Time limits for responding to a Data Subject Request

The data controller needs to provide a reply to all requests relating to subject rights within one month from receipt. This can be extended by two months where the request is complex, or you receive several requests from the same applicant. If this is the case, the Data Subject will be informed of the delay […]

Read more
Data Subject Request

A data subject is any person whose personal data is being collected, held or processed. Personal data can refer to anything from name, address or posts on social media. As a result, anyone becomes at some point a data subject – whether they are applying for a job, booking a flight, using their credit card […]

Read more
YOUR EMPLOYEES’ PRIVACY MUST BE PROTECTED

It is not only an organisation’s clients that are protected under the General Data Protection Regulation (GDPR), but employees as well. The new law aims to strengthen people’s rights to privacy and protect their personal data. This does not just apply to people opting into the company’s online marketing campaigns, but rather everyone involved with […]

Read more
Employee Awareness and Training

It is vital that each and every employee is aware of the GDPR protocols and are trained to handle the data they receive within the appropriate manner. As an employer, you can help your employees comply with the new regulation and protect against breaches by developing a comprehensive communication and training strategy. In fact, the […]

Read more
Your employees are in the frontline of GDPR compliance

Employees represent a significant risk factor to data security within organisations, not just maliciously but accidentally. According to data security statistics provided by ICO, the highest number of security breaches reported for the financial year 2017-2018 were incidents where employees had sent an email to an incorrect recipient. The second most reported incidents involved data […]

Read more
Individual Rights

The GDPR provides the following rights for individuals: The right to be informed The right of access The right to rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights in relation to automated decision making and profiling.

Read more
6 Key Questions to Ask for GDPR

What data do we collect and manage? Why do we collect this data? How do we source this data? What is our legal basis for holding this data? How do we minimise risk for people whose data we hold? How do we secure this data?  

Read more
Legitimate Interests – Checklist

Legitimate Interests ☐ We have checked that legitimate interests is the most appropriate basis. ☐ We understand our responsibility to protect the individual’s interests. ☐ We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision. ☐ We have identified the relevant legitimate interests. […]

Read more
Six Data Protection Principles

Six data protection principles will require that personal data should be: processed in a fair, lawful and transparent manner collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes adequate, relevant and limited to what is necessary accurate and where necessary kept up to date […]

Read more
GDPR Checklist for Local Authorities

The General Data Protection Regulation (“GDPR”), which comes into force on 25 May 2018, will replace the Data Protection Act 1998. The ICO has published the results from its Local Government Information Governance Survey, together with guidance on the steps that local councils should take in order to ready themselves for the GDPR. With the […]

Read more