GDPR Archives - IT Governance UK Blog

Changing Attitudes Towards GDPR Enforcement and Compliance: 2018 – 2023

Neil Ford 25th May 2023 GDPR

Monday’s €1.2 billion fine for Meta – by far the biggest fine issued under the GDPR since it took effect five years ago – has been taken by many as a sign that the Regulation is at last beginning to …

[Continue Reading...]

GDPR Article 32: Your Guide to the Requirements

Luke Irwin 23rd May 2023 GDPR

Perhaps the most widely discussed set of compliance requirements within the GDPR (General Data Protection Regulation) are those found in Article 32. That’s because it contains the measures that organisations must implement to prevent cyber attacks and data breaches. In …

[Continue Reading...]

Five Years of the EU General Data Protection Regulation and Data Protection Act 2018

Neil Ford 18th May 2023 GDPR

For many outside the data privacy and IT governance, risk management and compliance sectors, the GDPR (General Data Protection Regulation) seemed to appear five years ago as if from nowhere. It had barely made the news before May 2018, but …

[Continue Reading...]

GDPR Article 17: What Is the Right to Erasure?

Luke Irwin 30th March 2023 GDPR

Article 17 of the GDPR (General Data Protection Regulation) plays a distinctive yet essential role in data protection law. It enshrines “the right to erasure” (sometimes referred to as “the right to be forgotten”), which allows people to request that …

[Continue Reading...]

Unlocking Access: How to Respond to a Data Subject Access Request (DSAR)

Beth Greenall 21st March 2023 GDPR

Under EU and UK law, individuals have the right to know what personal data an organisation processes about them and how it is used. They can exercise this right by submitting a DSAR (data subject access request). The rules for …

[Continue Reading...]

Personal data vs Sensitive Data: What’s the Difference?

Luke Irwin 14th March 2023 GDPR

At the heart of the GDPR (General Data Protection Regulation) is the concept of ‘personal data’. But what constitutes personal data? Are names and email addresses classified as personal data? What about photographs and ID numbers? And where does the …

[Continue Reading...]

How to write a GDPR data protection policy – with template examples

Luke Irwin 27th January 2023 Data Protection, GDPR

The GDPR (General Data Protection Regulation) isn’t just about implementing technological and organisational measures to protect the information you store. You also need to demonstrate your compliance, which is why data security policies are essential. These documents form part of …

[Continue Reading...]

Governments Might Change, but Data Protection Obligations Remain

Luke Irwin 3rd November 2022 GDPR

You might remember that several months and a handful of prime ministers ago, the government proposed an overhaul of data protection law. The efforts stemmed from complaints over the GDPR (General Data Protection Regulation), which was adopted by the UK …

[Continue Reading...]

The benefits of NIS Regulations and the GDPR for Cloud service providers

Luke Irwin 27th July 2021 GDPR, NIS Regulations

The way Cloud service providers in the UK operate has changed dramatically in the past few years, thanks to a pair of regulations that took effect. The first – the EU GDPR (General Data Protection Regulation) – should be familiar …

[Continue Reading...]

The GDPR’s Six Lawful Bases For Processing – With Examples

Neil Ford 21st June 2021 GDPR

Under the GDPR (General Data Protection Regulation), a lawful basis must be documented when organisations process personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are …

[Continue Reading...]