REUTERS | Ricardo Moraes

Privacy and cybersecurity: Summer agenda 2019

In our Spring agenda piece, Brexit dominated the horizon in the privacy and cyber world. And while many of us will still be transfixed by political events, the extension of the Article 50 process, in all likelihood up to 31 October, has given us momentary relief.

With the Brexit hiatus, attention has turned back to day-to-day compliance concerns. The summer is traditionally a quiet time of year of course but this agenda piece will highlight a number of events coming up you may need to be aware of. It will also highlight some of the key recent developments you may have missed.

The recent developments include discussion driven by the first birthday of the General Data Protection Regulation (GDPR), the publication of National Cyber Security Centre guidance on cybersecurity design principles and a wave of new content across Practical Law summarised at the bottom of this blog post.

Happy Birthday, GDPR!

We passed the landmark of the GDPR’s first birthday on 25 May which gave us a chance to reflect on the successes and challenges the Regulation has brought so far and will do looking into the future (see our blog post GDPR one year on: some highlights in words and numbers).

The Information Commissioner’s Office (ICO) published a 21-page report last week to share learning from the past twelve months (see Legal update, ICO updates on GDPR: One year on).

Most notably, the ICO report says that the focus for the GDPR’s second year must be beyond baseline compliance with organisations shifting their focus to accountability. It emphasises the importance of proper resourcing of data protection officer (DPO) roles (see Practical Law’s new content on DPOs below).

Forthcoming ICO consultations

The ICO report also highlights some consultations due to launch in June, arriving too late for this agenda piece but which will be covered by Practical Law. These include the following consultations:

  • The data sharing code to be opened in June 2019, with the code to be laid before Parliament in the autumn.
  • The draft direct marketing code which should be opened in June 2019 with the code finalised by the end of October 2019.
  • The data protection and journalism code which should also be launched in June 2019 with the code laid before Parliament in the summer.
  • A draft code on the use of personal information in political campaigns for consultation in July 2019.

Other consultations about to close

You may need to react quickly to these consultations with imminent deadlines:

Other developments

The Cyber-Attacks (Asset-Freezing) Regulations 2019 (SI 2019/956) come into force on 11 June 2019 and make provision for the enforcement of Council Regulation (EU) (2019/796) by way of sanctions, restrictive measures and offences connected with cyber-attacks threatening the EU or its Member States.

The social media network site, Facebook, is updating its Terms of Service to reflect EU consumer law and to explain that its business model relies on selling targeted advertising services to third parties by using data from users’ profiles. This is due to take place by the end of June 2019.

A final date for the diary is 9 July 2019 when the the ECJ is set to hear Schrems II which concerns the challenge to the validity of the European Commission’s standard contractual clauses as a mechanism for effecting international transfers of personal data to ‘third countries’ which may include the UK after Brexit.

Brexit resources

The underlying anxiety of Brexit no doubt remains, with no-deal perhaps now more likely than ever. Look out for more Practical Law content in the coming weeks to assist with Brexit planning to sit alongside our existing guidance:

New Practical Law content

Recently published privacy and cybersecurity content on Practical Law includes:

Leave a Reply

Your email address will not be published. Required fields are marked *

Share this post on: