What is a GDPR data processing agreement?

Virtually every business relies on third parties to process personal data. Whether it’s an email client, a cloud storage service, or website analytics software, you must have a data processing agreement with each of these services to achieve GDPR compliance. What needs to be in a data processing agreement GDPR Article 28 Section 3, explains […]

Read More…

ICO Code of Practice to protect children’s privacy online

“There are laws to protect children in the real world. We need our laws to protect children in the digital world too.” – UK Information Commissioner Information Commissioner’s Office in January has published a set of 15 standards that online services should meet to protect children’s privacy. The code sets out the standards expected of […]

Read More…

Changes in the Data protection after UK has left the EU .

Following the UK’s departure from the European Union, these are the latest updates on how this affects GDPR and the sensitive issue of data protection. Overview of the current situation: The General Data Protection Regulation (GDPR) has been retained in UK law and will continue to be read alongside the Data Protection Act 2018, but […]

Read More…

How to avoid fines …

Yesterday we have mentioned what are the biggest fines issued by the ICO. The fines show that the GDPR (General Data Protection Regulation), has given enforcers like the UK’s ICO (Information Commissioner’s Office), some serious teeth. With these fines in mind, it’s a good time to make sure you’ve minimized your risk of being next […]

Read More…

Biggest fines in 2020/2021

According to research from DLA Piper, between January 26, 2020, and January 27, 2021: GDPR fines rose by nearly 40% Penalties under the GDPR totaled €158.5 million ($191.5 million) Data protection authorities recorded 121,165 data breach notifications (19% more than the previous 12-month period) The UK’s Data Protection Authority, the Information Commissioner’s Office (ICO), recently […]

Read More…

EU/UK representative services

Article 27: Article 27 of the GDPR includes the requirement for companies that provide goods and services to EU citizens should provide an EU based Representative so that data subjects and Regulators can easily contact companies to raise data protection issues or concerns. Now that the UK has left the EU the situation becomes slightly […]

Read More…

How do you document your processing activities?

How should you prepare? A good way to start is by doing an information audit or data-mapping exercise to clarify what personal data your organisation holds and where. It is important that people across your organisation are engaged in the process; this can help ensure nothing is missed when mapping the data your organisation processes. […]

Read More…

Do you know how to recognize a SAR?

As per the GDPR Regulative there are certain rights that data subjects can obtain. One of the rights is the Right to Access . The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to […]

Read More…

All that you need to know about lawful basis for processing data

The lawful bases for processing are set out in Article 6 of the UK GDPR. At least one of these must apply whenever you process personal data: Consent: the individual has given clear consent for you to process their personal data for a specific purpose. Contract: the processing is necessary for a contract you have with the […]

Read More…

ICO POST: Data sharing code

Very beneficial blog has been shared by Ali Shah, Head of Technology Policy Blog:Building on the data sharing code: our plans for updating our anonymisation guidance. Data is the lifeblood of the digital economy, and the sharing of personal data is key to opening up new opportunities. Data shared in healthcare environments can map out […]

Read More…