Time limits for responding to a Data Subject Request

The data controller needs to provide a reply to all requests relating to subject rights within one month from receipt. This can be extended by two months where the request is complex, or you receive several requests from the same applicant. If this is the case, the Data Subject will be informed of the delay […]

Read more
Data Subject Request

A data subject is any person whose personal data is being collected, held or processed. Personal data can refer to anything from name, address or posts on social media. As a result, anyone becomes at some point a data subject – whether they are applying for a job, booking a flight, using their credit card […]

Read more
YOUR EMPLOYEES’ PRIVACY MUST BE PROTECTED

It is not only an organisation’s clients that are protected under the General Data Protection Regulation (GDPR), but employees as well. The new law aims to strengthen people’s rights to privacy and protect their personal data. This does not just apply to people opting into the company’s online marketing campaigns, but rather everyone involved with […]

Read more
Employee Awareness and Training

It is vital that each and every employee is aware of the GDPR protocols and are trained to handle the data they receive within the appropriate manner. As an employer, you can help your employees comply with the new regulation and protect against breaches by developing a comprehensive communication and training strategy. In fact, the […]

Read more
Your employees are in the frontline of GDPR compliance

Employees represent a significant risk factor to data security within organisations, not just maliciously but accidentally. According to data security statistics provided by ICO, the highest number of security breaches reported for the financial year 2017-2018 were incidents where employees had sent an email to an incorrect recipient. The second most reported incidents involved data […]

Read more
Retention Policies

Creating a records retention policy The records retention policy dictates how long a record should be stored before it is destroyed. To develop an effective policy, your company must have a thorough understanding of the records that it stores across all formats, including paper documents, electronic files, telephone call records and social media.

Read more
Caldicott Principles – A Precursor to GDPR

The Caldicott Committee’s Report on the Review of Patient-Identifiable Information, usually referred to as the Caldicott Report was a review commissioned in 1997 by the Chief Medical Officer of England due to increasing worries concerning the use of patient information in the National Health Service (NHS) in England and Wales and the need to avoid […]

Read more