Data Protection Reforms in UK

This year in May, the United Kingdom Government announced the intention to introduce a reform bill that will implement extensive changes to the existing domestic data protection framework. If implemented, the proposed changes are expected to contribute towards UK to deviate from the standards that apply in the EU under the General Data Protection Regulation […]

Read More… from Data Protection Reforms in UK

ICO issue fine of £4.4 to Interserve for security failings

On 24 October 2022, the ICO issued a penalty notice (MPN) to Interserve Group Limited (Interserve), imposing a fine of £4.4m for violations of the GDPR (the violations were pre-Brexit). The ICO found that Interserve had failed to put appropriate technical and organizational measures in place to secure personal data (in contravention of Articles 5(1)(f) […]

Read More… from ICO issue fine of £4.4 to Interserve for security failings

President Biden Signs Executive Order to Implement the European Union-U.S. Data Privacy Framework

President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (E.O.) directing the steps that the United States will take to implement the U.S. commitments under the European Union-U.S. Data Privacy Framework (EU-U.S. DPF) announced by President Biden and European Commission President von der Leyen in March of 2022.  The […]

Read More… from President Biden Signs Executive Order to Implement the European Union-U.S. Data Privacy Framework

UK plans how to replace GDPR?

The UK appears to be pushing ahead with plans to reform the country’s data protection regime, potentially foisting more red tape on British businesses. In a speech at the Conservative party conference this week, new digital secretary Michelle Donelan reiterated the government’s intention to move away from the EU’s General Data Protection Regulation (GDPR), while […]

Read More… from UK plans how to replace GDPR?

Digital Age of Consent under the GDPR

GDPR incorporated a separate article that regulates the processing of children’s personal data where children can provide valid consent on their behalf. As per Article 8 of the GDPR, where consent is the most appropriate mechanism to process personal data, ‘in relation to the offer of information society services directly to a child, the processing […]

Read More… from Digital Age of Consent under the GDPR

What is a personal data breach?

Many companies don’t take data privacy protection seriously until a data breach occurs.A data breach is the worst nightmare that can happen to a company.If you’ve ever faced a data breach, you will understand the difficulties that you might face without a robust protection. ICO thoroughly explains what a personal data breach is and how […]

Read More… from What is a personal data breach?

Accountability Tracker

As your Article 27 Representative we will always help if you receive a SAR, RTE, or other data protection complaint. It is always best to avoid these all together but most companies will receive GDPR requests at some point.  Disgruntled ex-employees, annoyed customers, malicious compensation-scammers are common sources of SARs and unfortunately these can result […]

Read More… from Accountability Tracker

How to handle a Subject Access Request

We have said this previously but we are still seeing a huge number of Subject Access Requests [SARs]. A SAR is a request made by or on behalf of the data subjects which grants the right to obtain a copy of all the personal data that an organization has collected about them. These are pretty […]

Read More… from How to handle a Subject Access Request

Right to Erasure and how to handle it

Summary: The Right to Be Forgotten is one of the fundamental rights defined in GDPR.  Also known as a Right to Erasure this principle defined in Article 17. It is vital that companies recognize these requests and understand how to deal with them. Most importantly the Right to Erasure is not an absolute right and […]

Read More… from Right to Erasure and how to handle it

Everything you need to know about a Data Processing Agreement

What is a DPA? A data processing agreement (DPA) is a legally binding document to be entered into between the controller and the processor in writing or in electronic form. It regulates the particularities of data processing – such as its scope and purpose – as well as the relationship between the controller and the […]

Read More… from Everything you need to know about a Data Processing Agreement