Included in this edition of Data & Privacy News: ICO and Government publish guidance for UK businesses to help with no-deal Brexit; Company Directors face fines from the ICO in crackdown on nuisance marketing; Facebook discloses error in site allowed hidden photos to be seen and more...


ICO and Government publish guidance for UK businesses to help with no-deal Brexit

The Information Commissioner's Office (ICO) and the Government have published guidance to help UK businesses prepare for a no-deal Brexit. 

Guidance includes: six steps to take on leaving the EU, broader guidance on the effects of leaving without a withdrawal agreement and a general overview.

The ICO plans to publish further information for those companies affected by the approved binding corporate rules.

Company Directors face fines from the ICO in crackdown on nuisance marketing

The ICO has been given new powers to fine directors up to £500,000, if their companies use nuisance marketing techniques. 

The powers aim to stop company Directors declaring bankruptcy and then setting up under a new name when they have been involved in nuisance calls.

Ofcom estimated that British consumers received 3.9bn nuisance calls and texts in 2017, with 23 firms receiving fines of £1.9m. 

Reports suggest that of the fines issued between 2010 and April 2018, the ICO only took £9.7m of the £17.8m, partly due to companies entering liquidation.

Facebook discloses error in site allowed hidden photos to be seen

Facebook has revealed that, in September 2018, an error occurred in the way the social media site shares photos with third parties allowing app developers to see photos users had uploaded but had never posted.

The error affected those users that had given permission to third-party apps to access their photos via the Facebook login function, however no large scale extraction of photos was reported.

Third of HR teams admit GDPR breach by not deleting expired personal information

A survey by software provider, CIPHR, has revealed that a third of HR teams have admitted a breach of the General Data Protection Regulations (GDPR) by not deleting expired personal data about job candidates and employees who have left their organisation. 

Of the companies surveyed, 83% had set retention periods for data related to employees, job leavers and candidates, however only 69% of these had deleted the personal information following expiry. 

Moreover, 51% of the HR professionals were relying on informal calendar or paper note reminders to delete personal data, instead of built in HR processes.

Most of the HR teams surveyed did feel their teams were prepared for GDPR by May 2018.

Key contacts

Helena Brown

Helena Brown

Partner, Head of Data
Edinburgh, UK

View profile
Ross McKenzie

Ross McKenzie

Partner, Commercial Services
Aberdeen, UK

View profile