dcsimg

The GDPR: Legitimate interest – what is it and when does it apply?

The GDPR (General Data Protection Regulation) outlines six conditions under which organisations can process personal data. Contractual requirements, legal obligations, vital interests and tasks carried out in the public interest are all relatively self-explanatory, leaving consent and legitimate interest that need to be unpacked in more detail. We’ve covered consent before, so our focus here will … [Read more...]

How much does GDPR compliance cost in 2020?

We’ve come a long way since the panic and scepticism that accompanied the introduction of the GDPR (General Data Protection Regulation). Several high-profile fines and the continued warnings from regulators have led to a sharp uptick in the number of organisations addressing their compliance requirements. But that doesn’t mean their job is done as far as the GDPR goes; organisations must continue … [Read more...]

The GDPR: How to perform due diligence of Cloud service providers

One overlooked aspect of the GDPR (General Data Protection Regulation) is that it’s now much harder for organisations to pass the blame when a third party suffers a data breach. Data controllers – the organisations that dictate what information is processed – must give instructions for how data processors – the service providers – handle personal information. Unless the third party has explicitly … [Read more...]

3 reasons you should give your DPO specialist training

Organisations that appoint a DPO (data protection officer) will have a significantly different approach to information security than those that don’t.  The person who fills the position is responsible for monitoring the organisation’s data protection practices and helping staff understand their regulatory requirements, amongst other things.  Under the GDPR (General Data Protection Regulation), … [Read more...]

The GDPR has led to a spike in DSARs (data subject access requests)

Depending on who you ask, the GDPR (General Data Protection Regulation) has either overhauled the way organisations handle personal data or it’s a complex and ultimately pointless piece of bureaucracy.  Fortunately, the number of people in the latter camp has shrunk in the past year or so, as the GDPR has proven to have a tangible effect on business. And we’re not just talking about fines, both … [Read more...]

How EU organisations’ GDPR requirements will change in a no-deal Brexit scenario

We’re now, once again, on the precipice Brexit, and as the deadline nears, you’ll see more stories appear about how EU-based organisations will be affected by the UK’s departure from the EU.  European organisations with ties to the UK are particularly concerned about the ramifications of the GDPR (General Data Protection Regulation). With the UK’s EU status up in the air, organisations must … [Read more...]

Google wins landmark ruling on the ‘right to be forgotten’

A landmark ruling by the ECJ (European Court of Justice) says that Google does not have to apply the ‘right to be forgotten’ globally.  The case goes back to 2015 when the French data protection authority (CNIL) ruled that Google must remove damaging or false information from the search engine when the ‘right to be forgotten’ is requested. Google was also fined €100,000 for failing to apply … [Read more...]

Does your organisation’s data protection policy comply with the GDPR?

The introduction of the GDPR (General Data Protection Regulation) has meant that organisations across Europe must be a lot more rigorous about the way they handle people’s personal data.  One of the most important steps is to create a data protection policy to make sure employees know exactly what they should and shouldn’t do when processing or storing sensitive information.    What a data … [Read more...]

Is your organisation’s privacy notice GDPR compliant?

If your organisation is subject to the GDPR (General Data Protection Regulation), you must create and distribute a privacy notice.  This document ensures that individuals are aware of the way their personal data is processed, helping them understand what data is being collected, why and how it’s being used, and how long it will be kept.  But there are several other reasons organisations should … [Read more...]

How to write a GDPR data breach notification procedure

Documenting your GDPR compliance can be tough, but a little guidance and access to documentation templates can make things much easier.  The documentation process is one of the most important parts of GDPR (General Data Protection Regulation) compliance. What you write dictates the way you approach security and privacy, and any mistakes will set you up for failure when those documents are called … [Read more...]