The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPO Centre_DPIA_Newsletter

The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues. It’s not the full story, just a brisk, 3-minute resumé, collated and condensed especially for busy privacy professionals to ensure you’re aware of what’s happening in our fascinating, dynamic and engaging industry. 

Data breach management: 5 tips for an effective response

In today’s digital world, data breaches are an unfortunate reality, with most being due to human error. Organisations can minimise risks by taking proactive steps to educate staff and create a robust response plan. In our latest blog, we discuss what effective data breach management looks like and offer helpful best practice tips, from establishing a response team to building a data protection culture. How to implement an effective data breach response plan.

AI Safety Summit global event at UK’s Bletchley Park 

The date for the AI safety summit has now been set for 1 and 2 November 2023. Governments, leading AI companies and experts from around the globe are coming together in a bid to discuss and agree upon the safe development and use of AI technology. The Department for Science, Innovation and Technology (DSIT) stated that leading AI models such as those developed by OpenAI and Google’s DeepMind will be a key focus for the summit. The summit’s aim is to seek broad agreements for safety measures and regulatory frameworks for the responsible development of AI across the globe in the years ahead. Being held at the famous Bletchley Park, the birthplace of modern computing, the summit was first announced in June by UK’s Prime Minister Rishi Sunak. It will build on the work at previous international forums including the G7 summit, Council of Europe and the UN. 

ICO publishes new guidance for sending bulk emails  

The Information Commissioner’s Office (ICO) has released updated email best practice guidance to prevent data breaches caused by misuse of the BCC and CC fields. Mihaela Jembei, ICO Director of Regulatory Cyber said, ‘Failure to use BCC correctly is one of the top data breaches reported to us every year.’ Advice for organisations includes using different methods to share data, such as bulk email services, setting rules within email systems to provide alerts, and ensuring all staff are trained about security measures. ICO’s updated email and security guidance

Interim Data Protection Support

Enforcement of EU Digital Services Act begins for online giants  

From 25 August 2023, more than 40 online organisations, including Google, Facebook, X, and TikTok, must comply with the rules of the new European law or face strict sanctions, including a complete ban in Europe or fines up to 6% of global revenue. The EU Digital Services Act (DSA) came into effect on 16 November 2022, with very large online platforms (VLOPs) and very large online search engines (VLOSEs) required to comply once the designation of organisation was confirmed. In a bid to combat online disinformation and hate speech, the rules cover illegal content, fundamental rights including freedom of expression, public security and electoral processes, gender-based violence, public health, and protection of minors. The online organisations are expected to carry out risk assessments and redesign their systems to ensure high levels of security. 

Overview of the EU’s Digital Services Act package

France’s CNIL requests comments for draft recommendation on the safety of critical processing 

France’s data protection authority (CNIL) press release on 28 August 2023 outlines the launch of a public consultation on a draft recommendation about safeguarding personal data during ‘critical processing operations’. This applies to large-scale processing within the scope of the GDPR, such as services databases, and data breaches that might cause significant consequences for individuals. The recommendations also outline the need for data controllers to implement measures to guarantee the security of personal data and to conduct a data protection impact assessment (DPIA) to determine risk levels. Public comments are to be submitted by 8 October 2023. 

Joint guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses 

Contractual clauses are a well-respected mechanism for ensuring compliance with data protection laws during cross-border data transfers. For organisations carrying out business in both the 10 member states of the Association of Southeast Asian Nations (ASEAN) and Europe (EU), a joint guide was released by the ASEAN and the European Commission on 24 May 2023. The reference guide aims to provide a useful comparison between the ASEAN model contract clauses (MCCs) and the EU’s standard contractual clauses (SCCs). It also includes best practices for organisations to comply with both jurisdictions. Joint guide for MCCs/SCCs

Representation Services

US Agency requests public comments on cybersecurity and privacy program  

The National Institute for Standards and Technology (NIST) has requested public comments on Building a Cybersecurity Program and Privacy Learning Program. Comments can be submitted online from 28 August 2023 until 27 October 2023. The scope of the draft guide includes the steps organisations should take to create a strategy and learning plan, in addition to outlining the importance of developing a cybersecurity and data protection culture and the responsibilities of senior leaders and managers. 

NIST press release with comment template

Regulators urge social media platforms to tackle data scraping 

Data protection and privacy regulators around the world, including the UK’s ICO and Canada’s OPC have come together to urge social media platforms to safeguard users’ public posts from data scraping. In a joint statement published on 24 August 2023, the 12 authorities invited social media platforms to respond and demonstrate how they protect people’s data from unlawful scraping. The Privacy Commissioner of Canada, Philippe Dufresne said, ‘International collaboration is critical to promoting and protecting privacy rights in the digital realm and addressing emerging issues such as mass data scraping, which can present a significant risk to fundamental privacy rights.’ 

We Are Recruiting!

We are recruiting!

To support our ongoing requirement to continuously grow our remarkable and extraordinary #oneteam, we are seeking candidates for the following positions:

  • Data Protection Officers (based in the United Kingdom or The Netherlands)
  • Data Protection Officer (German Speaking)
  • Data Protection Support Officer (DPSO)
  • Events & Marketing Coordinator to join our #oneteam 

If you are looking for a new and exciting challenge, and the opportunity to work for a Great Place to Work-Certified™ company, apply today!

Copyright © 2023 The DPO Centre, All rights reserved. 

You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice

The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595)
Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom

The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom

Manage preferences