The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues. It’s not the full story, just a brisk, 3-minute resumé, collated and condensed especially for busy privacy professionals to ensure you’re aware of what’s happening in our fascinating, dynamic and engaging industry.

Standard Contractual Clauses (SCCs)

for data transfers

The DPO Centre’s latest blog dives into Standard Contractual Clauses (SCCs) – a popular mechanism used for international data transfers of EU and UK personal data. The blog explores: What are SSCs and what are the differences when transferring from the UK or the EU? We answer these questions and more, including a helpful overview of the other transfer mechanisms available.

UK police forces suffer multiple data breaches

The Police Service of Northern Ireland (PSNI) and the Norfolk and Suffolk constabularies have recently experienced a combined number of data breaches. The first, reported on 31 July 2023, involved the theft of devices and documents from a PSNI superintendent's car, affecting around 200 police officers and staff. The second, and more significant, breach was announced on 8 August 2023. The personal data of around 10,000 PSNI employees was mistakenly published online in a Freedom of Information (FOI) response. It has been called a breach of “industrial scale”. Northern Ireland’s Chief Constable, Simon Byrne, has confirmed the information is in the hands of dissident republicans. Additionally, Norfolk and Suffolk police suffered a breach following an FOI request. Confirmed on 15 August 2023, the breach was apparently due to a “technical error”. The data of 1230 people was erroneously sent with response files, which included details of witnesses and victims of crime. Read the ICO’s statement from 9 August 2023.

ICO’s statement on Meta

On 2 August 2023, the UK’s Information Commissioner’s Office (ICO) published a statement in response to Meta’s plans to seek consent from users for behavioural advertising in the EU, but not in the UK. This follows the ruling from Ireland’s Data Protection Commission in May 2023, when Meta was ordered to amend its data processing practices. Stephen Almond, Executive Director of Regulatory Risk at the ICO said, “We are assessing what this means for information rights of the people in the UK and considering an appropriate response.”

Germany’s DSK publishes opinion on EU’s proposal for political advertising regulation

Following the European Parliament’s proposal for a regulation on transparency and targeting of political advertising, the German Data Protection Conference (DSK) published its opinion on 26 July 2023. The DSK welcomed the proposals and stated that the limitation on targeted political advertising would reduce data processing risks and allow individuals to have greater control over their data.

French data protection authority revises DPO accreditation framework

The Commission Nationale L’Informatique et des Libertés (CNIL) has revised its Data Protection Officer (DPO) certification framework after public consultations highlighted the need for adaptations to the procurement procedure. Updates to the voluntary mechanism include changes in the application process and the option to take the certification test remotely.

Finland’s Ombudsman issues temporary ban on taxi firm

On 8 August 2023, Finland’s Office of the Data Protection Ombudsman announced a temporary ban had been issued to Yandex LLC and Ridetech International B.V. to suspend the processing and transferring of any personal data collected by the Yango taxi service, to Russia. The ban will come into effect on 1 September 2023 and remain in force until 30 November 2023. The Finnish Data Protection Authority believes Yango is not able to comply with GDPR requirements in protecting personal data once a new Russian law comes into effect, which gives Russian authorities the right of access to the data of taxi passengers.

India passes the Digital Personal Data Protection Bill, 2023

In what is being hailed as India’s landmark data law, the Indian President Droupadi Murmu granted assent to the Digital Personal Data Protection Bill, 2023. With the first draft released in July 2018, the long-awaited legislation applies to personal data collected both online and offline, inside and outside India. Data fiduciaries (data controllers) are required to appoint a Data Protection Officer (DPO) and establish a grievance redressal mechanism.

China’s TC260 announces four new cybersecurity standards

On 11 August 2023, the National Information Standardisation Technical Committee of China announced and published four new cybersecurity standards. These include, ‘Big Data Service Security Capability Requirements’, ‘Guidelines for life cycle management of mobile internet applications’, ‘Assessment specification for the security of machine learning algorithms’, and ‘Guidance for cybersecurity information sharing’.

We are recruiting!

To support our ongoing requirement to continuously grow our remarkable and extraordinary #oneteam, we are seeking candidates for the following positions:

Data Protection Officers (based in the United Kingdom or The Netherlands)
Data Protection Officer (German Speaking)
Data Protection Support Officer (DPSO)
Events & Digital Marketing Coordinator to join our #oneteam

If you are looking for a new and exciting challenge, and the opportunity to work for a Great Place to Work-Certified™ company, apply today!

You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice

The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595)
Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom