The new guidance, highlighted in a recent blog from the ICO, is intended to provide more clarity and certainty about how you can use cookies in your online service. The blog also clears up some of the uncertainty that has developed around cookies since last year. Read the blog to find out the facts behind the following myths:
1. We can rely on implied consent for the use of cookies 2. Analytics cookies are strictly necessary so we do not need consent 3. We can use a cookie wall to restrict access to our site until users consent 4. We can rely on legitimate interests to set cookies, so we do not need consent 5. The ICO wants online services to stop using cookies and similar technologies
Back to Contents
Subject access request (SAR) timescale change due to CJEU ruling 16 August 2019
Following a Court of Justice of the European Union (CJEU) ruling, the ICO has updated its guidance around how long an organisation has to respond to a subject access request (SAR).
The guidance stated that SARs must be responded to within one calendar month, with the day after receipt counting as 'day one'.
This has now changed.
'Day one' is now the day of receipt - for example, a SAR received on 3 September should now be responded to by 3 October.
The Information Commissioners Office (ICO) has updated its position on how to calculate the time limit for responding to requests (in relation to Individual rights) following the CJEU determination, which has been adopted by the European Data Protection Board (EDPB). The ICO has also added guidance on the meaning of ‘manifestly unfounded or excessive’.
The updated guidance can be accessed through the ICO’s website.
Back to Contents
Get your data protection compliance ready for a no-deal Brexit 30 September 2019
If you have customers in the EEA (the EU plus Iceland, Norway and Liechtenstein), you may have to take action before 31 October to keep it business as usual. The Information Commissioner’s Office (ICO) has resources to help you with what you need to do, including detailed guidance and interactive checklists. At the moment personal data flow is unrestricted because the UK is an EU member state. If the proposed EU withdrawal agreement is approved, businesses can be assured that personal data will continue to flow until 2020 while a longer term solution can be put in place.
However in the event of ‘no deal’, EU law will require additional measures to be put in place by UK companies when personal data is transferred from the European Economic Area (EEA) to the UK, in order to make them lawful.
With one month to go until the UK leaves the EU, the ICO recognise that businesses and organisations are concerned.
Visit the Data protection and Brexit area of the ICO’s website for help and guidance.
The Chartered Institute of Payroll Professionals
Payroll: need to know
cipp.org.uk
Page 90 of 629
Made with FlippingBook - Online magazine maker