The United Kingdom’s Information Commissioner’s Office has launched a public consultation on how to create a toolkit to help organizations assess whether they have appropriate and effective internal data protection governance arrangements in place and to help them demonstrate their compliance with the General Data Protection Regulation (GDPR).

Per the GDPR accountability principle, data controllers

The UK’s Information Commissioner’s Office (ICO) has announced a completion deadline for their code that will translate General Data Protection Regulation (GDPR) requirements into design standards that protect children who access online services.

The code is being refined following a consultation period and will be made final on November 23, 2019.

The ICO stated that

Checklist for drafting your controller-controller data sharing agreement (from the ICO Data Sharing Code of Conduct now out for public consultation):

  • What is the purpose of the data sharing initiative?
  • Which other organizations will be involved in the data sharing?
  • Are we sharing data along with another controller?
  • What data items are we going to

Questions to ask when sharing data between two data controllers (from the ICO Data Sharing Code of Conduct):

  • What is the sharing meant to achieve?
  • What information do we need to share?
  • Could we achieve the objective without sharing the data or by anonymizing it?
  • What risks does the data sharing pose to individuals?
  • Is

The UK Information Commissioner’s Office has issued a data sharing code of conduct for public consultation.

Key takeaways:
  • When considering sharing data, assess your overall compliance with the data protection legislation. Consider conducting a Data Protection Impact Assessment (DPIA) even if not required.
  • It is good practice to have a data sharing agreement. It sets

Beware the unsolicited email.

UK ICO fines a pensions company £40,000 for sending nearly two million direct marketing emails without consent.

Points to note:

  • You can’t generally send marketing emails without receiving the consent of the recipient.
  • Even if you use a third party mailer, it is your responsibility to ensure consent has been duly