GDPR Archive
Organisations share personal data with third parties all the time, but can they be trusted? The GDPR (General Data Protection Regulation) extended the scope of responsibility when it comes to data protection and privacy, so where does that leave you when it comes to security incidents caused by …
We’ve come a long way since the panic and scepticism that accompanied the introduction of the GDPR (General Data Protection Regulation). Several high-profile fines and the continued warnings from regulators have led to a sharp uptick in the number of …
The introduction of the GDPR (General Data Protection Regulation) requires all organisations within its scope to give data subjects the right to review the personal data being held on them. These requirements are broadly consistent with previous laws about personal data access requests, albeit more rigorous. However, …
Cookies are mentioned only once in the EU General Data Protection Regulation (GDPR), but the repercussions are significant for any organisation that uses them to track users’ browsing activity.
Personal data is at the heart of the GDPR (General Data Protection Regulation), but many people are still unsure exactly what ‘personal data’ refers to. There’s no definitive list of what is or isn’t personal data, so it all comes down …
The GDPR (General Data Protection Regulation) outlines six conditions under which organisations can process personal data. Contractual requirements, legal obligations, vital interests and tasks carried out in the public interest are all relatively self-explanatory, leaving consent and legitimate interest that …
Many people mistakenly think that organisations must get consent to process personal data, but consent is one of six lawful grounds for processing data, and you’d be advised to seek it only if none of the other grounds apply.
The EU General Data Protection Regulation (GDPR) outlines six data protection principles that organisations need to follow when collecting, processing and storing individuals’ personal data. The data controller is responsible for complying with the principles and must be able to …
The EU General Data Protection Regulation (GDPR) requires organisations to adopt the principles of “privacy by design and by default”. These concepts require organisations to embed security measures into their systems at the outset, rather than applying features retroactively. It …
Under the GDPR, certain organisations are required to appoint a DPO (data protection officer). Organisations are also required to publish the details of their DPO and provide these details to their national supervisory authority.