18 04, 2022

Are your suppliers protecting your business information?

We find clients don't often think about supplier risk. Currently we're working with a company to implement ISO27001 and as part of that process, we are checking their suppliers for information security standards and GDPR etc. As part of checking suppliers for compliance, we needed a list of the suppliers and this particular company have outsourced their finance function to an accountancy firm. We asked the accountants to provide a list of the suppliers [...]

Read More
12 01, 2021

Data Subject Access Requests (DSAR)

We’ve had a flurry of requests for support for subject access requests in the last few weeks. This is  because of the redundancies being made by organisations and changing job market. Don’t think that only large organisations get Subject Access Requests, we have recently helped an organisation with only one employee to respond to a Subject Access Request. The most recent ones have been slightly larger organisations and there has been a common theme [...]

Read More
27 01, 2020

Easy ways to GDPR compliance

I'm often asked what I like about data protection. Well, I love the fact that it is not always black and white. Anyone who knows me, knows that I usually start a response with "it depends". It depends how you collect the information, what you want to use it for, who you are sharing it with etc. But understanding data protection legislation is not the real challenge with achieving compliance. The biggest challenge is [...]

Read More
20 01, 2020

Should I be registered with the ICO?

Do you need to register with the Information Commissioners Office (ICO)? The ICO is the supervisory body for the UK with regard to data protection matters. Under the old Data Protection Act the ICO had a list of Data Controllers. The need to maintain a list of data Controllers disappeared with GDPR, BUT in order to fund the ICO, a bill was passed which means that the ICO maintains a register of fee payers. [...]

Read More
25 11, 2019

What is considered Processing under GDPR?

What is considered processing under GDPR? It's a question we get asked a lot. Mainly as a result of our work with clients and their data processors. The definition of processing is covered by Article 4 paragraph 2 of GDPR and states: "‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, [...]

Read More
10 11, 2019

Email data breaches – Easily avoided

It's happened again. One of the most common data breaches and one which is easily avoided has happened to West Berkshire Council. So what happened? Someone sent an email to 1,107 people about a leisure centre survey and didn't hide the email addresses. As a result, everyone getting the email could see who else it had been sent to. It's really disappointing when these types of data breaches occur as they could so easily [...]

Read More
14 10, 2019

Is your contractor being evasive?

Does it ring alarm bells with you when a contractor is unable to provide you with basic information about their data protection practices? A company that is working on your behalf but unable to tell you how they use the personal information you provide. It does with me. Even more so if they have no idea what I am talking about when I request a data protection policy. Recently one of my clients was [...]

Read More
8 02, 2019

GDPR Compliant Downloads – How not to do it

Large companies continue to get it wrong. There's been a Facebook ad appearing in my feed recently. It is for a GDPR checklist. So despite not needing a checklist, today I followed the link. The page asks for your email address, first name, last name and telephone number before you can download the checklist. You shouldn't have to provide all that information for a free download, its part of the data minimisation principle of [...]

Read More
19 11, 2017

Think you won’t get caught if you don’t comply with GDPR, think again..

I'm going to let you into a little secret. I can go to your website and just by looking at it, I can tell whether you comply with GDPR. It's not magic or clever. Once you know what GDPR requires of a business, anyone with that knowledge can go to a website and see if a business complies. Looking at a privacy notice will tell you whether they are meeting the latest requirements about [...]

Read More
8 10, 2017

What is GDPR?

This is a question which I frequently hear and often extending it to its full name of the General Data Protection Regulation doesn't prove any more enlightening to the person asking the question. GDPR is the regulation agreed by the European Community as the standard that should be in place across the EU when handling a persons information. It's the replacement for the European directive that became the Data Protection Act. Simply put, GDPR [...]

Read More
15 09, 2017

Put on Your Dancing Shoes…… Or how not to run a mailing list.

Roll Back time to March 2016. I had been receiving emails about dance classes for the last few months. I don't remember signing up for them and anyone who knows me will testify to the fact that I have no sense of rhythm at all. I'm never going to be a dancer. Anyway, somehow I had been added to this mailing list for salsa dance classes. I started receiving emails about January and on [...]

Read More
Copyright 2019-2023 | All Rights Reserved | Privacy Policy | Audit & Risk Professionals LLP T/A GDPR Advisors Uk | Registered in England and Wales (company number OC393687) Registered Address: Masefield Avenue, Borehamwood, HERTS., WD6 2HQ
FacebookInstagramLinkedIn
Go to Top