28 04, 2025

GDPR Liability in Outsourced Payroll: Critical Contract Gaps Exposed in UK Data Breach

Hidden Dangers in Data Processing Agreements: A Payroll Data Breach Case Study The Scenario: A Simple Error with Complex Implications Recently, we encountered a situation that serves as a perfect case study for businesses relying on third-party data processors. One of our clients, who outsources their payroll processing, experienced what might initially seem like a minor data breach – a payslip and P45 belonging to one employee were mistakenly sent to another employee within [...]

Read More
18 11, 2024

Don’t Let Data Protection Fear Paralyse Your Business Growth

The fear of data protection legislation is creating a new type of business paralysis, where companies are so worried about making a misstep that they're choosing to do nothing at all. Recently, I encountered this exact scenario with a new client who was hesitant to review their digital marketing practices simply because they weren't confident in their understanding of data protection regulations. This fear-based approach to data protection is holding businesses back from marketing [...]

Read More
11 11, 2024

GDPR Consent requirements are not your only choice

Why GDPR Consent Isn't Your Only Compliance Requirement Understanding GDPR consent requirements is a common challenge for businesses, with many organisations believing they've achieved compliance by simply adding consent forms to their processes. While these GDPR consent requirements are important, they're just one piece of the compliance puzzle. The General Data Protection Regulation actually provides several other legal bases for processing personal data that are equally valid and sometimes more appropriate than consent. Beyond [...]

Read More
4 11, 2024

GDPR Compliance: The Risks in Your IT Support Relationship

The Uncomfortable Truth About IT Providers and GDPR Businesses operate in data environments and being able to obtain IT support when something goes wrong is key to working effectively. Those IT Providers have complete access to a businesses digital assets and information. This makes it very risky when those IT providers have no awareness of their security or GDPR obligations. This happened to a client recently when we undertook a gap analysis and revealed [...]

Read More
28 10, 2024

“We’re GDPR Compliant” – The Common GDPR Compliance Mistakes UK Businesses are making

"We're GDPR Compliant" - The Common GDPR Compliance Mistakes UK Businesses are making Are you making critical GDPR compliance mistakes without realising it? Our many years of Data Protection and GDPR consulting reveals that lots of UK businesses are. Even those who think they've ticked all the compliance boxes are often shocked when they discover their mistakes. In our lengthy time providing GDPR and data protection consulting, we've encountered countless businesses who discovered they [...]

Read More
21 10, 2024

What can you put in notes?

Best practices for note-taking in organisations What can we put in notes? It's a question that organisations seek advice on regularly. The challenge with notes is they are usually free text fields and can be as long as you want which is great for flexibility, however from a data protection perspective, what is written in notes would be disclosable during a Subject Access Request process and they can frequently contain opinions (not so great). [...]

Read More
14 10, 2024

When Age Verification Goes Too Far: A GDPR Perspective

When Age Verification Goes Too Far: A GDPR Perspective In the world of online shopping, we've all become accustomed to filling out forms and providing personal information. But when does data collection cross the line from necessary to excessive? A recent experience, shopping for my daughter's birthday present, highlighted this issue and got me thinking about GDPR compliance and consumer rights. The 26-Year-Old Shopper (Or Am I?) Picture this: I'm browsing a well-known retailer's [...]

Read More
30 09, 2024

Why should I do a Record of Processing Activities (ROPA)?

Why should I do a Record of Processing Activities (ROPA)? In the complex landscape of modern business, data has emerged as a critical asset. Yet, many organisations are unaware of what data they hold and the purposes they have retained it. The key to unlocking this value? A comprehensive data audit or Record of Processing Activities. GDPR requires larger organisations to undertake an audit of the data they hold, the purposes it's used for, [...]

Read More
23 09, 2024

The Need for GDPR Privacy Notices

The need for GDPR privacy notices at every collection point is an essential way that you can demonstrate transparency and define how data will be used. Data is constantly being collected - often without the individuals full awareness. From browsing websites to using mobile apps, personal information is gathered, stored, and analysed by countless organisations. This makes it more important than ever to have clear privacy notices at all points where data is collected. [...]

Read More
16 09, 2024

GDPR Compliance in the use of AI: A Wake-Up Call for Businesses

The data protection environment needs to be able to respond to new technologies and security concerns that may come with their use. Despite the General Data Protection Regulation (GDPR) being in effect for over six years, many organisations still struggle to maintain a mature compliance framework. This week, I had the opportunity to meet with three clients to discuss their GDPR progress and we discussed their use of AI technologies. The AI Blindspot One [...]

Read More
9 09, 2024

Maintaining Confidentiality: A Crucial Aspect of GDPR Compliance

Maintaining Confidentiality: A Crucial Aspect of GDPR Compliance Protecting the personal information in an organisation is more important than ever. The General Data Protection Regulation (GDPR) sets strict standards for how organisations handle and protect personal information. One key aspect of GDPR compliance is maintaining the confidentiality of information. The Importance of Staff Training Your employees are on the front lines of data protection. Without proper training, even well-intentioned staff members can inadvertently compromise [...]

Read More
2 09, 2024

GDPR and Employee Privacy: Balancing Employer Obligations and Employee Rights

GDPR and Employee Privacy: Balancing Employer Obligations and Employee Rights The General Data Protection Regulation (GDPR) has reshaped how organisations handle personal data, including that of their employees. Employers must navigate the delicate balance between monitoring and collecting data for legitimate business purposes and respecting the privacy rights of their employees. This blog post explores the implications of GDPR on employee monitoring and data collection, best practices for maintaining this balance and how to [...]

Read More
26 08, 2024

Data Protection Roles Under GDPR: What You Need to Know

Data Protection Roles Under GDPR: What You Need to Know. One of the key things to understand to be able to comply with your data protection obligations is what is your data protection role. Your role will dictate your responsibility for data protection compliance. Data Controller The data controller determines the purposes and means of processing personal information. They decide what to collect, how it will be used, how long it will be stored, [...]

Read More
19 08, 2024

Data Breaches and GDPR: What You Need to Know

Data Breaches and GDPR: What You Need to Know Data breaches are a nightmare for any organisation, but under GDPR, they can become even more challenging. This post will explain what a data breach is, your obligations under GDPR, and best practices for prevention and response to safeguard your business. What is a Data Breach? Under GDPR, a data breach is defined as a security incident leading to the accidental or unlawful destruction, loss, [...]

Read More
5 08, 2024

Data Sharing Agreements

Data Sharing Agreements: Enabling Collaboration While Protecting Information Data sharing agreements are essential tools when organisations want to share personal information. A Data Sharing Agreement is a legal contract that sets out the responsibilities of the partners involved in the data sharing. The terms set out how data can be accessed, used, protected and retained when shared between parties. Whether you're a business partnering with vendors, a researcher collaborating across clients, or a membership [...]

Read More
15 07, 2024

Where Is Your Data and Why it is important to know where it’s held

Businesses run on data and the insights that data can provide. Personal and business data is constantly being created, shared, and stored. But do you really know where all that valuable information is held in your business systems? Understanding the location of your data is crucial for security, privacy, regulatory compliance, and effective data management. Why Data Location Matters 1. Security: Knowing where your data is stored helps you assess vulnerabilities and implement appropriate [...]

Read More
8 07, 2024

The importance of Business Continuity

The Importance of Business Continuity In today’s business environment, ensuring the resilience of your organisation during unforeseen events is paramount. This blog post covers the critical relationship between business continuity and GDPR compliance, emphasising the necessity of a robust business continuity plan (BCP) to safeguard data and meet regulatory requirements. Defining Business Continuity Business continuity refers to an organisation’s ability to maintain essential functions during and after a disruptive incident. This could involve natural [...]

Read More
1 07, 2024

What is Privacy by design?

Privacy by Design: Building Data Protection into the Core of Your Products In a world which is dominated by digital communications, privacy has become a critical concern for users and businesses alike. Privacy by Design (PbD) offers a proactive approach to addressing these concerns by embedding privacy protections into the very foundation of products and services. What is Privacy by Design? Privacy by Design is a framework developed by Dr. Ann Cavoukian in the [...]

Read More
24 06, 2024

GDPR Compliance: A Key to Unlocking Contracts with Larger Businesses

We work with a lot of small businesses who have recognised the opportunity that securing contracts with larger companies offers. However, in today's data privacy world, there's a crucial factor you can't afford to overlook: GDPR compliance. Why GDPR Matters for Your Small Business The General Data Protection Regulation (GDPR) isn't just for tech giants or multinational corporations. It affects any business that handles personal data of EU citizens, regardless of size or location. [...]

Read More
17 06, 2024

How Often Should You Review Your Privacy Policy for GDPR?

How Often Should You Review Your Privacy Policy for GDPR? If you operate a business that collects or processes personal data from individuals in the European Union, you need to ensure your practices comply with the General Data Protection Regulation (GDPR). A key part of GDPR compliance is maintaining an up-to-date, comprehensive privacy policy that outlines how you handle user data. But how often should you review and update your privacy policy? The GDPR [...]

Read More
Copyright 2019-2023 | All Rights Reserved | Privacy Policy | Audit & Risk Professionals LLP T/A GDPR Advisors Uk | Registered in England and Wales (company number OC393687) Registered Address: Masefield Avenue, Borehamwood, HERTS., WD6 2HQ
FacebookInstagramLinkedIn
Go to Top