Clinical trials part 3: GDPR considerations for Informed Consent Forms
Clinical Trials, Policies & DocumentationIn Part 3 of our clinical trials blog series, we explore the key GDPR considerations sponsors should address when preparing and localising Informed Consent Forms (ICFs). […]
CCTV and GDPR: What organisations get wrong
Data Protection Impact Assessment (DPIA), Lawful BasesThis blog explores some of the most common compliance mistakes organisation can make when using CCTV in the workplace and explains how to avoid them. Under […]
Clinical trials part 2: Data protection considerations for vendor Data Processing Agreements
Clinical Trials, Policies & DocumentationData Processing Agreements (DPAs) are legally required under the EU and UK General Data Protection Regulation (GDPR) whenever clinical trial sponsors use third-party vendors to process […]
Europrivacy certification for GDPR compliance
Policies & Documentation, Principles of GDPRIn this blog, we explore the benefits of GDPR certification and take an in-depth look into the EU’s leading certification scheme – Europrivacy™/® As data protection […]
Clinical trials part 1: Data protection considerations for Clinical Trial Agreements
Clinical Trials, Policies & DocumentationIn this first part of our clinical trials blog series, we explore some of the key data protection considerations that sponsors need to cover in Clinical […]
Rise of the machines: Does AI spell death for human recruiters?
AIAI is reshaping recruitment at an astonishing pace, transforming the way organisations attract and hire talent. But as companies embrace AI automation, a growing number of […]
ICO’s guidance on Consent or Pay: What you need to know
Official Guidance, Privacy by DesignOn 23 January 2025, the Information Commissioner’s Office (ICO) issued important guidance on ‘Consent or Pay‘ models for online tracking and personalised advertising. If you’re a publisher […]
Building a privacy office: Key strategies for EU/UK compliance
Policies & DocumentationMaintaining GDPR compliance in the UK and EU shouldn’t be approached as merely a tick box exercise. In the same way financial accountability or cybersecurity is […]
How to write a clear and compliant Privacy Notice
Policies & DocumentationA clear and compliant Privacy Notice is essential for organisations operating under the EU’s General Data Protection Regulation (GDPR), the UK GDPR, and the UK Data […]
GDPR DPO requirements: What qualifies as large-scale processing?
Data Protection Officer, Principles of GDPRUnder the GDPR, certain organisations must appoint a Data Protection Officer (DPO) to oversee compliance efforts and protect personal data. A key factor in this decision […]
Bank due diligence: Data protection checklist for providers
Data Protection Impact Assessment (DPIA), Data Security & Encryption, Policies & Documentation, Staff Training & AwarenessBefore entering outsourcing contracts, banks conduct thorough data protection due diligence on third parties such as payment, insurance and credit service providers. Banks must safeguard sensitive […]
Microsoft Copilot: Privacy concerns and compliance tips for 2025
AI, Data Protection Impact Assessment (DPIA), Lawful Bases, Policies & DocumentationMicrosoft Copilot privacy concerns have been in the spotlight recently. The technology has quickly become a powerful example of how AI-enhanced tools are transforming the capabilities […]
Data protection 2024: Key trends and predictions for 2025
AI, Global data privacy laws, Global data protection news, International data transfersThe field of data protection underwent rapid transformation in 2024, shaped by new regulations, landmark legal decisions, and the early signs of a global movement towards […]
Navigating international data transfers: TIAs vs TRAs
Data Sharing, International data transfers, Policies & DocumentationAs businesses expand globally, transferring personal data across borders has become a routine part of operations. However, these transfers carry inherent risks that require careful consideration […]
Understanding GDPR territorial scope: Essential compliance guide
EU/UK Representation Services, Principles of GDPRUnderstanding GDPR territorial scope is essential for businesses operating across EU and UK borders. With the rise of digital transactions, cloud storage, and remote working, personal […]
How social communication channels impact DSARs
Data Retention, DSARs, Principles of GDPR, Staff Training & AwarenessAs people grow more aware of their privacy rights, companies are facing more DSARs than ever before. Fulfilling these requests is a legal requirement for organisations […]
How data protection builds customer trust and loyalty
Principles of GDPR, Privacy by DesignAs data protection laws continue to evolve globally, so does public awareness of privacy rights. When the GDPR was implemented back in 2018, it ushered in […]
Compliance with the AI Act Part 4: Essential strategies
AI, EU AI Act, Official GuidanceAs we wrap up our AI Act blog series, this final Part 4 explores some of the key strategies you can implement to keep your business […]
NHS DSPT: A guide to the latest requirements and avoiding common mistakes
Official Guidance, Staff Training & AwarenessLatest update 10 October 2024: This blog has been revised to include the most current DSPT submission requirements In this blog we detail the updated […]
Live Facial Recognition deployment and data protection compliance
AI, Data Protection Officer, Principles of GDPROn paper, using AI-based Live Facial Recognition (LFR) technology for security and law enforcement makes perfect sense. It improves accuracy, takes the guesswork out of identifying […]
How to choose the right lawful basis for clinical trial data processing
Clinical Trials, Lawful Bases, Principles of GDPRClinical trial sponsors often face challenges when it comes to selecting the right lawful basis for clinical trial data processing. Key questions include whether the choice […]
How to apply the GDPR to historic records
Data Retention, Policies & Documentation, Principles of GDPRThe GDPR has been in effect since 2018, and most organisations have implemented comprehensive data protection programmes to manage personal data processing. However, questions still arise […]
Compliance with the AI Act Part 3: Who must comply and what are the obligations?
AI, EU AI Act, Official GuidanceOn 1 August 2024, the European Artificial Intelligence Act (AI Act) was officially enacted – a pivotal moment in the regulation of AI technologies. Part 3 of our blog series explores […]
Understanding data protection liabilities for C-suite executives and senior leaders
Data Breach, Privacy by Design, Staff Training & AwarenessUnderstanding data protection liabilities isn’t only a regulatory requirement for C-suite executives and senior leaders – it’s a critical aspect of effective leadership. These key roles […]
Protecting patient data: How to stay CQC compliant
Data Breach, Policies & Documentation, Special Category DataProtecting patient data and staying compliant with Care Quality Commission (CQC) expectations are top priorities for the care industry in England today. The CQC’s recent push […]
Unveiling dark patterns: Sales tactics and regulatory compliance
Data Security & Encryption, Marketing, Principles of GDPRUnveiling dark patterns: Sales tactics and regulatory compliance sheds light on the controversial techniques businesses can sometimes use to drive sales and the importance of regulatory […]
Compliance with the AI Act Part 2: What is ‘high-risk’ activity?
AI, EU AI Act, Official GuidanceIn the second part of our blog series, Compliance with the AI Act Part 2: What is ‘high-risk’ activity? we explore the AI Act’s risk-based approach […]
Compliance with the AI Act Part 1: Timeline and important deadlines
AI, EU AI Act, Official GuidanceOur Compliance with the AI Act blog series explores what you need to know about the upcoming legal obligations of deploying certain artificial intelligence (AI) technologies […]
Canadian privacy laws: PIPEDA and beyond
Data Protection Officer, Global data privacy laws, Policies & DocumentationQ&A with Ray Pathak, MD The DPO Centre, Canada The Personal Information Protection and Electronics Act (PIPEDA) was enacted in April 2000. Since then, there have […]
Quebec’s Law 25: A guide to support compliance
Data Privacy Officer, Data Sharing, Policies & DocumentationOrganisations that collect, process and store the personal information of Quebec individuals must ensure their existing privacy programs are in line with the provisions of Quebec’s […]
Data protection checklist for mergers and acquisitions
Data Breach, Data Protection Impact Assessment (DPIA), Data Protection OfficerA data protection checklist for mergers and acquisitions is a useful tool to help both parties understand what documents should be included to demonstrate compliance with […]
Data protection compliance: Law firm vs outsourced DPO services
Data Protection Officer, EU/UK Representation Services, Policies & DocumentationWhen it comes to ensuring data protection compliance, organisations often face a choice between engaging a specialist law firm vs outsourced DPO (Data Protection Officer) services. […]
How to identify a phishing email: Safeguarding your organisation
Data Breach, Staff Training & AwarenessKnowing how to identify a phishing email is crucial for safeguarding your organisation against cyberthreats. According to Microsoft, nearly 15 billion suspicious emails are blocked every […]
What is a DPA and why do you need one?
Data Sharing, Policies & DocumentationA Data Processing Agreement (DPA), also called a Data Processor Agreement, is a legally binding contract between a data controller (usually your organisation) and a data processor […]
EDPB Report: Challenges faced by DPOs in Europe
Data Protection Officer, Official GuidanceOn 17 January 2024, the European Data Protection Board (EDPB) published a report on a co-ordinated investigation into the role of Data Protection Officers (DPOs). 25 […]
GDPR advice for SaaS companies entering EU & UK markets
Data Protection Officer, EU/UK Representation ServicesEurope and the UK offer many growth opportunities for SaaS companies looking to expand beyond their home territories. The EU’s and UK’s mass consumer markets have […]
Thailand’s PDPA vs EU’s GDPR: A comparative review
Data Protection Officer, Global data privacy laws, Principles of GDPRThe Personal Data Protection Act (PDPA) is Thailand’s first data protection law, effective from 1 June 2022. As a new legislation, it brought significant changes for […]
International Data Transfers: Explaining EU SCCs, UK Addendum and UK IDTA
Data Sharing, International data transfers, Policies & DocumentationEU and UK-based organisations regularly need to transfer personal data to different countries for a variety of reasons – project collaborations, partnerships, service providers etc. With […]
Data Protection in 2023: A year in review
AI, Global data privacy laws, Global data protection news, International data transfersThis year has seen significant progress in the data protection industry, with many new privacy laws being enacted across the globe. In this blog, we look […]
Data retention and the GDPR: Best practices for compliance
Data Retention, Policies & DocumentationHow long should we keep different types of personal data? How can we create an effective data retention policy and schedule? What role do data controllers, […]
GDPR Representative: Do you need one?
Data Protection Officer, EU/UK Representation ServicesNavigating the complexities of data protection regulations can be challenging, especially for organisations and businesses operating across borders. The General Data Protection Regulation (GDPR) specifies that […]
Lead generation and the GDPR: Are you compliant?
Lawful Bases, MarketingIn this blog, we break down the essentials of lead generation and GDPR compliance, exploring what businesses need to know. Whether you manage lead generation in-house […]
Vendor due diligence & GDPR compliance: 5 practical steps
Data Sharing, Policies & DocumentationFrom IT solutions to DPO services, accounting, and customer services, the global outsourcing sector is expanding to support the needs of organisations across all industry sectors. […]
DSAR exemptions: When can information be withheld?
DSARsWith the constant evolution of privacy laws globally, people are more aware of the significance of their personal data and are increasingly exercising their rights to […]
What is a DPIA?
Data Protection Impact Assessment (DPIA)Since the implementation of the GDPR, consumers have become increasingly data protection savvy. People want to know that businesses have the right safeguards in place. Data […]
EU-US Data Privacy Framework: 3rd time lucky?
EU/UK Representation Services, International data transfersThis blog was revised 30 October 2023 to include the results of the first legal challenge and the UK’s adequacy decision. On July 10, 2023, […]
Data breach management: 5 tips for an effective response
Data Breach, Data Protection Impact Assessment (DPIA), Data Security & Encryption, Staff Training & AwarenessThis blog was edited and updated on 4 March 2024 Data breaches can have devasting impacts for both organisations and their data subjects, no matter the […]
Standard Contractual Clauses (SCCs) for data transfers
Adequacy, EU/UK Representation Services, International data transfersIntroduction In recent years, data has been hailed as the new gold. Personal data helps businesses understand their customers and create an individualised experience. It helps […]
ICO DSAR guidance: Preventing misunderstandings
DSARs, Lawful Bases, Marketing, Principles of GDPR, Special Category DataOn 24 May 2023, the UK’s Information Commissioner’s Office (ICO) published revised guidance to help support employers in responding to data subject access requests (DSARs). The […]
Anonymisation Part 2: Risk Reduction for CROs, Sponsors & Partners Conducting Clinical Trials
Clinical Trials, Data Security & Encryption, Data Sharing, Principles of GDPR, Special Category DataOutlining risk reduction for CROs, sponsors & partners conducting clinical trials Clinical Trials are vital to the research and development cycle in life sciences organisations, and […]
Anonymisation Part 1: challenges & considerations for life sciences
Clinical Trials, Data Security & Encryption, Data Sharing, Principles of GDPR, Special Category DataIntroduction & anonymisation techniques Effective anonymisation is an issue for many organisations, however the process remains a crucial tool in safeguarding privacy rights and ensuring […]
AI and GDPR compliance
AI, Data Security & Encryption, Lawful Bases, Marketing, Principles of GDPR, Special Category DataIntroduction to AI and GDPR compliance Since the release of ChatGPT last year, there have been widespread concerns within the community of lawmakers and regulators about […]
Insights from the latest DP Index on the proposed UK data protection bill
Lawful Bases, Marketing, Principles of GDPR, Special Category DataThe UK Data Protection Index is based on a survey conducted among UK data protection professionals, tracking their professional opinions on a range of privacy topics […]
5 lessons learned from 5 years of the GDPR
Lawful Bases, Marketing, Principles of GDPR, Special Category DataIt’s been five years since the General Data Protection Regulation (GDPR) came into force – one of the toughest pieces of privacy legislation in the world. […]
Marketing to businesses: what you need to know
Lawful Bases, Marketing, Principles of GDPR, Special Category DataIn an ever-increasing digital age, data has become an invaluable asset. This will particularly resonate if your organisation partakes in business-to-business (B2B) marketing. As a B2B […]
Marketing to private individuals: What you need to know
Lawful Bases, Marketing, Principles of GDPR, Special Category DataIf you or your organisation send out promotional material directly to individuals, chances are, you rely heavily on direct marketing to attract and target customers, ultimately […]
Happy 5th Birthday: GDPR (General Data Protection Regulation)
Data Protection OfficerThe General Data Protection Regulation (GDPR) celebrates its fifth birthday this month, and what a half-decade it has been for organisations. During these past five years, […]
The role of a DPO: Dismissal and conflicts of interests
Data Protection OfficerThe GDPR requires both controllers and processors to appoint a Data Protection Officer (DPO) if they meet one of three criteria set out in Article 37 […]
The DP Index results: Stability in uncertain times?
Marketing, Principles of GDPRThe first UK Data Protection Index (DP Index) report of 2023 was recently published. Since 2020, the DP Index has surveyed a panel of over 550 […]
An insight into American data protection laws
Data Sharing, International data transfersThe globe has never been as interconnected as it is right now. With the significant development of technology over recent years, the way we process and […]
FOI vs DSAR: What’s the difference?
DSARsAt The DPO Centre, we are very fortunate to be able to work with a wide range of organisations, some of whom are considered public bodies. […]
CJEU Decision: Data subjects have the right to know who has received their personal data
Data Protection Impact Assessment (DPIA), EU/UK Representation Services, Official Guidance, Principles of GDPRIn January 2023, the Court of Justice of the European Union (CJEU) in Case C-154/21, reached the decision that “every person has the right to know […]
What is electronic marketing: Everything you need to know
MarketingElectronic marketing, or e-marketing, is a type of advertising that includes marketing activities conducted by an organisation online using the Internet and online based digital technologies […]
Charity FAQs – How does GDPR relate to my organisation?
Data Protection Officer, DSARs, Lawful Bases, Principles of GDPR, Special Category Data, Staff Training & AwarenessData protection laws and regulations are applicable to all organisations regardless of sector, from finance to healthcare. These laws and regulations also apply to charities and […]
International Data Transfers: What does the UK guidance mean
Data Sharing, International data transfers, Policies & DocumentationIn February 2022, the Secretary of State for Digital, Culture, Media and Sport (DCMS) laid out the proposed international data transfer agreement (IDTA) before Parliament. Alongside […]
DP Index results: A year in review
Data Protection Officer2022, what a year it has been for data protection in the UK. There has been domestic economic and political uncertainty, including three separate Prime Ministers […]
The Digital Markets Act and GDPR – Considerations for ‘gatekeepers’
Marketing, Official GuidanceAfter its initial proposal in December 2020, the landmark European Digital Markets Act (DMA) has entered into force on the 1st of November 2022. This new […]
What is the European Health Data Space and what does it mean for your organisation?
Clinical Trials, Data Sharing, Policies & DocumentationIt is no secret that the European Union (EU) is working hard to ensure that the EU remains one of the top innovators and commercially prosperous […]
Is outsourcing the solution to data protection compliance during a downturn?
Data Protection OfficerIf you’ve been keeping up with the news over the last few months, you have likely heard the terms ‘recession’, ‘energy crisis’ and ‘cost of living […]
Google Analytics 4 doesn’t have to be scary – here’s what you need to know
Data Sharing, Principles of GDPRCountless organisations have for many years been using Google Analytics (GA) to provide visitor usage statistics for their websites. GA enables website owners to monitor users’ […]
Biden signs Executive Order to implement the EU-US Data Privacy Framework
Official Guidance, Policies & DocumentationOn Friday 7th October, US President Joe Biden signed an Executive Order relating to Enhancing Safeguards for United States Signals Intelligence Activities. The Executive Order directs […]
What is Privacy by Design?
Privacy by DesignIf you have any familiarity with the GDPR and data protection, you’ve probably heard the term Privacy by Design or Privacy by Default. Privacy by Design […]
DP Index results: UK DPOs indicate that a ‘senior responsible individual’ will not be in the best interest of data subjects
Data Protection OfficerThe latest report from the UK Data Protection Index has just been published and one of the many key takeaways is that privacy professionals across the […]
Clinical trials: Ensuring there is no ‘trial and error’ for sponsors when it comes to data protection
Clinical Trials, Data Sharing, EU/UK Representation Services, Lawful BasesClinical trials have been at the forefront of many peoples’ minds recently due to the COVID-19 pandemic, and the vaccination trials that were completed in record […]
The do’s and don’ts of processing biometric data
AI, Lawful Bases, Principles of GDPRThe use of biometric data has become firmly cemented into our everyday lives – from unlocking mobile phones and laptops to accessing online banking and even […]
DBS checks: how to stay compliant with the UK GDPR
Lawful Bases, Official Guidance, Principles of GDPRIf you asked a series of people whether they would prefer to hire a financial accountant who had previously committed fraud, or employ a financial accountant […]
The DPO Centre Answers – DSAR FAQs
Data Protection Officer, DSARsOver the last six months, we have hosted a series of webinars centred around providing helpful advice on dealing with some of the most complex types […]
Future Global Data Protection Laws – What Can We Expect?
Policies & DocumentationIn the latest UK Data Protection Index report, it was revealed that the majority of privacy professionals do not feel confident advising their organisations on data […]
DCMS consultation response – greater clarity or mass uncertainty?
Data Protection Officer, DSARs, Global data protection news, Official GuidanceBack in November, we posted a blog discussing the UK’s Department for Digital, Culture, Media and Sport’s (DCMS) recently published consultation entitled “Data: a new direction”. […]
Data breaches – prevention is better than cure
Data Breach, Data Security & EncryptionSerious data breaches can be extremely costly for organisations when they occur. Despite this, we find that many businesses are unprepared for dealing with such an […]
Happy Birthday GDPR: Looking into the Future Technology and Global Privacy
AI, Principles of GDPRWith the EU GDPR turning four years old this week, we thought it was only fitting to talk about what the next four years could look […]
Top 5 DSAR Challenges and How To Deal With Them
DSARs, Special Category DataAt The DPO Centre, we are working hard to reduce the difficulties associated with even the most complex of Data Subject Access Requests (DSARs), whether that […]
Website cookies – past, present and future
Data Sharing, MarketingWhen it comes to consumer tracking and data protection, there is one word that often springs to mind: Cookies. Thanks to PECR (the Privacy and Electronic […]
AI and Article 22: The need for meaningful human review
AIWhen it comes to decision making, AI can assist a human in making decisions, or it can be used to make decisions completely independently without human […]
Vendor due diligence – what you need to consider
Data Security & Encryption, Data SharingThe latest UK Data Protection Index report, produced jointly by The DPO Centre and Data Protection World Forum (DPWF) and based on a quarterly survey of […]
Bcc Vs Cc – Bulk email practices explained
Data Breach, MarketingBack in 2021, HIV Scotland (a charity supporting people diagnosed with HIV and AIDS) was fined £10,000 due to a data breach in which 105 people’s […]
Discrimination and AI: ensuring fairness in data
AI, Special Category DataIn the first of our AI blog mini-series, we mentioned the importance of ensuring that AI systems’ machine learning (ML) algorithms are not subject to intentional, […]
Password management – why ‘password’ shouldn’t be your password
Data Security & Encryption, Policies & DocumentationIn November 2021, France’s Supervisory Authority, the Commission national de l’informatique et des libertes (CNIL), published its draft recommendation on password management, which was open to […]
How does corporate structure affect GDPR compliance?
Data Sharing, Policies & DocumentationThe question that we at the DPO Centre spend a lot of our time answering for our clients, in one way or another, is “How does […]
AI and the right to an explanation
AIIn our first AI blog, we briefly discussed the right of data subjects to be informed of how their personal data is being processed and for […]
Vaccine passports and the UK GDPR
Data Protection Impact Assessment (DPIA), Special Category DataDisclaimer: The advice given here was accurate at the time of publication based on UK government guidance. It is recommended that you regularly check and stay […]
Brexit – a year in review
AdequacyWith 2021 coming to a close and the advent of the UK formally leaving the EU upon us, we can look back over the past year […]
DPIAs – The DPO Centre ‘how to’ guide
Data Protection Impact Assessment (DPIA)According to research published in the latest UK Data Protection Index report, Data Protection Impact Assessments, otherwise known as DPIAs, are the things that are consuming […]
Hiring a Data Protection Officer – internal vs outsourced
Data Protection OfficerWhilst the role of the Data Protection Officer (DPO) has been around since the 1990s, the GDPR represents the first time that appointing a DPO has […]
DPIAs and AIAs: The AI data controller’s best friends
AI, Data Protection Impact Assessment (DPIA)In the first of our AI blog mini-series, we mentioned that Data Protection Impact Assessments (DPIAs) and Algorithm Impact Assessments (AIAs) will likely become a data […]
DCMS Consultation – The five things you need to know
Global data protection newsIn September, the Department for Digital, Culture, Media and Sport (DCMS) launched a consultation on the future of UK Data Protection Law. The consultation document proposes […]
UK Data Protection Index results reveal drop in DPOs’ compliance confidence
Data Protection OfficerThe latest report from the UK Data Protection Index was published last month, and it seems that DPOs are feeling rather pessimistic. Each quarter, the Index […]
Five key considerations for the use of AI
AI, Privacy by DesignA survey conducted by the Department for Digital, Culture, Media and Sport (DCMS) has found that many businesses now see AI as an ‘emerging technology’. Of the organisations that responded, 27% stated that they […]
GDPR for marketing – The DPO’s guide 2021
MarketingWith the COVID-19 pandemic creating increased distance between businesses and their customers, direct marketing is being relied upon more than ever to cultivate profitable B2B and […]
Third party DSAR portals – good or bad?
DSARsWhilst the results from the latest UK Data Protection Index, published in June, indicated that the number of Data Subject Access Requests (DSARs) companies received each […]
Is digital data protection training enough?
Staff Training & AwarenessIn July this year, the Information Commissioner’s Office (ICO) fined Mermaids, a charity offering help and guidance to transgender children, £25,000 for a breach that left […]
The Data Protection Act 2018 – the 7 principles of the GDPR
Principles of GDPRThe General Data Protection Regulation’s (GDPR) 7 principles enshrined in Article 5 form the foundation of the UK and EU versions of the data protection law. […]
Data Retention – The big privacy headache
Data RetentionBack in April, following the publication of the UK Data Protection Index’s fourth report, we wrote a blog about the perils of International Data Transfers and […]
The Do’s and Don’ts of monitoring employees using CCTV
Data Protection Impact Assessment (DPIA)Following recent events, involving closed-circuit television (CCTV) footage capturing a certain ex-Health Secretary and his aide being leaked to the press, resulting in red faces all […]
ICO’s Age-appropriate Design Code – 2 months to comply
Age Appropriate Design CodeWith just over two months left until the ICO’s (Information Commissioner’s Office) Age-appropriate Design Code comes into force, this blog gives you a round-up of who […]
Soft Opt-what? Soft Opt-in for direct marketing
MarketingPECR – four letters that are the bane of some marketers’ lives. The Privacy and Electronic Communications Regulations (PECR), as the name would suggest, control businesses’ use of electronic […]
A Point of View: Do Processors have to appoint an EU/UK GDPR Representative?
EU/UK Representation ServicesWhen faced with a data protection related quandary, most people turn to the web for an answer to their dilemma; scouring legislation, supervisory authority guidance, or […]
Data Protection – another year in review
AdequacyIt is safe to say that the past year has been an eventful one. So, with the GDPR’s third anniversary just around the corner, we decided […]
EU proposes new AI regulation – The DPO Centre run down
AITurns out, the rumours are true – the EU is in the process of developing a way to regulate the use of Artificial Intelligence (AI). Late […]
Is ISO 27001 a silver bullet for GDPR compliance?
Data Protection OfficerThe name Doorstep Dispensaree became ingrained in the memory of every UK data protection aficionado in December 2019 when the ICO slapped the London-based pharmacy with […]
International data transfers – a DPO’s worst nightmare?
Data Protection Officer, Data SharingEver wondered what a Data Protection Officer’s (DPO) worst nightmare is? Well, according to the latest report from the UK Data Protection Index, it might be […]
EU/UK Representative v Data Protection Officer – What’s The Difference?
Data Protection Officer, EU/UK Representation ServicesSince the UK left the EU, many companies that were not previously required to do so, are now having to appoint either an EU or UK […]
The 5 things you need to know about data protection
Data Breach, Principles of GDPRSince 2016, when the EU General Data Protection Regulation (EU GDPR) was introduced, data protection has grown from being seen somewhat as an afterthought, to an […]
EU & UK GDPR Representation for sponsors of European clinical trials
EU/UK Representation Services, Special Category DataThe General Data Protection Regulation (GDPR) came into force in the EU on 25th May 2018 and has since been a driving force for improving data protection standards worldwide. The GDPR was […]
New EDPB guidance clarifies when you should report a data breach, sort of…
Data BreachPicture the scene: It’s 4pm on a Friday and, as the final minutes of the working day tick away, you receive a panicked call from the […]
Updated EDPB Guidance on Controllers and Processors – Part 2
Official GuidanceFollowing on from our first blog, this blog examines the second part of the EDPB’s guidance on controllers and processors. Whilst the first part provides guidance […]
What is Adequacy?
AdequacyNB: This blog was updated on 29/6/21 to reflect the EU Commission’s decision to grant the UK Adequacy. Adequacy, the word that has been on everyone’s […]
Updated EDPB Guidance on Controllers and Processors – Part 1
Official GuidanceOn 2nd September 2020, the EU Data Protection Board adopted their new guidance document on data controllers and data processors. In many ways this has been […]
The DPO Centre’s Research Results – 7 steps for handling customer data
DSARsIn 2018, the GDPR was introduced to help provide consumers with more control and transparency around how their data is used. Since then, companies have had to implement a wide range of measures, with considerable […]
ICO Accountability Framework: Part 3
Data Protection OfficerIn the third and final blog post on this topic, we consider the last four sections of the ICO’s Accountability Framework: Contracts and Data Sharing; Risks […]
ICO Accountability Framework: Part 2
Data Protection OfficerThe ICO’s Accountability Framework aims to provide organisations with some clear examples of actions that would indicate to the ICO that they were complying with the […]
ICO Accountability Framework: Part 1
Data Protection OfficerLast month, the Information Commissioner’s Office (ICO) published its Accountability Framework with a view to helping organisations better understand how to comply with the GDPR’s Accountability […]
To transfer, or not to transfer, that is the question
Data SharingIn Europe, data protection has been a fundamental human right for a long time, primarily through the right to privacy. Over the years, we have seen […]
Special categories of data and the new normal
Data Sharing“Man is a creature that can get used to anything” – Fyodor Dostoevsky. As we grow accustomed to living with Covid-19, we are witnessing a return […]
6 Considerations to making DSARs easier to process
Data SharingEven outside of the current pandemic, Data Subject Access Requests (DSARs) can seem an administrative burden on any business and a drain on the DPO’s already […]
Marketing Emails: The Fine Line Between a Service and Sales Message
Data SharingKnowing the difference between a service message and one that is marketing to your customers could save your business from ending up on the wrong side […]
GDPR Codes of Conduct and Certifications in the UK
Data SharingThe advent of the GDPR, over two years ago, brought about a raft of well documented obligations for organisations processing personal data. At the very centre […]
Video conferencing – Tips to mitigate risk
Data SharingCovid-19 has driven us back into our homes; transforming what was once a sanctuary into a place of work. Video conferencing tools have hence become essential […]
Ticktock goes the Brexit transition clock
Data SharingThe State of Play The UK formally left the EU on 31st January 2020. Since then, negotiations have been hampered by the effects of a global […]
Industry Challenge: Data Retention
Data SharingIn our recent GDPR at 2 webinar hosted by Data Protection World Forum, we asked the attendees to fill in a poll to identify what they […]
International Data Transfers
Data SharingKey Considerations for Controllers in Addressing a Complex Issue International data transfers continue to be one of the most discussed subjects in the world of privacy […]
Evolving role of the DPO – 2 years on
Data SharingIn May 2019, on the first anniversary of the GDPR, the DPO Centre held a series of presentations at seminars and events about how the DPO […]
Remote Working Considerations
Policies & Documentation, Staff Training & AwarenessThe state of play today Mike Tyson famously once said, “Everyone has a plan until they get punched in the face”, and it’s fair to say […]
Buying or selling a business? Four data protection questions to ask in M&A activity
Data SharingPersonal data is one of a company’s most valuable assets. Understanding and realising its value is an important factor in buying and selling a business. When […]
Understanding AdTech and the Privacy Concerns
Data SharingIntroduction Amongst other things, Simon McDougall, the ICO’s Executive Director of Technology and Innovation wrote the following in his recent ICO blog posted on January 17th, […]
Data Protection Tools and Software
Privacy SoftwareThe great benefits of ever improving privacy software Managing data protection is a complex activity, often involving all departments within an organisation. When building a strong […]
CCPA Overview
Global data privacy lawsThe California Consumer Privacy Act Overview The California Consumer Privacy Act (“CCPA”) entered into force on January 2020, bringing with it increased data protection obligations on […]
Cookie Consent – The DPO Centre Guidance
MarketingBackground The C-673/17 ruling by the Court of Justice of the European Union (CJEU) clarified the way in which consent for cookies (and data packets and […]
NIST Draft Privacy Framework
Data Security & Encryption, Official GuidanceOn the 6th September 2019, the USA’s National Institute of Standards and Technology (NIST) published a preliminary draft of its new privacy framework entitled ‘Privacy Framework: […]
NIS Regulations and the need for representation
Data Security & Encryption, Official GuidanceThe NIS Directive is an EU Directive that was enacted into UK law as The Network and Information Systems Regulations 2018 (NIS Regulation). The NIS focusses […]
What does a hard Brexit mean for UK companies?
Adequacy, EU/UK Representation ServicesBackground Due to recent political developments, the likelihood of the UK leaving the EU without a deal is a real possibility. Therefore, in preparation, The DPO […]
The changing role of the data protection officer
Data Protection OfficerRob Masson discusses the DPO’s changing role in a recent Podcast. Data protection officers are assuming a more strategic role that goes beyond ensuring compliance with […]
BA – A wake up call from the ICO
Data Breach, Data Security & EncryptionAt £183.4m (US$228m) or 1.5% of BA’s worldwide revenue in 2017, this fine by the UK Information Commissioner’s Office (ICO) sets a new precedent in the […]
How to Recognise Data Breaches – Reportable vs Recordable
Data Security & Encryption, Staff Training & AwarenessWe are often asked by clients how to determine whether a breach is reportable to the supervisory authority and/or a data subject or if it should […]
Data Subject Access Requests (DSARs) – 5 Essential Steps
Data Security & Encryption, DSARs, Staff Training & AwarenessData Subject Access Requests (DSARs) pose many challenges for organisations. Often, the sheer volume of requests is too much for internal resources to handle. Or the […]
GDPR – One Year On – 6 Key Lessons for Schools?
DSARs, Staff Training & AwarenessThis time last year, we were all so very concerned about May 25th and the advent of the GDPR. How was it going to change things? […]
What are the six lawful bases and when do they apply?
Principles of GDPRArticle 6 of the GDPR sets out six ‘lawful bases’ for processing personal data. At least one of these must apply in order for data to […]
What exactly is ‘personal data’?
Data Breach, Special Category DataThe General Data Protection Regulation (GDPR) has been introduced in the EU with the aim of improving the protection of personal data. Understanding whether an organisation […]
Data Subject Access Request = 4 words to fear?
DSARsSix things to consider about Data Subject Access Requests NOW under DPA 2018 (GDPR) Data Subject Access Requests (DSARs), the four words that were striking fear […]
What is the difference between the DPA 2018 and the GDPR? (and why does it matter?)
Adequacy, Principles of GDPRThe General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) have some key differences which may impact the UK’s relationship with the EU, […]
Ignore data retention at your peril!
Data RetentionThe First Mate says to the pirate, “Cap’n, I’ve destroyed all our old crew lists. All records of everyone we made walk the plank have also […]
Why you should ‘steal’ card fraud protection guidelines
Data Protection Officer, Privacy by Design12 Simple Steps About Personal Data Protection to Learn From The Payment Card Industry Financial Services is one of the most heavily regulated industries there is. […]
GDPR – What is it all about?
Principles of GDPRIn the last 20 years, the collection and processing of data has grown exponentially. The practice has been undertaken by businesses worldwide, in order to help […]
App & Gaming Developers: win user trust; protect their data
DSARs, Privacy by DesignAs a developer, you want to create the best possible app or game, for users. While the functionality and user XP might be second to none, […]
Data Breach Class Actions – how to protect your business
Data BreachThe number of organisations bracing themselves for legal battles over data breaches is increasing. In addition to the reputational damage and fines, companies like Equifax, Ticketmaster […]
Why Brexit could spell a data protection disaster
AdequacyContinued and unhindered data flows are vitally important to both the UK and EU economies. Currently, the GDPR sets the framework to allow free transfers of […]
Five reasons why you should care about the (possible) suspension of the EU-US Privacy Shield
Data Sharing, International data transfersWhat is the EU- US Privacy Shield? It’s a framework for transatlantic exchanges of personal data between the European Union and the US. Why do organisations […]
The 5 unavoidable ways the GDPR is now affecting your business
Principles of GDPRRegardless of size, the GDPR (and of course in the UK the DPA 2018) will impact all businesses, especially those processing large amounts of personal data […]
Binding Corporate Rules – An Improvement on Cross-Border Data Transfer?
International data transfersThe position under the General Data Protection Regulation (GDPR) relating to cross-border transfer rules on personal data is similar to that under the 1995 Data Protection […]
How data compliance impacts social media management: A note to Facebook fan page owners
Privacy by DesignA majority of businesses have some sort of social media platform which they use to interact and engage with customers and clients – and social media […]
Respect, Protect, Direct: What GDPR means to your customers
Principles of GDPR, Privacy by DesignThe latest research from a global study conducted by Veritas Technologies, has revealed that UK consumers have little trust in organisations to safeguard their own personal […]
Do I need a Data Protection Officer to comply with GDPR? Misconceptions Solved
Data Protection OfficerHere’s the big belief many people have – GDPR is just another set of regulations that won’t be enforced. The truth is if you aren’t keeping […]
8 good reasons why you need a Data Protection Officer
Data Protection OfficerLet’s clear one thing up straight away – when we talk about a Data Protection Officer, or DPO, it is the role that is important, so […]