About Lesley Cooley

This author has not yet filled in any details.
So far Lesley Cooley has created 81 blog entries.
4 05, 2020

Security Questionnaires and how to respond

Recently with many organisations working from home, we have seen increased scrutiny happening for organisations managing information on behalf of other organisations. One of our clients is an international market research company. They work with large corporates throughout the world providing insight on new ideas and services. For the first time ever, they have received a security questionnaire from their biggest client. What we mean when we say security questionnaire is a form asking [...]

Read More
30 03, 2020

Working from Home – Getting the set up right

Working from home is becoming the norm. Staff who are used to working in an office environment are now working from home and trying to create an acceptable office environment. From a productivity and security point of view, the best thing to do is to ensure that the space you are using to work from is a dedicated space. Even if it's only a small desk in a corner of a room. Once you [...]

Read More
2 03, 2020

Are you classifying your information?

When we talk about how long to keep information, we should also be considering the sensitivity of that information. Can you identify information which is confidential and should be restricted access from other information? For example, personnel records would be considered confidential information. They would have access restricted to those who need to know. So how are you marking those records to provide that information? It's easy with paper records, you can just mark [...]

Read More
24 02, 2020

How secure are your records?

The Information Commissioners Office (ICO) has fined the Door Step Dispensaree £275,000 for failing to deal securely with paper records. There are some interesting elements to this case. The fine was for the lack of security over paper records. A reminder to organisations that the legislation doesn't just relate to electronic information. Concerns about the security of information were reported to the ICO by the Medicine and healthcare Products Regulatory Agency (MHRA). It was [...]

Read More
24 02, 2020

Vishing Calls – What they are and how to handle them

Vishing calls are not new. They have been happening for a while but after an incident at one of my clients recently and then a discussion with one of my groups, I thought I would cover it here. You can stop reading know if you think you know it all! A vishing call is where someone contacts you by phone and then tries to get information from you. This information may be personal to [...]

Read More
10 02, 2020

Subject Access Requests – How long do you have to respond?

There is a limited time period to respond to a subject access request. How long depends on a couple of factors. Let's start at the beginning. When you receive a subject access request, you need to be able to verify the identity of the person making the request. You can view my previous blog about verifying their identity here. You cannot hold up verifying the individual's identify to delay a response. Frequently an individual [...]

Read More
2 02, 2020

Disposing of old equipment – How are you doing?

Disposing of old office equipment is always a challenge to ensure that it is properly "clean" before disposal. How do you do it? When you think of all the office equipment which might have business or personal information on it, there's a lot. Computers, laptops, servers, printers, mobile phones, memory drives etc. It's not just the electronic equipment either. There's also the need to ensure office furniture such a desks, filing cabinets etc are [...]

Read More
27 01, 2020

Easy ways to GDPR compliance

I'm often asked what I like about data protection. Well, I love the fact that it is not always black and white. Anyone who knows me, knows that I usually start a response with "it depends". It depends how you collect the information, what you want to use it for, who you are sharing it with etc. But understanding data protection legislation is not the real challenge with achieving compliance. The biggest challenge is [...]

Read More
20 01, 2020

Should I be registered with the ICO?

Do you need to register with the Information Commissioners Office (ICO)? The ICO is the supervisory body for the UK with regard to data protection matters. Under the old Data Protection Act the ICO had a list of Data Controllers. The need to maintain a list of data Controllers disappeared with GDPR, BUT in order to fund the ICO, a bill was passed which means that the ICO maintains a register of fee payers. [...]

Read More
6 01, 2020

Start Up Small Business Challenges

Lets face it GDPR is not top of a start-up businesses initial concerns. It comes a bit down the list of priorities after marketing, getting clients, making a profit and potentially having the right insurance in place. GDPR is a challenge for any small business. There is not usually the knowledge or expertise to understand the requirements. Sometimes there is not even the drive to understand what needs to be in place. It's all [...]

Read More
25 11, 2019

What is considered Processing under GDPR?

What is considered processing under GDPR? It's a question we get asked a lot. Mainly as a result of our work with clients and their data processors. The definition of processing is covered by Article 4 paragraph 2 of GDPR and states: "‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, [...]

Read More
17 11, 2019

Collecting Special Category Data – do you know what to do?

If you are collecting special category information under GDPR, do you know what to do? There have been incidences recently where an organisation has been collecting GDPR special category information. That is, information about: health ethnicity sex life or sexual orientation trade union membership biometric data when used to identify you political opinions and religious or philosophical beliefs. To be able to collect this information you need to have a second condition in place. [...]

Read More
10 11, 2019

Email data breaches – Easily avoided

It's happened again. One of the most common data breaches and one which is easily avoided has happened to West Berkshire Council. So what happened? Someone sent an email to 1,107 people about a leisure centre survey and didn't hide the email addresses. As a result, everyone getting the email could see who else it had been sent to. It's really disappointing when these types of data breaches occur as they could so easily [...]

Read More
3 11, 2019

Training doesn’t have to be boring

We do a lot of training sessions for companies. As well as running webinar training for individuals so that they can stay up to date with the requirements and legislation.  The training we run for companies is completely bespoke. We don't just provide a PowerPoint presentation. We all know that a PowerPoint presentation is the basis of most training sessions but people learn in different ways.  If you want everyone to understand what you [...]

Read More
14 10, 2019

Is your contractor being evasive?

Does it ring alarm bells with you when a contractor is unable to provide you with basic information about their data protection practices? A company that is working on your behalf but unable to tell you how they use the personal information you provide. It does with me. Even more so if they have no idea what I am talking about when I request a data protection policy. Recently one of my clients was [...]

Read More
2 10, 2019

Who can be your Data Protection Officer?

Once you know whether your organisation needs a Data Protection Officer (DPO), you then need to decide who can undertake the role. If you are not sure if you need a DPO, then read my blog post here to find out. Companies often ask us who is the best person to be the DPO? This comes down to who can match the requirements set out in GDPR. Under GDPR you should appoint a DPO [...]

Read More
2 10, 2019

Do I need a Data Protection Officer?

Since GDPR came into force, there is now an legal definition for a Data Protection Officer (DPO). Some organisations are required to have a DPO because of their size or the personal information that they are processing, whereas other do not need one. Under GDPR you must appoint a DPO if you are a public authority or body (except for courts acting in their judicial capacity); your core activities require large scale, regular and [...]

Read More
23 09, 2019

Marketing Texts and Phone Calls – how to get it right.

I am on a number of mailing lists, like most of us :-) One of the companies I receive a newsletter from sent me details of an event. Somehow I ended up on the list of interested parties for this event and started getting emails about it (I don't remember signing up but the company says I did). Anyway after the initial few emails, I started getting texts about this event promoting it. I [...]

Read More
10 09, 2019

GDPR Privacy Policies

We've been helping businesses get their privacy policies in place over the last couple of weeks. It's been a surprise to find so many businesses not having a basis privacy policy in place on their website. We write bespoke privacy policies. We also selling a template privacy policy which you can adapt for your use. There is no excuse for having a privacy policy which doesn't meet the requirements. So what should a privacy [...]

Read More
Copyright 2019-2023 | All Rights Reserved | Privacy Policy | Audit & Risk Professionals LLP T/A GDPR Advisors Uk | Registered in England and Wales (company number OC393687) Registered Address: Masefield Avenue, Borehamwood, HERTS., WD6 2HQ
FacebookInstagramLinkedIn
Go to Top