About Lesley Cooley

This author has not yet filled in any details.
So far Lesley Cooley has created 113 blog entries.
15 07, 2024

Where Is Your Data and Why it is important to know where it’s held

Businesses run on data and the insights that data can provide. Personal and business data is constantly being created, shared, and stored. But do you really know where all that valuable information is held in your business systems? Understanding the location of your data is crucial for security, privacy, regulatory compliance, and effective data management. Why Data Location Matters 1. Security: Knowing where your data is stored helps you assess vulnerabilities and implement appropriate [...]

Read More
8 07, 2024

The importance of Business Continuity

The Importance of Business Continuity In today’s business environment, ensuring the resilience of your organisation during unforeseen events is paramount. This blog post covers the critical relationship between business continuity and GDPR compliance, emphasising the necessity of a robust business continuity plan (BCP) to safeguard data and meet regulatory requirements. Defining Business Continuity Business continuity refers to an organisation’s ability to maintain essential functions during and after a disruptive incident. This could involve natural [...]

Read More
1 07, 2024

What is Privacy by design?

Privacy by Design: Building Data Protection into the Core of Your Products In a world which is dominated by digital communications, privacy has become a critical concern for users and businesses alike. Privacy by Design (PbD) offers a proactive approach to addressing these concerns by embedding privacy protections into the very foundation of products and services. What is Privacy by Design? Privacy by Design is a framework developed by Dr. Ann Cavoukian in the [...]

Read More
24 06, 2024

GDPR Compliance: A Key to Unlocking Contracts with Larger Businesses

We work with a lot of small businesses who have recognised the opportunity that securing contracts with larger companies offers. However, in today's data privacy world, there's a crucial factor you can't afford to overlook: GDPR compliance. Why GDPR Matters for Your Small Business The General Data Protection Regulation (GDPR) isn't just for tech giants or multinational corporations. It affects any business that handles personal data of EU citizens, regardless of size or location. [...]

Read More
17 06, 2024

How Often Should You Review Your Privacy Policy for GDPR?

How Often Should You Review Your Privacy Policy for GDPR? If you operate a business that collects or processes personal data from individuals in the European Union, you need to ensure your practices comply with the General Data Protection Regulation (GDPR). A key part of GDPR compliance is maintaining an up-to-date, comprehensive privacy policy that outlines how you handle user data. But how often should you review and update your privacy policy? The GDPR [...]

Read More
10 06, 2024

Do I need a tick box for GDPR?

"Do I need a tickbox for GDPR?" is one of the most common questions we get asked in our Membership - Your GDPR Advisor. Unfortunately, it is not a simple yes or no answer. It very much depends on what you think you need a tickbox for. The purpose of a tickbox is so that you can get consent for something, but a tickbox isn't always necessary. For example, a newsletter subscription form does [...]

Read More
28 05, 2024

GDPR for Memberships

GDPR for Memberships We work with a lot of membership organisations and they have some unique challenges around GDPR, from those which are based internationally and how to manage the data of UK and EU individuals as opposed to the rest of the world members to those organisations which are linked to a professional body. Some of the challenges faced by memberships are: Contact preferences - This is especially difficult to assign contact preferences [...]

Read More
20 05, 2024

How does GDPR affect Small Businesses?

GDPR for Small Businesses: What You Need to Know As a small business owner, you will have heard about the General Data Protection Regulation (GDPR) but perhaps you aren't quite sure what it means for your company. The GDPR is a set of data protection rules designed to give individuals more control over their personal information and ensure that organisations handle that information responsibly. While the GDPR was introduced in the European Union, it [...]

Read More
13 05, 2024

CCTV footage as part of a Subject Access Request

When an individual makes a Subject Access Request (SAR), they are entitled to receive a copy of the information held about them, this will include CCTV footage where this is being captured. A sport centre approached us for advice recently regarding a SAR specifically asking for CCTV footage of an incident on the sports centre's premises. There are always challenges with providing CCTV footage as part of a SAR. Firstly how do you know [...]

Read More
6 05, 2024

How to create an effective Policy

Creating Effective Policy Documents Having well-written and easy-to-follow policies is crucial for ensuring consistency and compliance within an organisation. However knowing what the format should look like can be a challenge and getting it wrong means lots of changes. We've written hundred of policies for clients and so I am going to share our format for creating easy to understand and follow policies. Here's the structure we use for creating effective policy documents: Front [...]

Read More
29 04, 2024

The Benefits of Data Audits

The Benefits of Data Audits: Ensuring Security and Compliance for Small Businesses As a small business, you may have heard about Data Audits and may wonder what benefits it can bring to your organisation. Let's delve into why completing a data audit is a crucial step towards enhancing your data security and achieving compliance with regulations like GDPR. Understanding Data Audits What is a Data Audit? A data audit is a record of the [...]

Read More
22 04, 2024

Charities and Cyber Security

Navigating Charities, Cyber Incidents, and Best Practices For charitable organisations, the aim to make a positive impact on society often takes centre stage and the majority of resources. However, amidst the endeavors of charities lies a growing concern—cyber incidents. A statistic produced by the UK government this week shows that 66% of charities, with income over £500k, have suffered a cyber incident in the last year. The digital landscape presents both opportunities for outreach [...]

Read More
15 04, 2024

Boosting Awareness: A Guide to Effective GDPR and Information Security Activities

As a business owner, you're well aware of the importance of GDPR compliance and information security. However, maintaining awareness among your staff can be a challenge. It needs to be something that is memorable, educational, cost effective and engaging, not a short list! I have set out below some different activities you could try to help raise awareness effectively. 1. Regular Training Sessions One of the most effective ways to instill good data protection [...]

Read More
8 04, 2024

Ongoing Awareness Activities: Your Key to Promoting Good GDPR and Information Security Practices

As a small business owner, you may be juggling multiple hats and responsibilities. Among these, ensuring the security and integrity of your business's data, especially under the General Data Protection Regulation (GDPR), is crucial. Ongoing awareness activities support increased knowledge and reduce the risk of data breaches and can not only enhance your business's data protection practices but provide a host of additional benefits too. 1. Ensuring Compliance with GDPR GDPR compliance is not [...]

Read More
1 04, 2024

The Role of Cyber Security in Protecting Your Small Business Data

As a small business owner, you understand that your data is one of your most valuable assets. It's the lifeblood of your operations, key to your growth strategy, and often, the base to build relationships with customers. But in an increasingly digital world, this data is under relentless attack. That's where cyber security steps in. Cyber security is not just a buzzword. It's a necessity for businesses of all sizes, especially for small businesses [...]

Read More
25 03, 2024

Why Small Businesses Can’t Ignore Data Protection and information security

Many small business owners think they are too small to be a target for cyber criminals, the truth is that companies of all sizes face major risks when it comes to data breaches and lack of information security procedures. Failure to properly secure customer data can result in severe penalties, legal liability, and a devastating loss of customer trust. The Devastating Impact for One Small Retailer We took a call this week from a [...]

Read More
11 03, 2024

How do I know my Small Business is GDPR compliant?

How Do I Know my Small Business is GDPR Compliant? All small businesses collect personal information as part of operating. This may be customers information, suppliers, staff etc so as a result you need to comply with data protection legislation. Failure to do so can have significant consequences including loss of reputation, loss of income and if there is a serious non-compliance issue, a significant fine. Here are some of the things your small [...]

Read More
4 03, 2024

Pseudo-anonymisation vs Anonymisation: What’s the Difference?

Pseudo-anonymisation vs Anonymisation: What's the Difference? is a question we were asked this week. When handling personal data, there are two main methods for de-identifying individuals - pseudo-anonymisation and anonymisation. But what exactly do these terms mean and how do they differ? Pseudo-anonymisation refers to replacing direct identifiers (like names) with indirect ones (like numbers). So in a pseudo-anonymised list, each individual is still assigned a unique code but this can be mapped back [...]

Read More
26 02, 2024

How long should I keep staff records?

"How long should I keep staff records?" is a frequent question we get asked. The answer is not straightforward as you have to consider current staff and previous staff and the type of records that are being maintained. Data Protection Legislation, including GDPR, sets out that you should not retain information for longer than necessary but you also need to consider the prospect of a legal or insurance claim and therefore retain the documents [...]

Read More
Copyright 2019-2023 | All Rights Reserved | Privacy Policy | Audit & Risk Professionals LLP T/A GDPR Advisors Uk | Registered in England and Wales (company number OC393687) Registered Address: Masefield Avenue, Borehamwood, HERTS., WD6 2HQ
FacebookInstagramLinkedIn
Go to Top