2 02, 2020

Disposing of old equipment – How are you doing?

Disposing of old office equipment is always a challenge to ensure that it is properly "clean" before disposal. How do you do it? When you think of all the office equipment which might have business or personal information on it, there's a lot. Computers, laptops, servers, printers, mobile phones, memory drives etc. It's not just the electronic equipment either. There's also the need to ensure office furniture such a desks, filing cabinets etc are [...]

Read More
27 01, 2020

Easy ways to GDPR compliance

I'm often asked what I like about data protection. Well, I love the fact that it is not always black and white. Anyone who knows me, knows that I usually start a response with "it depends". It depends how you collect the information, what you want to use it for, who you are sharing it with etc. But understanding data protection legislation is not the real challenge with achieving compliance. The biggest challenge is [...]

Read More
20 01, 2020

Should I be registered with the ICO?

Do you need to register with the Information Commissioners Office (ICO)? The ICO is the supervisory body for the UK with regard to data protection matters. Under the old Data Protection Act the ICO had a list of Data Controllers. The need to maintain a list of data Controllers disappeared with GDPR, BUT in order to fund the ICO, a bill was passed which means that the ICO maintains a register of fee payers. [...]

Read More
6 01, 2020

Start Up Small Business Challenges

Lets face it GDPR is not top of a start-up businesses initial concerns. It comes a bit down the list of priorities after marketing, getting clients, making a profit and potentially having the right insurance in place. GDPR is a challenge for any small business. There is not usually the knowledge or expertise to understand the requirements. Sometimes there is not even the drive to understand what needs to be in place. It's all [...]

Read More
25 11, 2019

What is considered Processing under GDPR?

What is considered processing under GDPR? It's a question we get asked a lot. Mainly as a result of our work with clients and their data processors. The definition of processing is covered by Article 4 paragraph 2 of GDPR and states: "‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, [...]

Read More
17 11, 2019

Collecting Special Category Data – do you know what to do?

If you are collecting special category information under GDPR, do you know what to do? There have been incidences recently where an organisation has been collecting GDPR special category information. That is, information about: health ethnicity sex life or sexual orientation trade union membership biometric data when used to identify you political opinions and religious or philosophical beliefs. To be able to collect this information you need to have a second condition in place. [...]

Read More
10 11, 2019

Email data breaches – Easily avoided

It's happened again. One of the most common data breaches and one which is easily avoided has happened to West Berkshire Council. So what happened? Someone sent an email to 1,107 people about a leisure centre survey and didn't hide the email addresses. As a result, everyone getting the email could see who else it had been sent to. It's really disappointing when these types of data breaches occur as they could so easily [...]

Read More
3 11, 2019

Training doesn’t have to be boring

We do a lot of training sessions for companies. As well as running webinar training for individuals so that they can stay up to date with the requirements and legislation.  The training we run for companies is completely bespoke. We don't just provide a PowerPoint presentation. We all know that a PowerPoint presentation is the basis of most training sessions but people learn in different ways.  If you want everyone to understand what you [...]

Read More
14 10, 2019

Is your contractor being evasive?

Does it ring alarm bells with you when a contractor is unable to provide you with basic information about their data protection practices? A company that is working on your behalf but unable to tell you how they use the personal information you provide. It does with me. Even more so if they have no idea what I am talking about when I request a data protection policy. Recently one of my clients was [...]

Read More
2 10, 2019

Who can be your Data Protection Officer?

Once you know whether your organisation needs a Data Protection Officer (DPO), you then need to decide who can undertake the role. If you are not sure if you need a DPO, then read my blog post here to find out. Companies often ask us who is the best person to be the DPO? This comes down to who can match the requirements set out in GDPR. Under GDPR you should appoint a DPO [...]

Read More
2 10, 2019

Do I need a Data Protection Officer?

Since GDPR came into force, there is now an legal definition for a Data Protection Officer (DPO). Some organisations are required to have a DPO because of their size or the personal information that they are processing, whereas other do not need one. Under GDPR you must appoint a DPO if you are a public authority or body (except for courts acting in their judicial capacity); your core activities require large scale, regular and [...]

Read More
10 09, 2019

GDPR Privacy Policies

We've been helping businesses get their privacy policies in place over the last couple of weeks. It's been a surprise to find so many businesses not having a basis privacy policy in place on their website. We write bespoke privacy policies. We also selling a template privacy policy which you can adapt for your use. There is no excuse for having a privacy policy which doesn't meet the requirements. So what should a privacy [...]

Read More
8 09, 2019

Lets talk data……… first steps

Now I am not one of the GDPR advisors that uses the formal language. I don't use the word data, I say personal information as so many people struggle to understand what data really means. I spend quite a lot of time talking with other data protection professionals and I always find it daunting when they start talking article this, data that. Not because I don't know what they are talking about but it [...]

Read More
19 08, 2019

Subject Access Requests – Verifying the Identity of the Requestor

There has been a recent news story about a man making subject access requests in the name of his girlfriend (with her knowledge) to see how much information he could obtain. On the basis of his research 1 in four companies gave him information on the basis of the information he had provided. This comes down to poor verification processes in place at the organisations before they give the information out. So here are [...]

Read More
5 08, 2019

Subject Access Requests – Do you know your obligations?

Another week, another data subject access request or SAR. We were contacted this week by an individual who wanted to know if an organisation had complied with their obligations. That's a bit unusual as its usually organisations contacting us. On this occasion this individual had asked for their parents care records from a care agency. The information had been provided but there was no explanation about the content. Care agencies are likely to receive [...]

Read More
23 07, 2019

IT companies – Do you know how to help your clients be GDPR compliant?

IT support companies are the key to being able to access business information in a timely manner. Most small businesses outsource their IT support to another small IT Support Business. This can be a challenge when neither business knows how they should be complying with GDPR. Whenever I am working with a business on their GDPR compliance, the sticking point is always with the IT support company. Generally, the IT support company's terms and [...]

Read More
18 07, 2019

Website Privacy Policy

When I interact with a website, I always look at the privacy policy, a bit sad, I know but it tells me a lot about a business and their attitude to privacy. A privacy policy should include certain information to meet the requirements of data protection. My daughter recently wanted to buy some clothing from a large retailer. Their privacy policy was poor and had not been updated as a result of GDPR which [...]

Read More
24 05, 2019

GDPR – One year on – Celebrating or Still on the To Do list?

On the 25th May 2018, GDPR became enforceable. It's been an interesting year. From what you can see around you and the way companies are behaving, some are still not aware of their GDPR obligations (let's put it that way). So far none of the big fines that everyone has been worried about have come to fruition. The different supervisory bodies across the EU are making their interpretations of the legislation known. Things are [...]

Read More
16 05, 2019

Call Recording – Are you transparent about it?

My son has been looking for some specialist insurance recently which has meant a lot of phone calls from various brokers. The really interesting thing is that none of these brokers disclosed that they were recording the calls at the start of the conversation. Only when my son asked if they were recording the calls, did they say that they were. Not a lot of transparency there. One of the brokers directed him to [...]

Read More
4 03, 2019

Can the ICO get in touch with you?

Can the ICO get in touch with you? What happens if they use the email address on your website? Sometimes the ICO may wish to contact you. This may be if they have received a complaint from another person or organisation. Their first stop will be your website and they will probably use the email address shown there to send you an email. So what happens when you are not monitoring that email address? [...]

Read More
Copyright 2019-2023 | All Rights Reserved | Privacy Policy | Audit & Risk Professionals LLP T/A GDPR Advisors Uk | Registered in England and Wales (company number OC393687) Registered Address: Masefield Avenue, Borehamwood, HERTS., WD6 2HQ
FacebookInstagramLinkedIn
Go to Top