GDPR Archive
DPIAs (data protection impact assessments) help organisations identify, assess and mitigate privacy risks to data processing activities. They are particularly important when introducing new data processes, systems and technologies.
The GDPR (General Data Protection Regulation) outlines six conditions under which organisations can process personal data. Contractual requirements, legal obligations, vital interests and tasks carried out in the public interest are all relatively self-explanatory, leaving consent and legitimate interest that …
Has your organisation been receiving more DSARs (data subject access requests) than usual? If so, you’re not alone. In fact, one report has found that there was a 66% increase in requests last year. Although the pandemic may have contributed …
If your organisation is subject to the GDPR (General Data Protection Regulation), you must create and distribute a privacy notice. This document ensures that individuals are aware of the way their personal data is processed, helping them understand what data is being collected, why and how it’s being used, and how …
Last month, the European Commission adopted new recommendations to help organisations transfer personal data across the world with greater security. Notably, organisations are now encouraged to incorporate risk-based assessments for personal data transfers that are centred on real-world experience rather …
We’ve come a long way since the panic and scepticism that accompanied the introduction of the GDPR (General Data Protection Regulation). Several high-profile fines and the continued warnings from regulators have led to a sharp uptick in the number of …
Did you know that the GDPR (General Data Protection Regulation) doesn’t just apply to basic information like names and addresses, but also to information about people’s habits and movements? This means that things like having CCTV and monitoring employees’ browsing activities are covered by the Regulation. However, that doesn’t mean you can no longer put up cameras or track your employees; it just means you need to be more careful about how …
On 5 September, the highest body of the European Court of Human Rights (ECHR) restricted employers’ power to monitor the private messages of their employees. The ruling overturns a lower court’s decision to back an organisation that sacked one of …
The rhetoric in the run-up to the GDPR (General Data Protection Regulation) taking effect was that any organisation that didn’t have immaculate compliance practices would be in line for a €20 million fine. Although only the most frantic commentators thought …
Business to business marketers have had countless questions about the GDPR (General Data Protection Regulation) since it took effect – and for good reason. Sensitive data is at the centre of everything they do. They need names, contact information and any …
