release can be found here.
The European Commissioner’s decision takes effect as of 27th June which means organisations wishing to use the clauses can do so, from this date onwards. Organisations wishing to use the old clauses for new data transfers, can do so until 27th September. Any new transfers from 27th September will require use of the new clauses. Organisations have until 22nd December 2022 to replace the old clauses. These new SCCs include the Article 28(2) – 28(4), GDPR requirements therefore if the data importer is a processor or sub-processor, there would be no need to enter into two separate agreements to cover Article 28 and Article 46, GDPR requirements.
Fully outsourced Data Protection Officers and support teams. Based in London, Dublin and the Netherlands our Data Protection Officers are CIPP/E or BCS qualified Privacy Professionals with a proven track record in successfully supporting organisations worldwide.
Implementing data privacy legislation can sometimes be overwhelming. We have been delivering successful and award winning privacy transformation projects since 2000. Whether you need a gap analysis or detailed review, Data Privacy Assessments our privacy experts can help.
Smart Privacy technology simplifies complying with the new GDPR record keeping requirements for Article 30 records of processing, Data Privacy Impact Assessments (DPIAs), individual rights requests and privacy notices.
We are currently hiring privacy analysts for our graduate recruitment programme
We use necessary cookies to make our site work. We would also like your permission to set optional analytics cookies to help us improve it. Clicking 'Accept' below will set cookies on your device to remember your preferences. Find out more in our Privacy Policy or scroll down to read more about the different types of cookies.
Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
Where you select "Accept" we set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone. For more information on how these cookies work see https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en-US