LAST WEEK IN PRIVACY & DATA PROTECTION

57th Weekly Newsletter -> 14–20 August 2017
___________________________________________________________________
Irish DPC Publishes Guidance on DPO Qualifications
Last week the Irish Data Protection Commissioner published a short Guidance Document describing the qualities and qualifications of the Data Protection Officers. According to the GDPR Data Protection Officer needs to be designated on the basis of professional qualities and expert knowledge of data protection law and practices. The Guidance Document further describes these requirements by explaining the necessary skills and expertise. Specifically, the DPC talks about expertise in national and European data protection laws and practices including an in-depth understanding of the GDPR; understanding of the processing operations carried out; understanding of information technologies and data security; etc.
Read more HERE
___________________________________________________________________
Russian DPA Publishes Privacy Guidance Document
Russian data protection authority — Roskomnadzor issued a guidance document for data operators on the drafting of privacy policies to comply with Russian data protection law. The law requires Russian data operators to adopt a privacy policy that describes how they process personal data and they have to publish such policy online when personal data is collected online. Roskomnadzor emphasises the importance of providing a detailed data processing policy so that data subjects are aware of all potential actions to be taken with their personal data.
Read more HERE
___________________________________________________________________
UK ICO Fines North London Council
Last week the UK information Commissioner’s Office fined the Islington Council £70,000 for failing to keep up to 89,000 people’s information secure on its parking ticket system website. The Council’s system allows people to see a CCTV image or video of their alleged parking offence. But the system was found to have design faults meaning that personal data of up to 89,000 people was at risk of being accessed by others. Data included a small amount of sensitive personal information such as medical details relating to appeals. The problem occurred in 2015 when it was discovered that folders containing personal data could be accessed by manipulating the website URL and that there had been unauthorised access to 119 documents on the system 235 times from 36 unique IP addresses, affecting 71 people.
Read more HERE
Read the Monetary Penalty Notice HERE
___________________________________________________________________
Compiled by Jernej Mavrič, email: jm@dp-recruitment.com
___________________________________________________________________
Follow us on Twitter @LastWeekInPDP and visit our WEBSITE
For privacy jobs and vacancies follow @dprecruitment
