About Lesley Cooley

This author has not yet filled in any details.
So far Lesley Cooley has created 111 blog entries.
27 04, 2021

Procurement Questionnaires and how to respond

It has been a busy few weeks helping organisations who work with large corporates respond to procurement and security questionnaires. The questionnaires have all sorts of names; assurance, security, procurement, information security, data protection etc. They are all effectively trying to achieve the same thing, assurance about the security surrounding the information you are working with. They are becoming more frequently requested as part of working with larger organisations. In the last few weeks, [...]

Read More
12 04, 2021

Data Controller or Data Processor?

It’s one of those things that people struggle with. Am I a Data Controller or Data Processor? Let’s talk through what each one is and the role that they play. Data Controller The Data Controller decides how information is collected, used, stored and destroyed. Effectively they are in charge of the personal information that they are collecting. They are responsible for informing the individual, via privacy information, how the information will be used, shared, [...]

Read More
1 03, 2021

GDPR Basics 1 – I’ve read the information on the ICO website and I’m still confused

“I’ve read the information on the ICO website and I’m still confused.” We hear this so often through our helpline. It’s not the fault of the ICO website, they are trying to meet the needs of all organisations from big to small, complex to simple and it doesn’t just provide the level of advice that someone needs sometimes. Also, the language can be confusing and frequently organisations struggle to understand the implications for their [...]

Read More
23 01, 2021

Which Countries are in the EU and EEA for data protection purposes?

The EU countries covered by GDPR and data exchange are: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden. The EEA (European Economic Area) includes all the EU countries and Iceland, Norway and Liechtenstein. Additionally there are countries which have an adequacy decision and so data can be passed to and from them [...]

Read More
18 01, 2021

What does the Brexit deal mean for data transfers with Europe?

The last minute Brexit deal has some good news for those organisations who are working with companies in the EU or whose cloud storage is based in the EU. Up till now the Uk and EU/EEA have been able to exchange personal information without any issues or concerns. As part of the new Brexit deal that exchange can continue unhindered until the UK achieves adequacy status but no longer than six months. This means [...]

Read More
12 01, 2021

Data Subject Access Requests (DSAR)

We’ve had a flurry of requests for support for subject access requests in the last few weeks. This is  because of the redundancies being made by organisations and changing job market. Don’t think that only large organisations get Subject Access Requests, we have recently helped an organisation with only one employee to respond to a Subject Access Request. The most recent ones have been slightly larger organisations and there has been a common theme [...]

Read More
31 08, 2020

Blood test – Taking the Pee?

My father went to the doctors recently. He needed to have a blood test and the doctor gave him his blood test forms to book the appointment with. The doctor checked that the top form (of those stapled together) had his name and address on it. When we got home, I got the forms out the make the appointment. There were three sheets of paper stapled together, the top two referred to my dad [...]

Read More
19 07, 2020

Should Membership Organisations support their members with GDPR?

Should Membership organisations support their members with GDPR? I believe they should. It's not often I get frustrated but this was one of those times. I have a client in the security industry who contracts out some of the security monitoring to a third party. I have spoken with the third party and they do not understand GDPR or what they need to do but they are a member of a security industry body. [...]

Read More
22 06, 2020

What makes me a good Data Protection Officer (DPO)?

I think that to be good at something requires a mix of knowledge, talent and passion. I have extensive data protection experience as well as a formally recognised qualification. So that makes me a good data protection officer. What makes me different from lots of other data protection professionals, some of whom jumped on the GDPR bandwagon as a means to making money, is that I have continued to learn, not just about data [...]

Read More
24 05, 2020

Telephone Security or lack of it

I had to telephone a company the other day to chase an order, when I called, the person who answered the phone asked me if I would mind holding as he was on another call. I said that was fine, but he didn't mute himself or put me on hold. As a result I could clearly hear the conversation he was having with the other caller, which included taking their credit card details (including [...]

Read More
4 05, 2020

Security Questionnaires and how to respond

Recently with many organisations working from home, we have seen increased scrutiny happening for organisations managing information on behalf of other organisations. One of our clients is an international market research company. They work with large corporates throughout the world providing insight on new ideas and services. For the first time ever, they have received a security questionnaire from their biggest client. What we mean when we say security questionnaire is a form asking [...]

Read More
30 03, 2020

Working from Home – Getting the set up right

Working from home is becoming the norm. Staff who are used to working in an office environment are now working from home and trying to create an acceptable office environment. From a productivity and security point of view, the best thing to do is to ensure that the space you are using to work from is a dedicated space. Even if it's only a small desk in a corner of a room. Once you [...]

Read More
2 03, 2020

Are you classifying your information?

When we talk about how long to keep information, we should also be considering the sensitivity of that information. Can you identify information which is confidential and should be restricted access from other information? For example, personnel records would be considered confidential information. They would have access restricted to those who need to know. So how are you marking those records to provide that information? It's easy with paper records, you can just mark [...]

Read More
24 02, 2020

How secure are your records?

The Information Commissioners Office (ICO) has fined the Door Step Dispensaree £275,000 for failing to deal securely with paper records. There are some interesting elements to this case. The fine was for the lack of security over paper records. A reminder to organisations that the legislation doesn't just relate to electronic information. Concerns about the security of information were reported to the ICO by the Medicine and healthcare Products Regulatory Agency (MHRA). It was [...]

Read More
24 02, 2020

Vishing Calls – What they are and how to handle them

Vishing calls are not new. They have been happening for a while but after an incident at one of my clients recently and then a discussion with one of my groups, I thought I would cover it here. You can stop reading know if you think you know it all! A vishing call is where someone contacts you by phone and then tries to get information from you. This information may be personal to [...]

Read More
10 02, 2020

Subject Access Requests – How long do you have to respond?

There is a limited time period to respond to a subject access request. How long depends on a couple of factors. Let's start at the beginning. When you receive a subject access request, you need to be able to verify the identity of the person making the request. You can view my previous blog about verifying their identity here. You cannot hold up verifying the individual's identify to delay a response. Frequently an individual [...]

Read More
2 02, 2020

Disposing of old equipment – How are you doing?

Disposing of old office equipment is always a challenge to ensure that it is properly "clean" before disposal. How do you do it? When you think of all the office equipment which might have business or personal information on it, there's a lot. Computers, laptops, servers, printers, mobile phones, memory drives etc. It's not just the electronic equipment either. There's also the need to ensure office furniture such a desks, filing cabinets etc are [...]

Read More
27 01, 2020

Easy ways to GDPR compliance

I'm often asked what I like about data protection. Well, I love the fact that it is not always black and white. Anyone who knows me, knows that I usually start a response with "it depends". It depends how you collect the information, what you want to use it for, who you are sharing it with etc. But understanding data protection legislation is not the real challenge with achieving compliance. The biggest challenge is [...]

Read More
20 01, 2020

Should I be registered with the ICO?

Do you need to register with the Information Commissioners Office (ICO)? The ICO is the supervisory body for the UK with regard to data protection matters. Under the old Data Protection Act the ICO had a list of Data Controllers. The need to maintain a list of data Controllers disappeared with GDPR, BUT in order to fund the ICO, a bill was passed which means that the ICO maintains a register of fee payers. [...]

Read More
Copyright 2019-2023 | All Rights Reserved | Privacy Policy | Audit & Risk Professionals LLP T/A GDPR Advisors Uk | Registered in England and Wales (company number OC393687) Registered Address: Masefield Avenue, Borehamwood, HERTS., WD6 2HQ
FacebookInstagramLinkedIn
Go to Top