Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

Keep up to date with how the ICO is protecting your data and your data rights.

Coronavirus and data protection - what if I become seriously unwell and I need somebody to access information about me? - 23 June 2020

There may be times where you need a friend or relative to be able to access information about you, in order to provide care and support or to make decisions. In urgent situations, organisations can share information where necessary. 

However, you can record your choices in advance.

If you live in England or Wales:

If you live in Northern Ireland:

  • If you have appointed an Attorney under Enduring Powers of Attorney, and this has been registered with the Office of Care and Protection, they will have the legal authority to access data in order to manage your affairs.

  • The Office of Care and Protection are processing critical work only during the pandemic. They are not registering new Enduring Powers of Attorney.
  • Where there is no formal legal power in place, you could make a note of the information you want to be shared and with whom, and make those close to you aware of this.

If you live in Scotland:

  • If you have appointed an Attorney, they will have the legal authority to access information about you in order to perform their role.
  • The Office of the Public Guardian (Scotland) are continuing to register Powers of Attorney during the coronavirus pandemic. . The usual process takes up to 30 days. An expedited service is available for emergencies.
  • Where there is no formal legal power in place, and the situation does not qualify for the expedited service, the OPG (Scotland) suggest temporary measures. This could include making a note of what information you want to be shared and with whom, and making those close to you aware of this.

Coronavirus recovery – what are your information rights? - 11 June 2020

As workplaces begin to open up and lockdown restrictions start to ease, it’s important you know what your data protection rights are when it comes to your personal information.

Here’s a few things to remember or to consider if you’re going back to work or visiting places:

  • If you’re asked if you have experienced coronavirus symptoms or to take a test, you have certain rights under data protection law. You’re entitled to know what personal data is being collected about you, why it’s being collected and how long it’s going to be held for.
  • It should also be easy for you to request a copy of your data that has been recorded (called a subject access request or SAR). Details on what to include if you’re making a SAR are available on our website.
  • You may be asked questions about your general health, and possibly the health of your family members. This information is protected under data protection law, and means that whoever is using this information must take extra care with it.
  • Your employer may decide to use symptom trackers or other methods to monitor for coronavirus and social distancing rules. They should tell you if they’re considering doing this, and explain to you why they think it’s necessary. If you are concerned about how your personal data is being handled, you should raise this with the organisation involved.

Our 18 March blog post also gives more information about how you can expect organisations and the Government to use your personal data.

Stay one step ahead of the scammers - 31 March 2020

There’s growing evidence of a spike in email and phone scammers as criminals look to seize on people’s vulnerabilities during the current coronavirus pandemic. 

Maybe you’ve received one claiming to be from organisations you would trust such as:

  • the Government asking for your bank details so money related to free school meals can be transferred;
  • HMRC stating you have a tax refund;
  • banks asking you to confirm your details;
  • emails from criminals disguising themselves as an organisation;
  • callers offering coronavirus testing kits and protective equipment; or
  • calls telling you your internet is going to be cut off in 24 hours because you’ve been hacked.

The common factor with emails is that you can only find out more if you click on a link or open an attachment. An automated call will invariably ask you to press buttons on your phone and skilled criminals on live calls can deftly convince you of their legitimacy. And that’s when the damage starts. Either by inadvertently giving criminals access to your computer or phone or, at the extreme end of the scale, emptying your bank account. 

The good news is there are some simple steps to take to ensure you stay safe and don’t fall victim to these invisible criminals. Before you take any action, pause and take a moment to consider: 

  • Is the email addressed to you personally or is it addressed to “Dear customer” or “Valued customer”?
  • Is the spelling, punctuation and grammar correct?
  • Does the email ask you to urgently verify details within a specific time limit?
  • Does the sender’s email address look legitimate?
  • Does the email look like previous emails you have legitimately had from the same organisation?
  • Does the email ask for your bank account details, online banking passwords or your PIN number and CVC code for your debit card?
  • Does the caller’s offer sound too good to be true? Then it probably is.
  • Do you actually have an existing relationship with the caller?

Agencies across the UK, and beyond, are working together providing advice on how to stay safe online. The National Cyber Security Centre has an abundance of guidance including how to spot and deal with suspicious emailstop tips for staying safe online and securing your devices. The National Crime Agency is advising people to StopChallenge and Protect and to remain vigilant against fraud. 

Action Fraud, which has reported a 400% rise in Coronavirus fraud reports, offers advice on protecting yourself from scams. The Financial Conduct Authority has published information about potential coronavirus scams, how they could affect you, and how to protect yourself.

Citizens Advice has a handy online toolkit which helps you check if something might be a scam and National Trading Standards has launched a campaign to “wash your hands of coronavirus scams”. 

You can also read our advice on these types of scams on our Mae’ch data chi’n cyfrif web pages and if you receive any suspicious emails or phone calls you can report these to the ICO.

Remember before you open that email or proceed with a call, just take a moment – now and in the future - to consider the authenticity before you continue.

Coronavirus and personal data; what you need to know - 18 March 2020

Your personal information may not be your first thought when it comes to coronavirus, but if you’re worried, we’ve put together some information to help.

  1. Government, the NHS and other organisations will make sure you get vital public health messages via phone, email or text. You don’t need to give them your consent.
  2. You might be asked to give details about sensitive health conditions and recent travel that you think are excessive. Employers and organisations do have an obligation to protect their staff, so in some cases it can be reasonable for them to ask you if you have experienced coronavirus symptoms. But they shouldn’t be asking for more information than is necessary, and if you are concerned speak to the organisation involved.
  3. If you become ill with coronavirus, your employer might need to tell your colleagues. But that doesn’t mean they need to give out your name.
  4. If you’ve made a Freedom of Information request from a public body or made a subject access request (SAR) for your own information, you should expect delays in response. That’s because organisations are diverting their resources to help with other challenges. 

This Valentine’s day, don’t let your date steal your data! - 14 February 2020

Online dating has never been more popular, with half of 16-34-year-olds using dating apps and new sites popping up all the time. Whilst its now easier than ever to find the love of your life, online dating is not without its pitfalls, particularly where your personal data is concerned.

Some romance scammers can use online dating sites to gather personal data and steal your identity. Your name, address and date of birth provide enough information to create another ‘you’. An identity thief can use a number of tactics to find your personal information and can then use it to open bank accounts, take out credit cards and apply for state benefits in your name.

How can I protect myself from dating scams?

Keep the mystery alive

Think carefully when picking your user name – MancBen93 would give scammers a good idea of where you live and your date of birth. Avoid putting too much information on your profile.

Don’t overshare too soon

Romance scammers might ask for your address to send you gifts or your phone number so they can contact you. Always wait until you feel comfortable and have met in person before sending over any personal information.

Make sure your dating app is the one

Different dating apps will ask for different levels of personal information and some will connect with other social media apps. Make sure you know exactly how much of your personal information other users can see and that you’re happy with how much is being given away.

I think I’ve been a victim of a romance scam – what can I do?

Our guide to identity theft has more information on some of the signs to look out for and what you can do if you’ve been a victim.

You can also get more advice at:

Safer Internet Day - 11 February 2020

Happy Safer Internet Day!

This year’s theme is Free to Be, discussing how young people manage their online identity, and how the internet changes how they think of themselves and others. The day aims to highlight the fact that the internet is a great place for children and young people to express themselves. It’s also somewhere to find out more about other people who may have different views.

But it’s important that people are aware of the issues that children and young people face online. We can all play a part in making sure the internet is a safe area for everybody of whatever age to share their views.  

Lots of children can download apps, play online games and use social media sites. Most of the time they are better at this than their parents! Current research suggests that children make up a fifth of all internet users in the UK.

However, they’re using an internet that wasn’t designed with them in mind. That’s why the area of children’s privacy has become a priority area of work for us.

We have recently published our Children’s Code. The aim of this code is to protect children’s privacy online by making it clear to designers and developers they must put the best interests of their child users first

How do we expect them to do this?

The code sets out 15 standards that online services like websites, apps and games, that are likely to be used by children should meet to protect children’s privacy.

The code, which is rooted in data protection law, says that whenever children access a new website or app,  baseline privacy standards should be in place to protect their personal data and privacy by default.

The code is making its way through the Parliamentary process and we expect organisations to start implementing the standards after that. Once the code takes full effect, we’ll be able to take enforcement action against companies that fail to put our children first.

Safer Internet Day strives to make sure our children can enjoy the benefits of the internet and stay safe. And our code is a concrete step in the right direction.

In a generation from now, we will find it astonishing that children weren’t always protected in this way.

We have a section on our Online Safety pages offering practical tips about how you can help to keep your children safe online.

Updating WhatsApp on your device - 17 May 2019

On 14 May, WhatsApp announced an incident involving a spyware vulnerability on WhatsApp.

There are currently two agencies dealing with the incident, the National Cyber Security Centre (NCSC) on behalf of UK consumers and the Irish Data Protection Commission (IDPC) as the lead authority for WhatsApp under the EU GDPR.

We are currently liaising with the Irish Data Protection Commissioner to determine whether any UK users have been affected.

For anyone concerned about using WhatsApp the advice is to update your apps using standard updates from the app store as a precaution.

More detailed advice and information are available from National Cyber Security Centre (NCSC) and the IDPC.