Third party DSAR portals – good or bad?
Data Protection, DSARs, GDPRWhilst the results from the latest UK Data Protection Index, published in June, indicated that the number of Data Subject Access Requests (DSARs) companies received each […]
Is digital data protection training enough?
Data Protection, GDPR, Staff Training & AwarenessIn July this year, the Information Commissioner’s Office (ICO) fined Mermaids, a charity offering help and guidance to transgender children, £25,000 for a breach that left […]
The Data Protection Act 2018 – the 7 principles of the GDPR
Data Protection, GDPRThe General Data Protection Regulation’s (GDPR) 7 principles enshrined in Article 5 form the foundation of the UK and EU versions of the data protection law. […]
Data Retention – The big privacy headache
Data Protection, GDPRBack in April, following the publication of the UK Data Protection Index’s fourth report, we wrote a blog about the perils of International Data Transfers and […]
The Do’s and Don’ts of monitoring employees using CCTV
Data Protection, GDPRFollowing recent events, involving closed-circuit television (CCTV) footage capturing a certain ex-Health Secretary and his aide being leaked to the press, resulting in red faces all […]
ICO’s Age-appropriate Design Code – 2 months to comply
Age Appropriate Design Code, Data ProtectionWith just over two months left until the ICO’s (Information Commissioner’s Office) Age-appropriate Design Code comes into force, this blog gives you a round-up of who […]
Soft Opt-what? Soft Opt-in for direct marketing
Data Protection, Marketing ConsentPECR – four letters that are the bane of some marketers’ lives. The Privacy and Electronic Communications Regulations (PECR), as the name would suggest, control businesses’ use of electronic […]
A Point of View: Do Processors have to appoint an EU/UK GDPR Representative?
Data Protection, EU Representation Services, UK Representation ServicesWhen faced with a data protection related quandary, most people turn to the web for an answer to their dilemma; scouring legislation, supervisory authority guidance, or […]
Data Protection – another year in review
Adequacy, Data ProtectionIt is safe to say that the past year has been an eventful one. So, with the GDPR’s third anniversary just around the corner, we decided […]
EU proposes new AI regulation – The DPO Centre run down
Data ProtectionTurns out, the rumours are true – the EU is in the process of developing a way to regulate the use of Artificial Intelligence (AI). Late […]
Is ISO 27001 a silver bullet for GDPR compliance?
Data Protection, Data Protection Officer, GDPRThe name Doorstep Dispensaree became ingrained in the memory of every UK data protection aficionado in December 2019 when the ICO slapped the London-based pharmacy with […]
International data transfers – a DPO’s worst nightmare?
Data Protection, Data Protection Officer, Data SharingEver wondered what a Data Protection Officer’s (DPO) worst nightmare is? Well, according to the latest report from the UK Data Protection Index, it might be […]
EU/UK Representative v Data Protection Officer – What’s The Difference?
Data Protection, Data Protection Officer, EU Representation Services, GDPR, UK Representation ServicesSince the UK left the EU, many companies that were not previously required to do so, are now having to appoint either an EU or UK […]
The 5 things you need to know about data protection
Data Breach, Data Discovery, Data Protection, GDPRSince 2016, when the EU General Data Protection Regulation (EU GDPR) was introduced, data protection has grown from being seen somewhat as an afterthought, to an […]
EU & UK GDPR Representation for sponsors of European clinical trials
Data Protection, EU Representation Services, GDPR, Special Category Data, UK Representation ServicesThe General Data Protection Regulation (GDPR) came into force in the EU on 25th May 2018 and has since been a driving force for improving data protection standards worldwide. The GDPR was […]
New EDPB guidance clarifies when you should report a data breach, sort of…
Data Breach, Data Protection, GDPRPicture the scene: It’s 4pm on a Friday and, as the final minutes of the working day tick away, you receive a panicked call from the […]
Updated EDPB Guidance on Controllers and Processors – Part 2
Data Protection, GDPRFollowing on from our first blog, this blog examines the second part of the EDPB’s guidance on controllers and processors. Whilst the first part provides guidance […]
What is Adequacy?
Adequacy, Data Protection, GDPRNB: This blog was updated on 29/6/21 to reflect the EU Commission’s decision to grant the UK Adequacy. Adequacy, the word that has been on everyone’s […]
Updated EDPB Guidance on Controllers and Processors – Part 1
Data Protection, GDPROn 2nd September 2020, the EU Data Protection Board adopted their new guidance document on data controllers and data processors. In many ways this has been […]
The DPO Centre’s Research Results – 7 steps for handling customer data
Data Protection, DSARs, GDPRIn 2018, the GDPR was introduced to help provide consumers with more control and transparency around how their data is used. Since then, companies have had to implement a wide range of measures, with considerable […]
ICO Accountability Framework: Part 3
Data Protection, Data Protection Officer, GDPRIn the third and final blog post on this topic, we consider the last four sections of the ICO’s Accountability Framework: Contracts and Data Sharing; Risks […]
ICO Accountability Framework: Part 2
Data Protection, Data Protection Officer, GDPRThe ICO’s Accountability Framework aims to provide organisations with some clear examples of actions that would indicate to the ICO that they were complying with the […]
ICO Accountability Framework: Part 1
Data Protection, Data Protection Officer, GDPRLast month, the Information Commissioner’s Office (ICO) published its Accountability Framework with a view to helping organisations better understand how to comply with the GDPR’s Accountability […]
To transfer, or not to transfer, that is the question
Data Protection, Data Sharing, GDPRIn Europe, data protection has been a fundamental human right for a long time, primarily through the right to privacy. Over the years, we have seen […]
Special categories of data and the new normal
Data Protection, Data Sharing, GDPR“Man is a creature that can get used to anything” – Fyodor Dostoevsky. As we grow accustomed to living with Covid-19, we are witnessing a return […]
6 Considerations to making DSARs easier to process
Data Protection, Data Sharing, GDPREven outside of the current pandemic, Data Subject Access Requests (DSARs) can seem an administrative burden on any business and a drain on the DPO’s already […]
Marketing Emails: The Fine Line Between a Service and Sales Message
Data Protection, Data Sharing, GDPRKnowing the difference between a service message and one that is marketing to your customers could save your business from ending up on the wrong side […]
GDPR Codes of Conduct and Certifications in the UK
Data Protection, Data Sharing, GDPRThe advent of the GDPR, over two years ago, brought about a raft of well documented obligations for organisations processing personal data. At the very centre […]
Video conferencing – Tips to mitigate risk
Data Protection, Data Sharing, GDPRCovid-19 has driven us back into our homes; transforming what was once a sanctuary into a place of work. Video conferencing tools have hence become essential […]
Ticktock goes the Brexit transition clock
Data Protection, Data Sharing, GDPRThe State of Play The UK formally left the EU on 31st January 2020. Since then, negotiations have been hampered by the effects of a global […]
Industry Challenge: Data Retention
Data Protection, Data Sharing, GDPRIn our recent GDPR at 2 webinar hosted by Data Protection World Forum, we asked the attendees to fill in a poll to identify what they […]
International Data Transfers
Data Protection, Data Sharing, GDPRKey Considerations for Controllers in Addressing a Complex Issue International data transfers continue to be one of the most discussed subjects in the world of privacy […]
Evolving role of the DPO – 2 years on
Data Protection, Data Sharing, GDPRIn May 2019, on the first anniversary of the GDPR, the DPO Centre held a series of presentations at seminars and events about how the DPO […]
Remote Working Considerations
Data Protection, GDPR, Policies & Documentation, Staff Training & AwarenessThe state of play today Mike Tyson famously once said, “Everyone has a plan until they get punched in the face”, and it’s fair to say […]
Buying or selling a business? Four data protection questions to ask in M&A activity
Data Protection, Data Sharing, GDPRPersonal data is one of a company’s most valuable assets. Understanding and realising its value is an important factor in buying and selling a business. When […]
Understanding AdTech and the Privacy Concerns
Data Protection, Data Sharing, GDPRIntroduction Amongst other things, Simon McDougall, the ICO’s Executive Director of Technology and Innovation wrote the following in his recent ICO blog posted on January 17th, […]
Data Protection Tools and Software
Data Discovery, Data Protection Impact Assessment (DPIA), Policies & Documentation, Privacy SoftwareThe great benefits of ever improving privacy software Managing data protection is a complex activity, often involving all departments within an organisation. When building a strong […]
CCPA Overview
International lawThe California Consumer Privacy Act Overview The California Consumer Privacy Act (“CCPA”) entered into force on January 2020, bringing with it increased data protection obligations on […]
Cookie Consent – The DPO Centre Guidance
GDPRBackground The C-673/17 ruling by the Court of Justice of the European Union (CJEU) clarified the way in which consent for cookies (and data packets and […]
NIST Draft Privacy Framework
Data Security & Encryption, GDPR, data breach, data class action, data protectionOn the 6th September 2019, the USA’s National Institute of Standards and Technology (NIST) published a preliminary draft of its new privacy framework entitled ‘Privacy Framework: […]
NIS Regulations and the need for representation
Data Security & Encryption, GDPR, data breach, data class action, data protectionThe NIS Directive is an EU Directive that was enacted into UK law as The Network and Information Systems Regulations 2018 (NIS Regulation). The NIS focusses […]
What does a hard Brexit mean for UK companies?
Data Security & Encryption, GDPR, data breach, data class action, data protectionBackground Due to recent political developments, the likelihood of the UK leaving the EU without a deal is a real possibility. Therefore, in preparation, The DPO […]
The changing role of the data protection officer
Data Security & Encryption, GDPR, data breach, data class action, data protectionRob Masson discusses the DPO’s changing role in a recent Podcast. Data protection officers are assuming a more strategic role that goes beyond ensuring compliance with […]
BA – A wake up call from the ICO
Data Security & Encryption, GDPR, data breach, data class action, data protectionAt £183.4m (US$228m) or 1.5% of BA’s worldwide revenue in 2017, this fine by the UK Information Commissioner’s Office (ICO) sets a new precedent in the […]
How to Recognise Data Breaches – Reportable vs Recordable
Data Security & Encryption, GDPR, Staff Training & Awareness, data breach, data class action, data protectionWe are often asked by clients how to determine whether a breach is reportable to the supervisory authority and/or a data subject or if it should […]
Data Subject Access Requests (DSARs) – 5 Essential Steps
Data Security & Encryption, GDPR, Staff Training & Awareness, data breach, data class action, data protectionOur December 2018 blog post entitled “Data Subject Access Request = 4 words to fear?”, explained the need for a robust and efficient process for responding […]
GDPR – One Year On – 6 Key Lessons for Schools?
Data Protection Officer, Data Security & Encryption, GDPR, Staff Training & Awareness, data breach, data class action, data protectionThis time last year, we were all so very concerned about May 25th and the advent of the GDPR. How was it going to change things? […]
What are the six lawful bases and when do they apply?
Data Protection, GDPR, data breach, data class action, data protectionArticle 6 of the GDPR sets out six ‘lawful bases’ for processing personal data. At least one of these must apply in order for data to […]
What exactly is ‘personal data’?
Data Protection, data breach, data class action, data protectionThe General Data Protection Regulation (GDPR) has been introduced in the EU with the aim of improving the protection of personal data. Understanding whether an organisation […]
Data Subject Access Request = 4 words to fear?
Data Protection, GDPR, data breach, data class action, data protectionSix things to consider about Data Subject Access Requests NOW under DPA 2018 (GDPR) Data Subject Access Requests (DSARs), the four words that were striking fear […]
What is the difference between the DPA 2018 and the GDPR? (and why does it matter?)
Data Protection, data breach, data class action, data protectionThe General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) have some key differences which may impact the UK’s relationship with the EU, […]
Ignore data retention at your peril!
Data Protection, GDPR, data breach, data class action, data protectionThe First Mate says to the pirate, “Cap’n, I’ve destroyed all our old crew lists. All records of everyone we made walk the plank have also […]
Why you should ‘steal’ card fraud protection guidelines
Data Protection, Data Protection Officer, card fraud, data protection, data protection guidelines, DPO, eprivacy, fraud, fraud protection, GDPR12 Simple Steps About Personal Data Protection to Learn From The Payment Card Industry Financial Services is one of the most heavily regulated industries there is. […]
GDPR – What is it all about?
Data Protection, data breach, data class action, data protectionIn the last 20 years, the collection and processing of data has grown exponentially. The practice has been undertaken by businesses worldwide, in order to help […]
App & Gaming Developers: win user trust; protect their data
GDPR, Cookies, data protection, developers, GDPR, privacyAs a developer, you want to create the best possible app or game, for users. While the functionality and user XP might be second to none, […]
Data Breach Class Actions – how to protect your business
Data Protection, data breach, data class action, data protectionThe number of organisations bracing themselves for legal battles over data breaches is increasing. In addition to the reputational damage and fines, companies like Equifax, Ticketmaster […]
Why Brexit could spell a data protection disaster
GDPR, Adequacy, Brexit, GDPRContinued and unhindered data flows are vitally important to both the UK and EU economies. Currently, the GDPR sets the framework to allow free transfers of […]
Five reasons why you should care about the (possible) suspension of the EU-US Privacy Shield
US Privacy Shield, US Privacy ShieldWhat is the EU- US Privacy Shield? It’s a framework for transatlantic exchanges of personal data between the European Union and the US. Why do organisations […]
The 5 unavoidable ways the GDPR is now affecting your business
GDPRRegardless of size, the GDPR (and of course in the UK the DPA 2018) will impact all businesses, especially those processing large amounts of personal data […]
Binding Corporate Rules – An Improvement on Cross-Border Data Transfer?
Data Protection, Binding corporate rules, GDPRThe position under the General Data Protection Regulation (GDPR) relating to cross-border transfer rules on personal data is similar to that under the 1995 Data Protection […]
How data compliance impacts social media management: A note to Facebook fan page owners
Data Protection, Social media data protectionA majority of businesses have some sort of social media platform which they use to interact and engage with customers and clients – and social media […]
Respect, Protect, Direct: What GDPR means to your customers
Data Protection, Data Protection Officer, GDPR, GDPR and customersThe latest research from a global study conducted by Veritas Technologies, has revealed that UK consumers have little trust in organisations to safeguard their own personal […]
Do I need a Data Protection Officer to comply with GDPR? Misconceptions Solved
Data Protection OfficerHere’s the big belief many people have – GDPR is just another set of regulations that won’t be enforced. The truth is if you aren’t keeping […]
8 good reasons why you need a Data Protection Officer
Data Protection OfficerLet’s clear one thing up straight away – when we talk about a Data Protection Officer, or DPO, it is the role that is important, so […]
