Understanding the ICO’s approach to assessing financial penalties should be a key element of an organisation’s data protection strategy and risk profile.

By James Lloyd and Sami Qureshi

In an era when data protection infringements can tarnish business reputations overnight, understanding the financial ramifications is more crucial than ever. The UK’s Information Commissioner’s Office (ICO) recently unveiled its much-anticipated updated guidance on the calculation of fines for data protection infringements under the UK General Data Protection Regulation (UK GDPR) and

The Information Commissioner’s Office published draft guidance on privacy enhancing technologies that can be used to comply with privacy-by-design requirements.

By Gail Crawford, Fiona Maclean, Irina Vasile, and Amy Smyth

On 7 September 2022, the Information Commissioner’s Office (ICO) published a draft guidance on privacy-enhancing technologies (Draft Guidance) in which it explains what privacy enhancing technologies (PETs) are and how organizations can use them to meet privacy-by-design requirements. PETs incorporate data protection principles by (amongst others) minimizing use of personal data, ensuring security, and facilitating data subject rights. Organizations that want to use PETs should first conduct a data protection impact assessment to determine whether such technologies are indeed adequate for their processing activities.