Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
Find up-to-date guidance on points of law and then easily pull up sources to support your advice with Lexis PSL
Check out our straightforward definitions of common legal terms.
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Access our unrivalled global news content, business information and analytics solutions
Insurance, risk and compliance intelligence using big data, proprietary linking and advanced analytics.
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
The UK’s Information Commissioner’s Office (ICO) has just released new guidance about its regulatory approach to COVID-19. This article sets out the highlights.
What’s this all about?
In light of challenges faced by organisations because of COVID-19, the ICO has issued a statement entitled ‘How we will regulate during coronavirus’ (‘the statement’) accompanied by guidance entitled ‘The ICO’s regulatory approach during the coronavirus public health emergency’ (‘the guidance’).
The theme of the ICO’s approach is set out in the statement where, amongst other things, the Commissioner says the following:
The guidance states that the ICO is “committed to an empathetic and pragmatic approach, and will demonstrate this through [its] actions” including focussing its “efforts on the most serious challenges and greatest threats to the public” and taking “firm action against those looking to exploit the public health emergency […] by misusing personal information”.
In a list of issues under the heading “Engagement with the public and organisations” the guidance states that, amongst other things, the ICO:
Under the heading “Regulatory action” the guidance states that the ICO will “[…] continue to act proportionately, balancing the benefit to the public of taking regulatory action against the potential detrimental effect of doing so, taking into account the particular challenges being faced at this time” and lists the following:
What is the guidance in other countries?
We have looked at guidance in more than 35 other countries in our Coronavirus (COVID-19) & Data Protection FAQs. The FAQs also have guidance on a wide range of related topics including working from home. You can read that guidance here www.bit.ly/gdprvirus.
What does this mean for existing cases?
As we’ve said before the ICO has a number of big investigations on at the moment. We’ve already written about the delays in the British Airways and Marriott data breach investigations (see here https://www.corderycompliance.com/is-ba-fine-in-departure-lounge/). We’re now expecting news of the BA investigation in May and the Marriott investigation in June. Given the struggles both organisations face currently, as we’ve said previously, it might well be the case that we’ll see significant reductions in the eventual fines for both companies from the headline figures in last year’s Notices of Intent.
What are the takeaways?
Although the ICO may appear to be adopting a more flexible approach to regulatory action because of COVID-19, despite the significant challenges that many organisations are currently facing, this doesn’t mean that they should relax too much – the ICO’s latest guidance is not a get-out-of-jail card. Most notably, organisations should still aim to notify data breaches within 72 hours (and in the process also avoid risking sanctions for late notification) and also communicate breaches to affected individuals without undue delay; don’t forget that there are also other issues at stake including reputation. Organisations should always bear in mind that guidance is only guidance – in a given matter the ICO might adopt a different approach, as also might a court. Finally, the guidance also serves as a reminder of the legal requirement for organisations to register with the ICO.
Cordery’s GDPR Navigator includes resources to help deal with data protection compliance. GDPR Navigator includes:
For information about our Breach Navigator tool please see here: https://www.corderycompliance.com/solutions/breach-navigator/
The ICO’s statement and guidance can be found here: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/04/how-we-will-regulate-during-coronavirus/
We report about data protection issues here: http://www.corderycompliance.com/category/data-protection-privacy/.
For more about GDPR please also see our GDPR FAQs which can be found here: http://www.corderycompliance.com/eu-data-protection-regulation-faqs-3/ and our Data Protection Glossary which can be found here: http://www.corderycompliance.com/?s=glossary.
For more information please contact André Bywater or Jonathan Armstrong who are lawyers with Cordery in London where their focus is on compliance issues.
Free trials are only available to individuals based in the UK
* denotes a required field
Jonathan is an experienced lawyer with a concentration on technology and compliance. His practice includes advising multinational companies on matters involving risk, compliance and technology across Europe. He has handled legal matters in more than 60 countries involving emerging technology, corporate governance, ethics code implementation, reputation, internal investigations, marketing, branding and global privacy policies. Jonathan has counselled a range of clients on breach prevention, mitigation and response. He has also been particularly active in advising multi-national corporations on their response to the UK Bribery Act 2010 and its inter-relationship with the U.S. Foreign Corrupt Practices Act (FCPA).
Jonathan is one of three co-authors of the LexisNexis definitive work on technology law, “Managing Risk: Technology & Communications”. He is a frequent broadcaster for the BBC and other channels and appeared on BBC News 24 as the studio guest on the Walport Review.
In addition to being a lawyer, Jonathan is a Fellow of The Chartered Institute of Marketing. He has spoken at conferences in the U.S., Canada, China, Brazil, Singapore, Vietnam, the Middle East and across Europe. Jonathan qualified as a lawyer in the UK in 1991 and has focused on technology, risk and governance matters for more than 20 years. In April 2017 Thomson Reuters listed Jonathan as the 6th most influential figure in risk, compliance and fintech in the UK. Jonathan was ranked as the 14th most influential figure in data security worldwide by Onalytica in their 2016 Data Security Top 100 Influencers and Brands Survey.
Jonathan is a Solicitor of the Senior Courts of England & Wales. In addition Jonathan is admitted as a Solicitor (non-practising) in Ireland.
0330 161 1234