6 01, 2020

Start Up Small Business Challenges

Lets face it GDPR is not top of a start-up businesses initial concerns. It comes a bit down the list of priorities after marketing, getting clients, making a profit and potentially having the right insurance in place. GDPR is a challenge for any small business. There is not usually the knowledge or expertise to understand the requirements. Sometimes there is not even the drive to understand what needs to be in place. It's all [...]

25 11, 2019

What is considered Processing under GDPR?

What is considered processing under GDPR? It's a question we get asked a lot. Mainly as a result of our work with clients and their data processors. The definition of processing is covered by Article 4 paragraph 2 of GDPR and states: "‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, [...]

17 11, 2019

Collecting Special Category Data – do you know what to do?

If you are collecting special category information under GDPR, do you know what to do? There have been incidences recently where an organisation has been collecting GDPR special category information. That is, information about: health ethnicity sex life or sexual orientation trade union membership biometric data when used to identify you political opinions and religious or philosophical beliefs. To be able to collect this information you need to have a second condition in place. [...]

10 11, 2019

Email data breaches – Easily avoided

It's happened again. One of the most common data breaches and one which is easily avoided has happened to West Berkshire Council. So what happened? Someone sent an email to 1,107 people about a leisure centre survey and didn't hide the email addresses. As a result, everyone getting the email could see who else it had been sent to. It's really disappointing when these types of data breaches occur as they could so easily [...]

3 11, 2019

Training doesn’t have to be boring

We do a lot of training sessions for companies. As well as running webinar training for individuals so that they can stay up to date with the requirements and legislation.  The training we run for companies is completely bespoke. We don't just provide a PowerPoint presentation. We all know that a PowerPoint presentation is the basis of most training sessions but people learn in different ways.  If you want everyone to understand what you [...]

14 10, 2019

Is your contractor being evasive?

Does it ring alarm bells with you when a contractor is unable to provide you with basic information about their data protection practices? A company that is working on your behalf but unable to tell you how they use the personal information you provide. It does with me. Even more so if they have no idea what I am talking about when I request a data protection policy. Recently one of my clients was [...]

2 10, 2019

Who can be your Data Protection Officer?

Once you know whether your organisation needs a Data Protection Officer (DPO), you then need to decide who can undertake the role. If you are not sure if you need a DPO, then read my blog post here to find out. Companies often ask us who is the best person to be the DPO? This comes down to who can match the requirements set out in GDPR. Under GDPR you should appoint a DPO [...]

2 10, 2019

Do I need a Data Protection Officer?

Since GDPR came into force, there is now an legal definition for a Data Protection Officer (DPO). Some organisations are required to have a DPO because of their size or the personal information that they are processing, whereas other do not need one. Under GDPR you must appoint a DPO if you are a public authority or body (except for courts acting in their judicial capacity); your core activities require large scale, regular and [...]

23 09, 2019

Marketing Texts and Phone Calls – how to get it right.

I am on a number of mailing lists, like most of us :-) One of the companies I receive a newsletter from sent me details of an event. Somehow I ended up on the list of interested parties for this event and started getting emails about it (I don't remember signing up but the company says I did). Anyway after the initial few emails, I started getting texts about this event promoting it. I [...]

10 09, 2019

GDPR Privacy Policies

We've been helping businesses get their privacy policies in place over the last couple of weeks. It's been a surprise to find so many businesses not having a basis privacy policy in place on their website. We write bespoke privacy policies. We also selling a template privacy policy which you can adapt for your use. There is no excuse for having a privacy policy which doesn't meet the requirements. So what should a privacy [...]

8 09, 2019

Lets talk data……… first steps

Now I am not one of the GDPR advisors that uses the formal language. I don't use the word data, I say personal information as so many people struggle to understand what data really means. I spend quite a lot of time talking with other data protection professionals and I always find it daunting when they start talking article this, data that. Not because I don't know what they are talking about but it [...]

19 08, 2019

Subject Access Requests – Verifying the Identity of the Requestor

There has been a recent news story about a man making subject access requests in the name of his girlfriend (with her knowledge) to see how much information he could obtain. On the basis of his research 1 in four companies gave him information on the basis of the information he had provided. This comes down to poor verification processes in place at the organisations before they give the information out. So here are [...]

5 08, 2019

Subject Access Requests – Do you know your obligations?

Another week, another data subject access request or SAR. We were contacted this week by an individual who wanted to know if an organisation had complied with their obligations. That's a bit unusual as its usually organisations contacting us. On this occasion this individual had asked for their parents care records from a care agency. The information had been provided but there was no explanation about the content. Care agencies are likely to receive [...]

23 07, 2019

IT companies – Do you know how to help your clients be GDPR compliant?

IT support companies are the key to being able to access business information in a timely manner. Most small businesses outsource their IT support to another small IT Support Business. This can be a challenge when neither business knows how they should be complying with GDPR. Whenever I am working with a business on their GDPR compliance, the sticking point is always with the IT support company. Generally, the IT support company's terms and [...]

18 07, 2019

Website Privacy Policy

When I interact with a website, I always look at the privacy policy, a bit sad, I know but it tells me a lot about a business and their attitude to privacy. A privacy policy should include certain information to meet the requirements of data protection. My daughter recently wanted to buy some clothing from a large retailer. Their privacy policy was poor and had not been updated as a result of GDPR which [...]

24 05, 2019

GDPR – One year on – Celebrating or Still on the To Do list?

On the 25th May 2018, GDPR became enforceable. It's been an interesting year. From what you can see around you and the way companies are behaving, some are still not aware of their GDPR obligations (let's put it that way). So far none of the big fines that everyone has been worried about have come to fruition. The different supervisory bodies across the EU are making their interpretations of the legislation known. Things are [...]

16 05, 2019

Call Recording – Are you transparent about it?

My son has been looking for some specialist insurance recently which has meant a lot of phone calls from various brokers. The really interesting thing is that none of these brokers disclosed that they were recording the calls at the start of the conversation. Only when my son asked if they were recording the calls, did they say that they were. Not a lot of transparency there. One of the brokers directed him to [...]

4 03, 2019

Can the ICO get in touch with you?

Can the ICO get in touch with you? What happens if they use the email address on your website? Sometimes the ICO may wish to contact you. This may be if they have received a complaint from another person or organisation. Their first stop will be your website and they will probably use the email address shown there to send you an email. So what happens when you are not monitoring that email address? [...]

8 02, 2019

GDPR Compliant Downloads – How not to do it

Large companies continue to get it wrong. There's been a Facebook ad appearing in my feed recently. It is for a GDPR checklist. So despite not needing a checklist, today I followed the link. The page asks for your email address, first name, last name and telephone number before you can download the checklist. You shouldn't have to provide all that information for a free download, its part of the data minimisation principle of [...]

7 02, 2019

Subject Access Requests – Are you Listening?

What is a Subject Access Request (SAR) or a Data Subject Access Request (DSAR)? This is the right of an individual to see any information held about them by an organisation. Someone can make a request by any method they choose, including verbally. This is creating some challenges as most organisations are struggling to put a process in place to recognise verbal requests. A friend of mine made a verbal request to a local [...]

Go to Top