Author: info@amberhawk.com

Using the advanced mathematical techniques employed by those calculating the benefits of Brexit, this blog has been able to deduce the level of the proposed “replacement-for-notification-fees”, levied on controllers, to meet the costs of the ICO under the GDPR. I can report that these fees are set to rise significantly (at least 50% across the board). Indeed, those paying the current registration fee of £500 per year might find themselves paying just short of £7K per annum.  Fees well north

The ICO has just published draft Advice (the “Advice”) on the use of consent under the General Data Protection Regulation (GDPR). All I can suggest is that readers engage with the consultation over the content of this draft Advice (especially if a data controller relies on data subject consent). What follows is a set of statements from the 40 page Advice concerning consent under the GDPR, followed by my commentary which I hope helps your understanding of the issue. This should

[Note added: 16 March 2017. The Executive Order has been rescinded. However, the analysis of Privacy Act 1974 in the USA is valid.  It does not apply to EU nationals and even if it did, the analysis shows that there is very little in the way of privacy protection.  It appears to me to be data sharing legislation] President Trump’s Executive Order (Enhancing Public Safety in the Interior of the United States) has caused controversy over its temporary ban on all Muslims

A House of Lords Committee has heavily criticised the data sharing provisions in Part V of the Digital Economy Bill; it has reported that the provisions should not be supported in their current form. The Report confirms my comments in previous Blogs (see references) that the data sharing provisions (e.g. for efficient public sector service delivery, for research and statistics, for debt recovery and for fraud) are untrammelled. Namely the provisions: combined with the flexibility for Ministers to add to the

This blog tries to answer a simple question: “what can a data controller do if there are transfers between the UK and the European Union(EU) if the Article 50 button is pressed and there is a no subsequent agreement between the UK and the European Commission within the two-year timeframe?”. In other words, what happens if there is a very Hard Brexit? The assumptions I am therefore making are as follows: there is no deal re Brexit and the UK is

Happy New Year (and welcome back to the daily grind). This blog adds two further reasons why I think a post-Brexit UK is very unlikely to offer an adequate level of protection in terms of the General Data Protection Regulation (GDPR). One reason relates to recent comments made by Prime Minister Mrs May about human rights. The other relates to the non-compliance of the national security agencies with their existing data protection obligations under the Data Protection Act 1998 (DPA).

Adjournment debate on GDPR – last Monday December 12 Full debate on: https://hansard.parliament.uk/Commons/2016-12-12/debates/6EB0C615-2571-4B26-A75B-8CD1CF5FD854/EUDataProtectionRules Key quotes from the Minister for Digital and Culture (Matt Hancock) are below. "We were clear in the negotiations on the GDPR that any new data protection legislation needs to meet the need for high standards of protection for individuals’ personal data while not placing disproportionate burdens on businesses and organisations. The UK was successful in negotiating a more risk-based approach to the GDPR, allowing for greater flexibility