Welcome to Data Protection Newsletter-October Edition

With Halloween just around the corner, we’re bringing you another edition of our Data Protection Newsletter—no tricks, just treats of valuable information! ??

This month’s newsletter highlights EXCEL London's RISK event, essentials on governance frameworks, EU AI regulations, data mapping, children's data protection, ICO updates, startup compliance, and the latest from EDPB.?

RISK Event: Preparing for AI, Data Mapping, and Compliance

I recently attended the RISK event at EXCEL London, which featured insightful discussions on data protection, particularly in the context of AI.

Here are five takeaways for organisations I came away with from the event:

Join me at the Call & Contact Centre Expo at Excel London

I'm excited to speak on Thursday, 28th November at Europe’s leading exhibition, the Call & Contact Centre Expo, where industry professionals gather to explore the latest technologies and strategies for enhancing customer experience.

I will discuss managing compliance with the EU AI Act and GDPR in contact centres, covering critical areas like data protection training, AI security, governance frameworks, data mapping, and children’s data safety. If you're interested in attending the event:??Register for FREE

ICO’s New Study on Data Protection Compliance Challenges?

A recent ICO study examined how organisations manage data protection, revealing:?

• Approaches Vary: Smaller organisations often handle data in-house, while larger ones outsource.?

• Compliance Benefits: 32% reported advantages such as customer trust and improved processes.?

• Cost of Compliance: While costs were generally manageable, they were seen as essential to maintaining data practices.?

Tip for organisations: Consider compliance costs as an investment, enhancing data security and reputation. For full findings, read ICO Study Insights.

Data Protection for Startups: Integrating Compliance from the Start

Recent discussions at a startup-focused event emphasised the necessity of integrating data protection from the outset in startups. Here’s why this is crucial:

• Legal Compliance: Non-compliance risks significant fines.?

• Customer Trust: Safe data practices build customer confidence.?

• Operational Efficiency: Early compliance enhances processes, from SAR handling to data breach management.?

Learn more about the importance of incorporating data protection into a startup business plan, the consequences of non-compliance, security measures, and actionable tips.

??Read the article: Data Protection Compliance for Every Startup Business Plan

EDPB’s Updated Guidelines on Legitimate Interest: Marketing Implications?

The EDPB recently released updated guidelines on legitimate interest under GDPR, with implications for marketing practices. Key changes include:?

1. Stricter Criteria for Legitimate Interest: Organisations must show the necessity of processing data and explore less intrusive alternatives.?

2. New Emphasis on Balancing Tests: Organisations must conduct a Legitimate Interest Assessment (LIA) to ensure data subjects' rights aren’t overridden.?

3. Impact on Marketing: Marketers must evaluate if legitimate interest is the right basis for processing, considering customers’ reasonable expectations and data minimisation.?

4. Balancing Business Needs and Customer Privacy: Transparency, clarity on personal data usage, and opt-outs are essential.?

Action Steps:?

• Review your LIAs for marketing activities.?

• Align marketing strategies with data minimisation.?

• Prepare robust balancing tests that consider customer expectations.?

ICO October Enforcement: Over ￡270K in Fines Issued?

In October alone, the ICO issued over ￡270,000 in fines for breaches of the PECR, mainly due to companies’ failure to secure proper consent for marketing. Key fines included:?

• Quick Tax Claims Ltd – ￡120,000 for unlawful texts lacking an ‘opt-out’ option.
• WerepairUK Ltd – ￡80,000 for unsolicited marketing calls.?
• Service Box Group Ltd – ￡40,000 for unauthorised calls.?

Action: Ensure all marketing communications have clear consent, with easy opt-out options to avoid costly penalties.??

Conclusion?

This month has highlighted the ongoing importance of data protection as regulations evolve.

• The insights from the RISK event and ICO’s enforcement actions remind us that tailored training and effective data management are crucial for compliance.?
• For startups, embedding data protection from the beginning is vital for building trust and avoiding legal pitfalls.
• As we implement the updated guidelines on legitimate interest, let’s focus on maintaining transparency and ensuring clear communication with our customers.?

Let’s continue prioritising compliance as we adapt to these changes. Thank you for your dedication to data protection.?

Consider us your friendly guides in staying compliant and keeping data compliance from becoming a scary story this October!?For further insights and support, feel free to reach out to me at Lynsey Hanson or drop your query here .

?

Until next time,?

Lynsey Hanson

Your Global Data Protection Officer