Privacy Archive
Under the GDPR (General Data Protection Regulation), a lawful basis must be documented when organisations process personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are …
The documentation of processing activities is a new legal requirement under the EU GDPR (General Data Protection Regulation). Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance with other aspects of the …
The EU GDPR (General Data Protection Regulation) requires certain organisations to appoint a DPO (data protection officer) to comply with the Regulation. However, a shortage of DPOs means many organisations appoint staff to act as DPOs without the proper level of expertise, experience or qualifications. The …
I don’t think any of us would have thought in March 2020 that remote working would be as popular as it has become. The scepticism perhaps came from the hurriedness with which the measures were implemented, as many people worked …
Data protection law in the UK has changed as a result of Brexit. You can find the latest guidance here. Under the GDPR (General Data Protection Regulation), organisations must provide individuals with certain information via a data privacy statement or privacy …
Under the GDPR, DPIAs (data protection impact assessments) are mandatory for data processing that is “likely to result in a high risk to the rights and freedoms of data subjects”. Effectively a type of risk assessment, DPIAs assess how these …
Two in five businesses reported a cyber attack or data breach in the past 12 months, according to the UK government’s Cyber Security Breaches Survey 2021 The study suggests that the threat has increased as a result of COVID-19, with …
In 2020, organisations received €182 million (about £155 million) in fines for violating the GDPR (General Data Protection Regulation), according to an IT Governance report. Our GDPR Fines Quarterly Report revealed that more than two thirds of that total – …
You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). The Regulation isn’t just about written details, like names and addresses; it applies to any information that can identify someone. That includes pictures …
The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights, and meet requests promptly. Failure to do so is a violation of the GDPR …
