Employees represent a significant risk factor to data security within organisations, not just maliciously but accidentally. According to data security statistics provided by ICO, the highest number of security breaches reported for the financial year 2017-2018 were incidents where employees had sent an email to an incorrect recipient. The second most reported incidents involved data […]
Creating a records retention policy The records retention policy dictates how long a record should be stored before it is destroyed. To develop an effective policy, your company must have a thorough understanding of the records that it stores across all formats, including paper documents, electronic files, telephone call records and social media.
The GDPR provides the following rights for individuals: The right to be informed The right of access The right to rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights in relation to automated decision making and profiling.
The Caldicott Committee’s Report on the Review of Patient-Identifiable Information, usually referred to as the Caldicott Report was a review commissioned in 1997 by the Chief Medical Officer of England due to increasing worries concerning the use of patient information in the National Health Service (NHS) in England and Wales and the need to avoid […]
What’s new under the GDPR? What is a DPIA? When do we need to do a DPIA? How do we carry out a DPIA? Do we need to consult the ICO? What’s new under the GDPR? The GDPR introduces a new obligation to do a DPIA before carrying out processing likely to result in high […]
DPIA awareness checklist ☐ We provide training so that our staff understand the need to consider a DPIA at the early stages of any plan involving personal data. ☐ Our existing policies, processes and procedures include references to DPIA requirements. ☐ We understand the types of processing that require a DPIA, and use the screening […]
At a glance A data protection impact assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. You must do a DPIA for certain listed types of processing, or any other processing that is likely to result in a high risk to individuals’ interests. You can use […]
Article 6 of the GDPR defines lawfulness of processing. It states that processing is only lawful if one of the following applies: The data subject has given consent to the processing of his or her personal data for one or more specific purposes; Processing is necessary for the performance of a contract to which the […]
Use a firewall to secure your internet connection ☐ Understand what a firewall is ☐ Understand the difference between a personal and a boundary firewall ☐ Locate the firewall which comes with your operating system and turn it on ☐ Find out if your router has a boundary firewall function. Turn it on if it […]
What data do we collect and manage? Why do we collect this data? How do we source this data? What is our legal basis for holding this data? How do we minimise risk for people whose data we hold? How do we secure this data?