Best practices for note-taking in organisations What can we put in notes? It's a question that organisations seek advice on regularly. The challenge with notes is they are usually free text fields and can be as long as you want which is great for flexibility, however from a data protection perspective, what is written in notes would be disclosable during a Subject Access Request process and they can frequently contain opinions (not so great). [...]
When Age Verification Goes Too Far: A GDPR Perspective In the world of online shopping, we've all become accustomed to filling out forms and providing personal information. But when does data collection cross the line from necessary to excessive? A recent experience, shopping for my daughter's birthday present, highlighted this issue and got me thinking about GDPR compliance and consumer rights. The 26-Year-Old Shopper (Or Am I?) Picture this: I'm browsing a well-known retailer's [...]
GDPR's Impact on AI and Machine Learning: Navigating Compliance Challenges Since its inception, the General Data Protection Regulation (GDPR) has reshaped the landscape of data privacy across Europe and beyond. As AI and machine learning technologies continue to evolve, organisations must navigate the complex interplay between innovation and compliance. GDPR's Impact on the use of AI is broad and multifaceted. In this blog post, we delve into the challenges of implementing AI while maintaining [...]
Why should I do a Record of Processing Activities (ROPA)? In the complex landscape of modern business, data has emerged as a critical asset. Yet, many organisations are unaware of what data they hold and the purposes they have retained it. The key to unlocking this value? A comprehensive data audit or Record of Processing Activities. GDPR requires larger organisations to undertake an audit of the data they hold, the purposes it's used for, [...]
The need for GDPR privacy notices at every collection point is an essential way that you can demonstrate transparency and define how data will be used. Data is constantly being collected - often without the individuals full awareness. From browsing websites to using mobile apps, personal information is gathered, stored, and analysed by countless organisations. This makes it more important than ever to have clear privacy notices at all points where data is collected. [...]
The data protection environment needs to be able to respond to new technologies and security concerns that may come with their use. Despite the General Data Protection Regulation (GDPR) being in effect for over six years, many organisations still struggle to maintain a mature compliance framework. This week, I had the opportunity to meet with three clients to discuss their GDPR progress and we discussed their use of AI technologies. The AI Blindspot One [...]
Maintaining Confidentiality: A Crucial Aspect of GDPR Compliance Protecting the personal information in an organisation is more important than ever. The General Data Protection Regulation (GDPR) sets strict standards for how organisations handle and protect personal information. One key aspect of GDPR compliance is maintaining the confidentiality of information. The Importance of Staff Training Your employees are on the front lines of data protection. Without proper training, even well-intentioned staff members can inadvertently compromise [...]
GDPR and Employee Privacy: Balancing Employer Obligations and Employee Rights The General Data Protection Regulation (GDPR) has reshaped how organisations handle personal data, including that of their employees. Employers must navigate the delicate balance between monitoring and collecting data for legitimate business purposes and respecting the privacy rights of their employees. This blog post explores the implications of GDPR on employee monitoring and data collection, best practices for maintaining this balance and how to [...]
Data Protection Roles Under GDPR: What You Need to Know. One of the key things to understand to be able to comply with your data protection obligations is what is your data protection role. Your role will dictate your responsibility for data protection compliance. Data Controller The data controller determines the purposes and means of processing personal information. They decide what to collect, how it will be used, how long it will be stored, [...]
Data Breaches and GDPR: What You Need to Know Data breaches are a nightmare for any organisation, but under GDPR, they can become even more challenging. This post will explain what a data breach is, your obligations under GDPR, and best practices for prevention and response to safeguard your business. What is a Data Breach? Under GDPR, a data breach is defined as a security incident leading to the accidental or unlawful destruction, loss, [...]
Understanding Soft Opt-In for GDPR Compliance: A Guide for Marketing With all the data protection requirements and understanding lawful basis, marketers must navigate complex privacy legislation to ensure their marketing aligns with legal requirements. One such topic that's particularly relevant for email marketing is the "soft opt-in." This blog post will explore what soft opt-in means under the General Data Protection Regulation (GDPR) and how businesses can use it effectively. What is the Soft [...]
Data Sharing Agreements: Enabling Collaboration While Protecting Information Data sharing agreements are essential tools when organisations want to share personal information. A Data Sharing Agreement is a legal contract that sets out the responsibilities of the partners involved in the data sharing. The terms set out how data can be accessed, used, protected and retained when shared between parties. Whether you're a business partnering with vendors, a researcher collaborating across clients, or a membership [...]
Data Classification: Why it is important Not all business data is created equal. Some information is more valuable—and more sensitive—than others. This is where data classification becomes important. It helps separate the low risk information from the highly sensitive and confidential. What is Data Classification? Data classification is the process of categorising business information based on its level of sensitivity and the impact to the organisation should that data be disclosed, altered, or destroyed [...]
Businesses run on data and the insights that data can provide. Personal and business data is constantly being created, shared, and stored. But do you really know where all that valuable information is held in your business systems? Understanding the location of your data is crucial for security, privacy, regulatory compliance, and effective data management. Why Data Location Matters 1. Security: Knowing where your data is stored helps you assess vulnerabilities and implement appropriate [...]
The Importance of Business Continuity In today’s business environment, ensuring the resilience of your organisation during unforeseen events is paramount. This blog post covers the critical relationship between business continuity and GDPR compliance, emphasising the necessity of a robust business continuity plan (BCP) to safeguard data and meet regulatory requirements. Defining Business Continuity Business continuity refers to an organisation’s ability to maintain essential functions during and after a disruptive incident. This could involve natural [...]
Privacy by Design: Building Data Protection into the Core of Your Products In a world which is dominated by digital communications, privacy has become a critical concern for users and businesses alike. Privacy by Design (PbD) offers a proactive approach to addressing these concerns by embedding privacy protections into the very foundation of products and services. What is Privacy by Design? Privacy by Design is a framework developed by Dr. Ann Cavoukian in the [...]
We work with a lot of small businesses who have recognised the opportunity that securing contracts with larger companies offers. However, in today's data privacy world, there's a crucial factor you can't afford to overlook: GDPR compliance. Why GDPR Matters for Your Small Business The General Data Protection Regulation (GDPR) isn't just for tech giants or multinational corporations. It affects any business that handles personal data of EU citizens, regardless of size or location. [...]
How Often Should You Review Your Privacy Policy for GDPR? If you operate a business that collects or processes personal data from individuals in the European Union, you need to ensure your practices comply with the General Data Protection Regulation (GDPR). A key part of GDPR compliance is maintaining an up-to-date, comprehensive privacy policy that outlines how you handle user data. But how often should you review and update your privacy policy? The GDPR [...]
"Do I need a tickbox for GDPR?" is one of the most common questions we get asked in our Membership - Your GDPR Advisor. Unfortunately, it is not a simple yes or no answer. It very much depends on what you think you need a tickbox for. The purpose of a tickbox is so that you can get consent for something, but a tickbox isn't always necessary. For example, a newsletter subscription form does [...]
This is a question we get asked a lot and it may have been prompted by a business receiving a letter from the Information Commissioner's Office (ICO) saying that they need to register and pay the fee. Watch the video to find out more. https://www.youtube.com/watch?v=aVQhfj5uOrs&t=20s