GDPR Local: Supplier Evaluation

How Do You Know Your Suppliers Are GDPR Compliant? We explain why you should make GDPR evaluation a crucial part of your supplier onboarding. You’re working with a new supplier. Or, perhaps, you’re simply reviewing an existing relationship. The service level agreement is in place. They’ve signed the non-disclosure agreement. If your suppliers process personal […]

Read More… from GDPR Local: Supplier Evaluation

Do Third Parties Process Your Data? Why You Need a DPA & SCC

If a third party processes data on your behalf, you’ll need a Data Processing Agreement in place to protect your customers and your business – and you could be fined if you don’t get one. Our GDPR Local Experts can explain you why. You run an organisation that wields a lot of data. Sometimes you […]

Read More… from Do Third Parties Process Your Data? Why You Need a DPA & SCC

GDPR Local

Data Breaches GDPR: I Didn’t Know We Could Be Fined For That? You may know that companies can be fined for GDPR violations. Since 2018, more than 1,100 organisations have been. But did you know that private citizens can also risk penalties for data privacy violations? Here, data protection specialist Zlatko Delev, shares his knowledge […]

Read More… from GDPR Local

GDPR Local

Consultancy Panel Data Protection Consultant? Join The GDPR Local Panel UK GDPR representative? EU rep? SOC2 guru? Wherever you are in the world, if you know data protection inside out, GDPR Local’s Zlatko Delev has an invitation for you. When you look cross-industry, data protection is a spectrum. At one end are the organisations who […]

Read More… from GDPR Local

GDPR Local

Consultancy Panel GDPR Advice? Ask Our Experts For one-off questions or ongoing, on-tap expertise, it’s good to have a GDPR Local data protection consultant on your side. Data protection specialist Zlatko Delev explains why. Let’s suppose that you run a growing tech services company in the US and you’re about to ramp up marketing activity […]

Read More… from GDPR Local

Is buying data legal and GDPR compliant?

This is a complicated question, but in short, using bought data is legal and in line with GDPR (General Data Protection Regulations). HOWEVER, this is only the case if it has been purchased in the right way, from the right source. GDPR states that, to contact an individual, you need explicit consent from them. Most […]

Read More… from Is buying data legal and GDPR compliant?

Special category data

Special category data is personal data that needs more protection because it is sensitive.In order to lawfully process special category data, you must identify both a lawful basis under Article 6 of the UK GDPR and a separate condition for processing under Article 9. These do not have to be linked.You need to complete a data […]

Read More… from Special category data

Principle (c): Data minimisation

What is the data minimisation principle? Article 5(1)(c) says: “1. Personal data shall be: (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)” So you should identify the minimum amount of personal data you need to fulfil your purpose. You should hold that […]

Read More… from Principle (c): Data minimisation

Data sharing: a code of practice

The UK Government has laid the Data Sharing Code of Practice before Parliament on 18 May 2021. It will lay before Parliament for 40 sitting days before coming into force. In 2011 the ICO published its first Data Sharing Code; in the intervening period the type and amount of data collected by organisations has changed […]

Read More… from Data sharing: a code of practice

What is a GDPR data processing agreement?

Virtually every business relies on third parties to process personal data. Whether it’s an email client, a cloud storage service, or website analytics software, you must have a data processing agreement with each of these services to achieve GDPR compliance. What needs to be in a data processing agreement GDPR Article 28 Section 3, explains […]

Read More… from What is a GDPR data processing agreement?