Risk and Compliance Update - 20th May

Risk and Compliance Update - 20th May

In this issue:

Risk & Compliance forecast

Data protection

Cybersecurity

Financial crime prevention 



Risk & Compliance forecast

 

Our new Risk & Compliance forecast (as at 18 May 2021) is now live. This month, we report on issues including (1) the government’s progress report on its economic crime plan; (2) a call for views on supply chain cybersecurity; (3) the ICO’s data sharing code of practice; and (4) whistleblowing. You can rest assured we’re tracking forthcoming regulatory changes so you can plan ahead.

See Practice Note: Risk & Compliance forecast as at 18 May 2021.

 


 

 

Data protection

 

Locatefamily.com fined €525,000 for failure to appoint data protection representative

One of the most overlooked obligations in the EU’s General Data Protection Regulation (EU GDPR) is the requirement for organisations who are subject to EU GDPR but outside the EEA to appoint a data protection representative (DPR). But that’s likely to have much more attention now with the fine announced on 12 May 2021 for Locatefamily.com from the Netherlands supervisory authority (the Autoriteit Persoonsgegevens or AP) for failure to appoint a DPR. Jonathan Armstrong and André Bywater of Cordery explain.

See News Analysis: Locatefamily.com fined €525,000 for failure to appoint data protection representative.


 

ICO fines company for misusing coronavirus (COVID-19) contact tracing QR codes

The Information Commissioner’s Office (ICO) has fined Tested.me Ltd £8,000 for sending nearly 84,000 nuisance marketing emails using data acquired for contact tracing during the coronavirus (COVID-19) pandemic. The company provides digital contact tracing services by offering QR codes for people to scan when entering businesses. In a separate investigation, the ICO contacted 16 QR code providers to ensure personal data was being used correctly.

See: LNB News 18/05/2021 108.


 

ICO welcomes laying of Data Sharing Code of Practice before Parliament

The ICO has published a statement in response to the Data Sharing Code of Practice being laid before Parliament on 18 May 2021. The statement welcomes the code, noting that it ‘aims to give businesses and organisations the confidence to share data in a fair, safe and transparent way, and it dispels many of the remaining myths about data sharing’. The ICO’s statement goes on to say that ‘data sharing will be central to the UK’s recovery’ from the coronavirus pandemic, and that the regulator will continue to work alongside organisations and other stakeholders ‘as part of our ongoing work on addressing perceived barriers to data sharing, helping them better understand how they can share information appropriately’. The code is to lay before Parliament for 40 sitting days before it comes into force.

See: LNB News 18/05/2021 15.


 

Cybersecurity

 

Biden’s cybersecurity order likely to reach beyond US Government

Law360: The US Biden administration has taken a major step toward curtailing a growing scourge of cyberattacks with a new executive order that not only imposes heightened cybersecurity requirements on the federal government and its contractors but also sets a strong example that’s likely to rub off on private companies.

See News Analysis: Biden’s cybersecurity order likely to reach beyond US Government.


 

DCMS publishes call for views on supply chain cybersecurity

The Department for Digital, Culture, Media & Sport (DCMS) has announced a call for views on supply chain cybersecurity and how organisations manage supply chain cyber risk. This call for views requests feedback on existing guidance for supply chain cyber risk management, intends to test the suitability of a proposed framework for managed service provider security and will include an anonymous summary of responses received, which will be published in late 2021. The call for views will close at 23:59 on Sunday 11 July 2021. This is part of the government’s wider work on cyber resilience and our strategy to make the UK the safest place to live and work online. This call for views follows government proposals to assist British businesses with managing cyber risks attached to supply chains and to support UK firms.

See: LNB News 17/05/2021 62.


 

Financial crime prevention 

EU money-laundering regulator to hold supervisory, intelligence functions, McGuinness says

MLex: A new EU-wide money laundering watchdog will hold both supervisory and intelligence functions to fight illicit financial flows across the EU by 2026, the EU’s Financial Services Commissioner, Mairead McGuinness, has said.

See News Analysis: EU money-laundering regulator to hold supervisory, intelligence functions, McGuinness says.


 

EU courts told to let Iranian companies use sanction blocking law

Law360, London: Iranian banks and businesses should be allowed to ask EU courts to invoke a blocking law if they think a company has cut ties over fears of violating US sanctions, a legal adviser told the EU’s top court on 12 May 2021.

See News Analysis: EU courts told to let Iranian companies use sanction blocking law.

Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.