dcsimg

How much does GDPR compliance cost in 2020?

We’ve come a long way since the panic and scepticism that accompanied the introduction of the GDPR (General Data Protection Regulation). Several high-profile fines and the continued warnings from regulators have led to a sharp uptick in the number of organisations addressing their compliance requirements. But that doesn’t mean their job is done as far as the GDPR goes; organisations must continue … [Read more...]

The GDPR: How to perform due diligence of Cloud service providers

One overlooked aspect of the GDPR (General Data Protection Regulation) is that it’s now much harder for organisations to pass the blame when a third party suffers a data breach. Data controllers – the organisations that dictate what information is processed – must give instructions for how data processors – the service providers – handle personal information. Unless the third party has explicitly … [Read more...]

A breakdown of the GDPR’s six data processing principles

The Regulation stipulates that infringements of “the basic principles for processing, including conditions for consent” are subject to the highest possible administrative fines – up to €20,000,000 or 4% of global annual turnover, whichever is greater. If any detail can get the attention of the people who need to understand this, it is likely that potential fines of that scale will do the job.  The … [Read more...]

GDPR compliance and managing personal data internationally

To enforce the Regulation outside the bounds of the EU, the GDPR has a number of elements designed to control how organisations within the EU are able to transfer personal data internationally.  The term “third countries” is not defined in the GDPR but comes from the EU’s primary treaties in order to refer to countries that are not party to those treaties. It is a common term in EU law and is … [Read more...]

The GDPR: How the right to be forgotten affects backups

The GDPR (General Data Protection Regulation) is a big, complex law, and, as it’s only natural that some elements appear to contradict each other.  One of those apparent contradictions involves arguably the most notorious aspect of the GDPR: the right to erasure (also known as the ‘right to be forgotten’).  This right – one of eight enshrined in the GDPR – allows individuals to request that … [Read more...]

3 reasons you should give your DPO specialist training

Organisations that appoint a DPO (data protection officer) will have a significantly different approach to information security than those that don’t.  The person who fills the position is responsible for monitoring the organisation’s data protection practices and helping staff understand their regulatory requirements, amongst other things.  Under the GDPR (General Data Protection Regulation), … [Read more...]

How does the GDPR affect sole traders?

Almost all EU-based organisations are affected by the GDPR (General Data Protection Regulation), from sole traders to multinationals.  But even though the GDPR unifies data protection rules across Europe, not all businesses will face the same problems. We’ve covered many of the issues you’re likely to face, but this blog focuses on the way sole traders should approach their compliance … [Read more...]

The GDPR has led to a spike in DSARs (data subject access requests)

Depending on who you ask, the GDPR (General Data Protection Regulation) has either overhauled the way organisations handle personal data or it’s a complex and ultimately pointless piece of bureaucracy.  Fortunately, the number of people in the latter camp has shrunk in the past year or so, as the GDPR has proven to have a tangible effect on business. And we’re not just talking about fines, both … [Read more...]

How EU organisations’ GDPR requirements will change in a no-deal Brexit scenario

We’re now, once again, on the precipice Brexit, and as the deadline nears, you’ll see more stories appear about how EU-based organisations will be affected by the UK’s departure from the EU.  European organisations with ties to the UK are particularly concerned about the ramifications of the GDPR (General Data Protection Regulation). With the UK’s EU status up in the air, organisations must … [Read more...]

Does your organisation’s data protection policy comply with the GDPR?

The introduction of the GDPR (General Data Protection Regulation) has meant that organisations across Europe must be a lot more rigorous about the way they handle people’s personal data.  One of the most important steps is to create a data protection policy to make sure employees know exactly what they should and shouldn’t do when processing or storing sensitive information.    What a data … [Read more...]