Privacy by Design: Building Data Protection into the Core of Your Products In a world which is dominated by digital communications, privacy has become a critical concern for users and businesses alike. Privacy by Design (PbD) offers a proactive approach to addressing these concerns by embedding privacy protections into the very foundation of products and services. What is Privacy by Design? Privacy by Design is a framework developed by Dr. Ann Cavoukian in the [...]
We work with a lot of small businesses who have recognised the opportunity that securing contracts with larger companies offers. However, in today's data privacy world, there's a crucial factor you can't afford to overlook: GDPR compliance. Why GDPR Matters for Your Small Business The General Data Protection Regulation (GDPR) isn't just for tech giants or multinational corporations. It affects any business that handles personal data of EU citizens, regardless of size or location. [...]
How Often Should You Review Your Privacy Policy for GDPR? If you operate a business that collects or processes personal data from individuals in the European Union, you need to ensure your practices comply with the General Data Protection Regulation (GDPR). A key part of GDPR compliance is maintaining an up-to-date, comprehensive privacy policy that outlines how you handle user data. But how often should you review and update your privacy policy? The GDPR [...]
"Do I need a tickbox for GDPR?" is one of the most common questions we get asked in our Membership - Your GDPR Advisor. Unfortunately, it is not a simple yes or no answer. It very much depends on what you think you need a tickbox for. The purpose of a tickbox is so that you can get consent for something, but a tickbox isn't always necessary. For example, a newsletter subscription form does [...]
This is a question we get asked a lot and it may have been prompted by a business receiving a letter from the Information Commissioner's Office (ICO) saying that they need to register and pay the fee. Watch the video to find out more. https://www.youtube.com/watch?v=aVQhfj5uOrs&t=20s
GDPR for Memberships We work with a lot of membership organisations and they have some unique challenges around GDPR, from those which are based internationally and how to manage the data of UK and EU individuals as opposed to the rest of the world members to those organisations which are linked to a professional body. Some of the challenges faced by memberships are: Contact preferences - This is especially difficult to assign contact preferences [...]
GDPR for Small Businesses: What You Need to Know As a small business owner, you will have heard about the General Data Protection Regulation (GDPR) but perhaps you aren't quite sure what it means for your company. The GDPR is a set of data protection rules designed to give individuals more control over their personal information and ensure that organisations handle that information responsibly. While the GDPR was introduced in the European Union, it [...]
When an individual makes a Subject Access Request (SAR), they are entitled to receive a copy of the information held about them, this will include CCTV footage where this is being captured. A sport centre approached us for advice recently regarding a SAR specifically asking for CCTV footage of an incident on the sports centre's premises. There are always challenges with providing CCTV footage as part of a SAR. Firstly how do you know [...]
Creating Effective Policy Documents Having well-written and easy-to-follow policies is crucial for ensuring consistency and compliance within an organisation. However knowing what the format should look like can be a challenge and getting it wrong means lots of changes. We've written hundred of policies for clients and so I am going to share our format for creating easy to understand and follow policies. Here's the structure we use for creating effective policy documents: Front [...]
The Benefits of Data Audits: Ensuring Security and Compliance for Small Businesses As a small business, you may have heard about Data Audits and may wonder what benefits it can bring to your organisation. Let's delve into why completing a data audit is a crucial step towards enhancing your data security and achieving compliance with regulations like GDPR. Understanding Data Audits What is a Data Audit? A data audit is a record of the [...]
Navigating Charities, Cyber Incidents, and Best Practices For charitable organisations, the aim to make a positive impact on society often takes centre stage and the majority of resources. However, amidst the endeavors of charities lies a growing concern—cyber incidents. A statistic produced by the UK government this week shows that 66% of charities, with income over £500k, have suffered a cyber incident in the last year. The digital landscape presents both opportunities for outreach [...]
As a business owner, you're well aware of the importance of GDPR compliance and information security. However, maintaining awareness among your staff can be a challenge. It needs to be something that is memorable, educational, cost effective and engaging, not a short list! I have set out below some different activities you could try to help raise awareness effectively. 1. Regular Training Sessions One of the most effective ways to instill good data protection [...]
As a small business owner, you may be juggling multiple hats and responsibilities. Among these, ensuring the security and integrity of your business's data, especially under the General Data Protection Regulation (GDPR), is crucial. Ongoing awareness activities support increased knowledge and reduce the risk of data breaches and can not only enhance your business's data protection practices but provide a host of additional benefits too. 1. Ensuring Compliance with GDPR GDPR compliance is not [...]
As a small business owner, you understand that your data is one of your most valuable assets. It's the lifeblood of your operations, key to your growth strategy, and often, the base to build relationships with customers. But in an increasingly digital world, this data is under relentless attack. That's where cyber security steps in. Cyber security is not just a buzzword. It's a necessity for businesses of all sizes, especially for small businesses [...]
Many small business owners think they are too small to be a target for cyber criminals, the truth is that companies of all sizes face major risks when it comes to data breaches and lack of information security procedures. Failure to properly secure customer data can result in severe penalties, legal liability, and a devastating loss of customer trust. The Devastating Impact for One Small Retailer We took a call this week from a [...]
How Do I Know my Small Business is GDPR Compliant? All small businesses collect personal information as part of operating. This may be customers information, suppliers, staff etc so as a result you need to comply with data protection legislation. Failure to do so can have significant consequences including loss of reputation, loss of income and if there is a serious non-compliance issue, a significant fine. Here are some of the things your small [...]
Pseudo-anonymisation vs Anonymisation: What's the Difference? is a question we were asked this week. When handling personal data, there are two main methods for de-identifying individuals - pseudo-anonymisation and anonymisation. But what exactly do these terms mean and how do they differ? Pseudo-anonymisation refers to replacing direct identifiers (like names) with indirect ones (like numbers). So in a pseudo-anonymised list, each individual is still assigned a unique code but this can be mapped back [...]
"How long should I keep staff records?" is a frequent question we get asked. The answer is not straightforward as you have to consider current staff and previous staff and the type of records that are being maintained. Data Protection Legislation, including GDPR, sets out that you should not retain information for longer than necessary but you also need to consider the prospect of a legal or insurance claim and therefore retain the documents [...]
Market Research and Working Internationally - Security Questionnaires When a small market research agency is looking to work with large multinational corporations, one of the hurdles you may encounter is completing their procurement and security questionnaires for third party vendors. These detailed questionnaires allow corporations to assess potential vendors, partners, and agencies across areas like data security, privacy practices, and more. When working with large corporates who have dedicated legal and procurement teams, these [...]
Bring Your Own Device (BYOD) is a popular policy where employees use personal devices for work. This typically means using personal smartphones or laptops to access company systems and data. While convenient, BYOD introduces cybersecurity risks that organisations must address. Failure to secure personal devices puts sensitive company information at risk. When employees access internal systems on insecure devices outside the corporate network, businesses lose control of that data. Without proper BYOD policies and [...]