Principle (c): Data minimisation

What is the data minimisation principle? Article 5(1)(c) says: “1. Personal data shall be: (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)” So you should identify the minimum amount of personal data you need to fulfil your purpose. You should hold that […]

Read More…

Dealing with Children’s Data

According to the GDPR, children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerns and their rights in relation to the processing of personal data. Definition under the GDPR Any information given to, or provided in communication with, a child must be […]

Read More…

EU Commission’s approval of the UK’s adequacy

The EU Commission has announced on 28.06.2021 that adequacy decisions for the UK have been approved. This means the EU has determined the UK’s data protection laws to be robust enough to ensure data can safely flow to the UK from the EU (and EEA). Approved adequacy means that businesses can continue to receive data […]

Read More…

EU Releases New Standard Contractual Clauses for Cross-Border Data Transfers

The European Commission published two sets of new standard contractual clauses (SCCs) governing cross-border data transfers and data exchanges between controllers and processors (i.e., service providers), marking the first updates to SCCs in more than a decade. The long-awaited new SCCs reflect evolved data protection laws such as the General Data Protection Regulation (GDPR), as […]

Read More…

The GDPR: Understanding the 6 data protection principles

The GDPR (General Data Protection Regulation) outlines six data protection principles that summarise its many requirements. These are an essential resources for those trying to understanding how to achieve compliance. Indeed, small organisations, which often lack the resources to appoint data protection experts to guide them through compliance, may find them particularly useful. We take a look […]

Read More…

Legitimate interests at a glance

What is the ‘legitimate interests’ basis? Article 6(1)(f) gives you a lawful basis for processing where: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require […]

Read More…

What Does GDPR Mean For Companies Based Outside The EU?

The implications for companies based outside the EU are exactly the same as those for EU countries, if they process personal data from the EU. That’s because GDPR applies to the personal data of people based in the EU. If you want to process it, e.g. to sell to customers in the EU, you have […]

Read More…

What is a DPIA(Data Protection Impact Assesment) and why are DPIA’s important?

What is a DPIA? A DPIA is a process designed to help you systematically analyse, identify and minimise the data protection risks of a project or plan. It is a key part of your accountability obligations under the GDPR, and when done properly helps you assess and demonstrate how you comply with all of your data […]

Read More…

GDPR is Three Years Old!

With all that’s changed in the world, the arrival of the third anniversary of the General Data Protection regulation may seem trivial, even irrelevant. But dismissing it would be a mistake. This is actually an opportune moment to take stock of what effect it’s had on data protection and whether your organization has managed to […]

Read More…