We care passionately about every customer we help
Partner and Head of Family Law, Rugby
What an interesting couple of months for data protection! See below for updates, particularly relating to how businesses can avoid prosecution.
Failure to register with the Information Commissioner’s Office (ICO)
Businesses that collect personal data are deemed to be data controllers and are required to register as such with the ICO. Failure to do so can result in prosecution and a financial penalty. The ICO has prosecuted several companies, the most recent being this week where a company was fined £400 and ordered to pay court costs of nearly £600. Although a fairly nominal sum, the result of prosecution can have a significantly adverse impact on the business concerned.
Registration takes approximately 15 minutes and for most companies will only cost £35. Businesses can register at https://ico.org.uk/for-organisations/register/
Companies Register – Right to be forgotten?
The European Court of Justice (ECJ) has confirmed that the ‘right to be forgotten’ needs to be balanced against other rights and does not apply under EU law in respect of personal data held in a companies register.
Mr Manni, a company director, requested his personal data be removed from the companies register. He claimed that properties within a complex he was contracted to develop were not selling due to the companies register showing that he had been the sole director and liquidator of a company which had been declared insolvent in 1992 and struck off the companies register following liquidation proceedings.
The court found it was not disproportionate to include such personal data even where a company no longer exists, the reasoning given for the decision was that:
Subject Access Requests (SAR) – Update
It has been confirmed that individuals have a right to receive a copy of their personal data regardless of their reason for requesting it. Three points of law were clarified in a recent case:
If you have any concerns as to your data protection compliance, or you would like some advice or assistance in preparation for the new General Data Protection Regulation (GDPR), please do contact me for an initial chat. Additionally I will be talking about GDPR on Tuesday 25 April at Bicester Buisness Lunch, for more details please see the link below.