Principle (c): Data minimisation

What is the data minimisation principle? Article 5(1)(c) says: “1. Personal data shall be: (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)” So you should identify the minimum amount of personal data you need to fulfil your purpose. You should hold that […]

Read More…

What is a GDPR data processing agreement?

Virtually every business relies on third parties to process personal data. Whether it’s an email client, a cloud storage service, or website analytics software, you must have a data processing agreement with each of these services to achieve GDPR compliance. What needs to be in a data processing agreement GDPR Article 28 Section 3, explains […]

Read More…

Do you know how to recognize a SAR?

As per the GDPR Regulative there are certain rights that data subjects can obtain. One of the rights is the Right to Access . The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to […]

Read More…

ICO POST: Data sharing code

Very beneficial blog has been shared by Ali Shah, Head of Technology Policy Blog:Building on the data sharing code: our plans for updating our anonymisation guidance. Data is the lifeblood of the digital economy, and the sharing of personal data is key to opening up new opportunities. Data shared in healthcare environments can map out […]

Read More…

5 Facts about Data Protection  

Data protection is one of the most important topics of discussion in this expanding digital world . A lot of people and companies are not aware of what this means, and they would need to gain additional knowledge in order to understand the true meaning of this . Here are some facts about Data privacy […]

Read More…

Are you aware of holding sensitive data ?

Sensitive data is information that must be protected against unauthorized access. Access to sensitive data should be limited through sufficient data security and information security practices designed to prevent unauthorized disclosure and data breaches. Your organization may have to protect sensitive data for ethical or legal requirements, personal privacy, regulatory reasons, trade secrets and other […]

Read More…

Can I collect data about whether my employees are vaccinated against COVID-19?

Before you decide to collect your employees vaccination status, you should be clear about what you are trying to achieve and how recording staff vaccination status will help you to achieve this. Whether your employee has been vaccinated is their private health information and is therefore special category data. Your use of this data must […]

Read More…

Be GDPR compliant while working from home 

As we all know,  Covid 19 had a huge impact on many businesses last year, and it is still here this year, a lot of the employees are now working from home. Plenty of companies are planning to continue this, even after the pandemic finishes, so there are certain situations/risks  where you need to take care […]

Read More…

Are you sharing data outside of the EU ? Read this

eu representative

The rules relating to sharing data with any company outside the EU  have recently changed and the previously accepted standard contract clauses are no longer considered adequate. If you share data with any company outside the EU,  you need to ensure that you have completed a risk assessment as well as checking that your contract […]

Read More…