About Lesley Cooley

This author has not yet filled in any details.
So far Lesley Cooley has created 111 blog entries.
25 11, 2024

GDPR Compliance: Don’t use a competitors privacy policy

One size does not fit all When it comes to GDPR compliance, too many businesses fall into the trap of copying larger competitors' privacy policies. As a GDPR compliance consultant, I recently witnessed this firsthand during a client call, where I had to stop myself from screaming "NO!" into my mug as they suggested copying a section from a major competitor's privacy policy verbatim. The Dangerous Temptation of Copy-Paste GDPR Compliance Creating a GDPR-compliant [...]

Read More
18 11, 2024

Don’t Let Data Protection Fear Paralyse Your Business Growth

The fear of data protection legislation is creating a new type of business paralysis, where companies are so worried about making a misstep that they're choosing to do nothing at all. Recently, I encountered this exact scenario with a new client who was hesitant to review their digital marketing practices simply because they weren't confident in their understanding of data protection regulations. This fear-based approach to data protection is holding businesses back from marketing [...]

Read More
11 11, 2024

GDPR Consent requirements are not your only choice

Why GDPR Consent Isn't Your Only Compliance Requirement Understanding GDPR consent requirements is a common challenge for businesses, with many organisations believing they've achieved compliance by simply adding consent forms to their processes. While these GDPR consent requirements are important, they're just one piece of the compliance puzzle. The General Data Protection Regulation actually provides several other legal bases for processing personal data that are equally valid and sometimes more appropriate than consent. Beyond [...]

Read More
4 11, 2024

GDPR Compliance: The Risks in Your IT Support Relationship

The Uncomfortable Truth About IT Providers and GDPR Businesses operate in data environments and being able to obtain IT support when something goes wrong is key to working effectively. Those IT Providers have complete access to a businesses digital assets and information. This makes it very risky when those IT providers have no awareness of their security or GDPR obligations. This happened to a client recently when we undertook a gap analysis and revealed [...]

Read More
28 10, 2024

“We’re GDPR Compliant” – The Common GDPR Compliance Mistakes UK Businesses are making

"We're GDPR Compliant" - The Common GDPR Compliance Mistakes UK Businesses are making Are you making critical GDPR compliance mistakes without realising it? Our many years of Data Protection and GDPR consulting reveals that lots of UK businesses are. Even those who think they've ticked all the compliance boxes are often shocked when they discover their mistakes. In our lengthy time providing GDPR and data protection consulting, we've encountered countless businesses who discovered they [...]

Read More
21 10, 2024

What can you put in notes?

Best practices for note-taking in organisations What can we put in notes? It's a question that organisations seek advice on regularly. The challenge with notes is they are usually free text fields and can be as long as you want which is great for flexibility, however from a data protection perspective, what is written in notes would be disclosable during a Subject Access Request process and they can frequently contain opinions (not so great). [...]

Read More
14 10, 2024

When Age Verification Goes Too Far: A GDPR Perspective

When Age Verification Goes Too Far: A GDPR Perspective In the world of online shopping, we've all become accustomed to filling out forms and providing personal information. But when does data collection cross the line from necessary to excessive? A recent experience, shopping for my daughter's birthday present, highlighted this issue and got me thinking about GDPR compliance and consumer rights. The 26-Year-Old Shopper (Or Am I?) Picture this: I'm browsing a well-known retailer's [...]

Read More
7 10, 2024

GDPR’s Impact on AI and Machine Learning

GDPR's Impact on AI and Machine Learning: Navigating Compliance Challenges Since its inception, the General Data Protection Regulation (GDPR) has reshaped the landscape of data privacy across Europe and beyond. As AI and machine learning technologies continue to evolve, organisations must navigate the complex interplay between innovation and compliance. GDPR's Impact on the use of AI is broad and multifaceted. In this blog post, we delve into the challenges of implementing AI while maintaining [...]

Read More
30 09, 2024

Why should I do a Record of Processing Activities (ROPA)?

Why should I do a Record of Processing Activities (ROPA)? In the complex landscape of modern business, data has emerged as a critical asset. Yet, many organisations are unaware of what data they hold and the purposes they have retained it. The key to unlocking this value? A comprehensive data audit or Record of Processing Activities. GDPR requires larger organisations to undertake an audit of the data they hold, the purposes it's used for, [...]

Read More
23 09, 2024

The Need for GDPR Privacy Notices

The need for GDPR privacy notices at every collection point is an essential way that you can demonstrate transparency and define how data will be used. Data is constantly being collected - often without the individuals full awareness. From browsing websites to using mobile apps, personal information is gathered, stored, and analysed by countless organisations. This makes it more important than ever to have clear privacy notices at all points where data is collected. [...]

Read More
16 09, 2024

GDPR Compliance in the use of AI: A Wake-Up Call for Businesses

The data protection environment needs to be able to respond to new technologies and security concerns that may come with their use. Despite the General Data Protection Regulation (GDPR) being in effect for over six years, many organisations still struggle to maintain a mature compliance framework. This week, I had the opportunity to meet with three clients to discuss their GDPR progress and we discussed their use of AI technologies. The AI Blindspot One [...]

Read More
9 09, 2024

Maintaining Confidentiality: A Crucial Aspect of GDPR Compliance

Maintaining Confidentiality: A Crucial Aspect of GDPR Compliance Protecting the personal information in an organisation is more important than ever. The General Data Protection Regulation (GDPR) sets strict standards for how organisations handle and protect personal information. One key aspect of GDPR compliance is maintaining the confidentiality of information. The Importance of Staff Training Your employees are on the front lines of data protection. Without proper training, even well-intentioned staff members can inadvertently compromise [...]

Read More
2 09, 2024

GDPR and Employee Privacy: Balancing Employer Obligations and Employee Rights

GDPR and Employee Privacy: Balancing Employer Obligations and Employee Rights The General Data Protection Regulation (GDPR) has reshaped how organisations handle personal data, including that of their employees. Employers must navigate the delicate balance between monitoring and collecting data for legitimate business purposes and respecting the privacy rights of their employees. This blog post explores the implications of GDPR on employee monitoring and data collection, best practices for maintaining this balance and how to [...]

Read More
26 08, 2024

Data Protection Roles Under GDPR: What You Need to Know

Data Protection Roles Under GDPR: What You Need to Know. One of the key things to understand to be able to comply with your data protection obligations is what is your data protection role. Your role will dictate your responsibility for data protection compliance. Data Controller The data controller determines the purposes and means of processing personal information. They decide what to collect, how it will be used, how long it will be stored, [...]

Read More
19 08, 2024

Data Breaches and GDPR: What You Need to Know

Data Breaches and GDPR: What You Need to Know Data breaches are a nightmare for any organisation, but under GDPR, they can become even more challenging. This post will explain what a data breach is, your obligations under GDPR, and best practices for prevention and response to safeguard your business. What is a Data Breach? Under GDPR, a data breach is defined as a security incident leading to the accidental or unlawful destruction, loss, [...]

Read More
12 08, 2024

Understanding Soft Opt-In for GDPR Compliance: A Guide for Marketing

Understanding Soft Opt-In for GDPR Compliance: A Guide for Marketing With all the data protection requirements and understanding lawful basis, marketers must navigate complex privacy legislation to ensure their marketing aligns with legal requirements. One such topic that's particularly relevant for email marketing is the "soft opt-in." This blog post will explore what soft opt-in means under the General Data Protection Regulation (GDPR) and how businesses can use it effectively. What is the Soft [...]

Read More
5 08, 2024

Data Sharing Agreements

Data Sharing Agreements: Enabling Collaboration While Protecting Information Data sharing agreements are essential tools when organisations want to share personal information. A Data Sharing Agreement is a legal contract that sets out the responsibilities of the partners involved in the data sharing. The terms set out how data can be accessed, used, protected and retained when shared between parties. Whether you're a business partnering with vendors, a researcher collaborating across clients, or a membership [...]

Read More
22 07, 2024

Data Classification – Why it is important

Data Classification: Why it is important Not all business data is created equal. Some information is more valuable—and more sensitive—than others. This is where data classification becomes important. It helps separate the low risk information from the highly sensitive and confidential. What is Data Classification? Data classification is the process of categorising business information based on its level of sensitivity and the impact to the organisation should that data be disclosed, altered, or destroyed [...]

Read More
15 07, 2024

Where Is Your Data and Why it is important to know where it’s held

Businesses run on data and the insights that data can provide. Personal and business data is constantly being created, shared, and stored. But do you really know where all that valuable information is held in your business systems? Understanding the location of your data is crucial for security, privacy, regulatory compliance, and effective data management. Why Data Location Matters 1. Security: Knowing where your data is stored helps you assess vulnerabilities and implement appropriate [...]

Read More
8 07, 2024

The importance of Business Continuity

The Importance of Business Continuity In today’s business environment, ensuring the resilience of your organisation during unforeseen events is paramount. This blog post covers the critical relationship between business continuity and GDPR compliance, emphasising the necessity of a robust business continuity plan (BCP) to safeguard data and meet regulatory requirements. Defining Business Continuity Business continuity refers to an organisation’s ability to maintain essential functions during and after a disruptive incident. This could involve natural [...]

Read More
Copyright 2019-2023 | All Rights Reserved | Privacy Policy | Audit & Risk Professionals LLP T/A GDPR Advisors Uk | Registered in England and Wales (company number OC393687) Registered Address: Masefield Avenue, Borehamwood, HERTS., WD6 2HQ
FacebookInstagramLinkedIn
Go to Top