Privacy Archive
As we emerge from the pandemic, hybrid working has proven hugely popular for individuals and organisations alike: staff enjoy increased flexibility and reduced commuting, and organisations benefit from lower overheads and greater productivity. Plus, the environmental benefits of homeworking are unmistakable. However, hybrid working also provides greater opportunities for cyber criminals. It introduces new security vulnerabilities, makes staff more susceptible …
A UK government report published last year found that 48% of organisations lacked the expertise to complete routine cyber security practices. This includes an inability to protect against malware, set access controls and apply updates. The report also found that …
The way Cloud service providers in the UK operate has changed dramatically in the past few years, thanks to a pair of regulations that took effect. The first – the EU GDPR (General Data Protection Regulation) – should be familiar …
Under the GDPR (General Data Protection Regulation), a lawful basis must be documented when organisations process personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are …
The documentation of processing activities is a new legal requirement under the EU GDPR (General Data Protection Regulation). Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance with other aspects of the …
The EU GDPR (General Data Protection Regulation) requires certain organisations to appoint a DPO (data protection officer) to comply with the Regulation. However, a shortage of DPOs means many organisations appoint staff to act as DPOs without the proper level of expertise, experience or qualifications. The …
I don’t think any of us would have thought in March 2020 that remote working would be as popular as it has become. The scepticism perhaps came from the hurriedness with which the measures were implemented, as many people worked …
Under the GDPR (General Data Protection Regulation), organisations must provide individuals with certain information via a data privacy statement or privacy notice. But what is a data privacy notice, and what should it contain? We explain everything you need to know …
Under the GDPR, DPIAs (data protection impact assessments) are mandatory for data processing that is “likely to result in a high risk to the rights and freedoms of data subjects”. Effectively a type of risk assessment, DPIAs assess how these …
Two in five businesses reported a cyber attack or data breach in the past 12 months, according to the UK government’s Cyber Security Breaches Survey 2021 The study suggests that the threat has increased as a result of COVID-19, with …
