What a DPO in the education sector can learn from the latest children and privacy report

report on children and privacy

When the GDPR came into force it introduced specific controls relating to children: If you rely on consent as the lawful basis for processing personal data when offering an online service aimed at children, then you also need parental consent for any child 12 or under (and that means you’ll need a mechanism for identifying …

Read moreWhat a DPO in the education sector can learn from the latest children and privacy report

Five problems with subject access requests and five solutions

5 ways to get subject access requests right

One of the well known individuals’ rights in the GDPR is the right of access or “subject access requests” (or “SAR”s or DSAR (data subject access request)). This is the right which allows a data subject (i.e. the person who’s data an organisation is processing) to ask an organisation whether they are processing personal data …

Read moreFive problems with subject access requests and five solutions

Guest blog: the top 12 ways to protect your data with technology

12 ways to protect your data

  This article has been written by Aden Ottewill. Aden is the Managing Director of Prodigy IT Solutions, a Dorset-based managed service provider. With over 18 years working in the IT industry, he’s provided support to hundreds of businesses, and has seen some breath-taking security breaches. Although the Prodigy team now do the fixing, he’s passionate …

Read moreGuest blog: the top 12 ways to protect your data with technology

Why accountability is important in data protection

data protection accountability and responsibility

When the GDPR came into force (almost a year ago) it introduced a new data protection principle (or rule): Accountability. The accountability principle essentially says it’s not good enough that you think you’re compliant with data protection laws, you have to prove it.  It’s spread throughout the GDPR: Documentary evidence of processing activities Contracts between …

Read moreWhy accountability is important in data protection

How are you ensuring your ongoing GDPR compliance?

ensuring your ongoing GDPR compliance

When the GDPR came into force in May 2018 it introduced the principle of accountability – the data protection rule that requires you to be able to demonstrate you’re compliant. And whilst lots of businesses put in the effort to ensure they were compliant by the May deadline, GDPR compliance didn’t stop there. Article 24 …

Read moreHow are you ensuring your ongoing GDPR compliance?

Data ethics – why data processing is about more than data protection

the rise in ai and data protection and data ethics

When we talk about the processing of data we usually think about data protection or the GDPR and how it applies to the lawful processing of the data. Of course, data protection regulation is all about the processing of personal data, data that can identify an individual, and whilst some of the complexities of data …

Read moreData ethics – why data processing is about more than data protection

Are you being asked to sign model clauses because of Brexit?

signing model clauses because of brexit

As the Brexit turmoil continues in the UK with the UK government still to agree on an appropriate way forward, EEA businesses are gearing up for a no-deal Brexit. When that comes to data protection, as we’ve discussed before, Brexit, particularly a no-deal Brexit could have implications for your businesses if you’re processing EU citizen’s data …

Read moreAre you being asked to sign model clauses because of Brexit?

Are you going to be audited by the ICO?

Could the ICO audit us

Article 58 of the GDPR gives data protection authorities (the national data protection regulators – ours is the Information Commissioner’s Office (ICO)) the power to carry out investigations in the form of compulsory data protection audits. The idea is that such audits enable the regulator to assess an organisation’s data and privacy compliance. What’s the …

Read moreAre you going to be audited by the ICO?

How Brexit could impact your data protection compliance

what brexit means to UK EU data

No matter where you sit in the Brexit debate there’s probably a good chance it will have some kind of impact on your business – and in the world of data compliance that’s no different. Believe it or not, Brexit might have an impact on your data compliance too! If you didn’t already have enough …

Read moreHow Brexit could impact your data protection compliance

When should Data Controllers be auditing their Processors?

third-party data processor due diligence checks

Whilst there has always been a responsibility on Data Controllers (those who collect and determine how personal data is processed) to ensure that their Data Processors (organisations actually doing the processing on the request of the Controller) are compliant (particularly with security) the GDPR upped the liabilities and responsibilities of both Controllers and Processors. Specifically …

Read moreWhen should Data Controllers be auditing their Processors?