PDP header graphic

Issue: 19.11.2019
ICO releases new guidance on special category personal data
The UK regulator has published new guidance on special category personal data under the GDPR. The guidance reminds organisations that processing special category data needs an Article 9 condition for processing as well as an Article 6 condition, and potentially an associated DPA 2018 Schedule 1 condition. Many of the DPA 2018 conditions require organisations to have an appropriate policy document in place, and the ICO provides a template appropriate policy document in its guidance. In its accompanying press release to the guidance, the ICO said: "There is more to do when processing special category data, but the provisions are in place to help you protect the data of those whose information you hold, and increase their confidence in you. It's worth taking the time to get it right."

EU regulators adopt BCR opinions
The European Data Protection Board has adopted a favourable opinion (not yet released) on the application for Binding Corporate rules by ExxonMobil. The lead authority in the case was the Belgian Supervisory Authority. The EDPB came to the opinion that the draft controller BCRs provide sufficient safeguards within the meaning of Article 46(2)(b) and comply with Article 47 GDPR on Binding Corporate Rules. The Board also recently adopted a positive opinion on the BCRs submitted by Equinix Inc, with the UK ICO acting as the lead authority.

Consumer groups seek to block Google-Fitbit deal
Nine privacy, social justice and consumer groups are calling for the US government to block Google's $2.1 billion acquisition of fitness-gadget maker Fitbit, citing antitrust and privacy concerns. They say in a letter to the Federal Trade Commission that the deal would consolidate Google's dominance over internet services like search, advertising and smartphone operating systems. They also worry it'll add to Google's store of consumer data. Health information is of particular concern. Politicians and regulators have been scrutinising Google and other Silicon Valley companies for how they use customer data and leverage their size to thwart competitors.

UK department caught flouting rules by secretly sharing pupil data with Home Office
The Department for Education has been caught flouting data protection obligations after sharing information about children with the Home Office for immigration enforcement purposes. The ICO upheld a complaint by Against Borders for Children - represented by Liberty - which argued that the DfE had made schools complicit in the hostile environment by sharing children's addresses with immigration enforcement. The ICO is now considering taking enforcement action against the Department. The letter added that the DfE is "failing to comply fully" with the GDPR, stating there were "clear deficiencies in the processing of pupil personal data by the DfE [...] primarily in the areas of transparency and accountability, where there are far reaching issues, impacting a huge number of individuals in a variety of ways."

Victory for digital privacy at the border
A federal judge has recognised that international travellers have significant privacy interests in their digital data, and ruled that suspicionless electronic device searches at US ports of entry violate the Fourth Amendment. A District Court Judge in Boston, Denise Casper, held that border agents must have reasonable suspicion that a device contains digital contraband before searching or seizing the device. The summary judgment opinion was issued in a case Alasaad v McAleenan, in which the Electronic Frontier Foundation is representing 11 plaintiffs against the Department of Homeland Security, US Customs and Border Protection, and US Immigration and Customs Enforcement. The case is a constitutional challenge to the agencies' polices on border searches and seizures of electronic devices. The EFF described Ms Casper's ruling is an important win for digital privacy rights.

Sector eyes data protection Code as breaches rise
A group of landlords in the UK are discussing the idea of developing a new code of conduct in conjunction with the National Housing Federation that they hope will be signed off by the Information Commissioner's Office. Tabitha Kassem, Director of Governance, Legal and Compliance at G15 landlord Network Homes, said "Obviously it's an area that requires some sort of development and implementation. The Code will help us with some of the niggles we have come across [with GDPR]." Paul Bayly, Head of Governance and Compliance at the NHF, said: "We have had some initial conversations with our members to see if a data protection code of conduct would be helpful. If it is, then we can start working with housing associations and the ICO to develop one."

PDP Journals logo
Receive further Expert guidance and in-depth articles on data protection direct to your mailbox or home address...  
Privacy & Data Protection journal
Privacy & Data Protection Journal 

Subscribe to two or more titles at the same time and receive a 15% discount off the cheapest journal


PDP Training logo

Our professional and practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance. Courses run throughout the year around the United Kingdom.
Here are a selection of courses taking place shortly:
Nick Williams_ Leadership Coach
Nick Williams Leadership Coach
When implementing legal compliance measures, organisations can sometimes forget that the exercise is as much about working effectively with other people as it is about implementing a set of procedures. Investing in the leadership skills of those who will be implementing compliance measures can dramatically increase the effectiveness of programmes as well as the buy-in of key staff members.

Having other staff members working with compliance personnel and supporting their goals is partly about promoting messages effectively throughout the organisation, partly about incubating champions in other departments and partly about inspiring others to see the benefit of making changes to the way that things have traditionally been done.

This highly interactive session on leadership skills provides compliance professionals with the skills that they need to become more effective in carrying forward compliance objectives, including:
  • understanding the aspects of your messages that will engage and inspire others
  • learning how to effectively communicate goals, and to instil in others a desire to assist you on implementing them
  • developing, communicating and cascading knowledge of your compliance aspirations for the organisation
  • developing effective relationships with key staff members
  • influencing others with integrity
  • developing a rollout plan
The day is highly interactive with several opportunities for small group discussion to develop your strategies and to ask for help with your specific situation.

Nick is also available to coach you on an individual basis (or in small groups), either face-to-face or by telephone/Skype. For more information, click here.

Upcoming dates for this training course are:
  • London       Wednesday, 11th December 2019
  • London       Thursday, 18th June 2020
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

Training Staff in Data Protection
Stephanie Pritchett
Having responsibility for training staff on data protection issues can be a daunting prospect. Yet it is essential that all staff who handle personal information understand the fundamental principles and the practical requirements for complying with data protection rules. It is also important that staff members are able to identify breaches or potential breaches of data protection law, and to react appropriately.

The session will look at how to train staff to:
  • appreciate who and what is covered by data protection rules
  • understand the organisation's policy and aims on personal data use
  • understand their individual responsibilities
  • know and apply the 8 core Principles for personal data use
  • understand the additional measures required for sensitive data use
  • recognise when, and for what purposes, staff / customer data may be used
  • identify appropriate steps to help keep personal information secure
  • deal with external requests for information, and understand the safeguards to apply
  • understand the rights of individuals and third parties
  • recognise and deal with a subject access request
  • know what to do in the event of a data protection breach
The next training sessions take place on the following dates:
  • London    Tuesday, 10th December 2019
  • London    Tuesday, 23rd June 2020
  • London    Tuesday, 8th December 2020
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
John Wilson, Mosaic
Organisations face increasing pressure to manage their records according to statutory and business requirements. As the use of electronic records and the deployment of electronic document and records management systems continue to increase, the core skills of the person responsible for records management become ever more important to the organisation. In many cases, appropriate data protection and FOI compliance will depend upon a good records management system.

This invaluable training session, led by John Wilson, examines core concepts of good records management practice.

Records Management 1 is an introductory level session that provides delegates with a thorough grounding in the fundamentals of records management, including:
  • introduction - basic concepts
  • records management tools
  • records lifecycle approach
  • designing a file plan
  • records destruction
  • legal framework / compliance
  • management of electronic records and email 
Upcoming dates for this training course are:
  • Belfast            Thursday, 28th November 2019
  • Manchester    Wednesday, 8th January 2020
  • Cardiff            Wednesday, 22nd January 2020
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

This course examines how to implement good records management practice. Led by John Wilson, Records Management 2 is an intermediate level session that provides a grounding in the fundamentals of records management, including:
  • introduction - initiating a records management project
  • records audit
  • process mapping
  • building a business classification scheme
  • measuring performance
  • sustaining a records management programme
Delegates are encouraged to share their own experiences at the session. The day will be a mixture of presentation and practical exercises. There will be plenty of opportunity for questions.

Upcoming dates for this training course are:
  • Belfast            Friday, 29th November 2019
  • Manchester    Thursday, 9th January 2020
  • Cardiff             Thursday, 23 January 2020
A discount is available for delegates attending both the Level 1 and Level 2 sessions, as well as for multiple delegates attending from the same organisation.

For further information and to make a booking,
  1. Visit PDP's website  
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue

Intensive training in London - January 2020 
Practitioner Certificate in Data Protection _GDPR_ 
The Practitioner Certificate in Data Protection ("PC.dp.") is the practical qualification for those that work in the fields of data protection and privacy. It is fully up to date with the requirements of the General Data Protection Regulation (GDPR)
Find out more >   
Training sessions taking place in London, Manchester & Dublin
Due to overwhelming demand, an additional date has been added. Next session taking place on 29th November 
Role of the Data Protection Officer 
This course analyses the role and duties of the DPO in a practical context and provides delegates with the information that they need to become more effective and efficient

PDP 2020 Training Catalogue  
Download our latest  
Training Catalogue for a comprehensive overview of 2020 training courses and qualifications for those working in Data Protection and Information Management
Latest edition of Privacy & Data Protection Journal 
The latest edition includes the following articles: 
Contracting under the GDPR: Five not-so-easy pieces

Joint controller relationships - more prevalent than previously thought

Why you may not be processing Special Category personal data lawfully in the UK

Confused by EU cookie rules? The ICO and CNIL are here to help (sort of) 

Qualify as a GDPR Data Protection Practitioner

Flexible training options allow you to train alongside other commitments

More information >  

"The course content was informative and well presented, with very knowledgeable trainers. The exam was challenging, so I feel a real sense of achievement in having gained this qualification."   Caroline Chalk
Head External Information Services
Civil Aviation Authority

"I found the course to be thoroughly enjoyable and enlightening in a number of areas. I have managed to apply the knowledge gained through the course already in my day to day role."
Brendan Byrne
Senior Managing Consultant Security & Privacy

"The qualification strikes the right balance of interpreting important and complicated legislation and imparting this to students with a well structured course, underpinned with simple to understand information and then a vigorous examination. Organisations should feel assured by any of its staff undertaking and passing this qualification that their information is being managed and shared securely."
Kim Bellis
Records Service Manager
Royal Cornwall Hospitals NHS Trust

"I am very pleased to have followed the Practitioner Certificate in Data Protection course and passed the examination. This will be of great benefit to my employer, as it demonstrates the value we place on this complex area of ethics and compliance."
Alan White
Data Protection Manager
Pitney Bowes

"The course which was delivered by experts in the field of Privacy and Data Protection Law was very enjoyable and engaging. The examination was based on applying legislation and knowledge to practical cases rather than a test of how much information you could remember. I am delighted that I passed the exam and to have a qualification that is very much respected, as well as letters after my name! I recommend both the course and the examination for anyone wanting to increase their knowledge of Data Protection Law."
Bleneta Carr
Pearson Education

"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the impending new Regulation."
Joanne Maurizi
Assistant Manager

"Synectics Solutions recognises that compliance with data protection regulation is critical to all organisations that handle personal information. It has never had a greater focus than at the present time. Having looked at the training and professional qualifications available, we concluded that the PDP certification was the most appropriate for our business. The course was delivered by legal experts in the field. They were able to bring the events to life with real-life scenarios and case studies."
Steve Sands
Head of Security
Synectics Solutions

PDP, Canterbury Court, Kennington Park, London, SW9 6DE, United Kingdom