Accountability Tracker

As your Article 27 Representative we will always help if you receive a SAR, RTE, or other data protection complaint. It is always best to avoid these all together but most companies will receive GDPR requests at some point.  Disgruntled ex-employees, annoyed customers, malicious compensation-scammers are common sources of SARs and unfortunately these can result […]

Read More…

How to handle a Subject Access Request

We have said this previously but we are still seeing a huge number of Subject Access Requests [SARs]. A SAR is a request made by or on behalf of the data subjects which grants the right to obtain a copy of all the personal data that an organization has collected about them. These are pretty […]

Read More…

Right to Erasure and how to handle it

Summary: The Right to Be Forgotten is one of the fundamental rights defined in GDPR.  Also known as a Right to Erasure this principle defined in Article 17. It is vital that companies recognize these requests and understand how to deal with them. Most importantly the Right to Erasure is not an absolute right and […]

Read More…

ICO Video Surveillance guidance

The steady growth of the use of video surveillance systems across public and private sectors, has led to both fixed and mobile cameras becoming more accepted in society. As video surveillance technology becomes more mainstream and affordable, it is now more common to see technologies such as smart doorbells and wireless cameras. Traditional closed circuit […]

Read More…

Everything you need to know about a Data Processing Agreement

What is a DPA? A data processing agreement (DPA) is a legally binding document to be entered into between the controller and the processor in writing or in electronic form. It regulates the particularities of data processing – such as its scope and purpose – as well as the relationship between the controller and the […]

Read More…

Pseudonymization and Anonymization of personal data

One thing that is heavily emphasised in GDPR is the importance of Privacy by Design. Mechanisms to protect personal integrity should be built into IT systems and services. One of the core principles is data minimization. This means that all products and services should be designed so that as little personal data as possible is […]

Read More…

How does GDPR Affect Clinical Trials?

How GDPR impacts the clinical trials industry? The increasing use of the internet, electronic records, and the advancement of clinical trial technologies enabling the collection and use of data, has no doubt played a big part in creation of the GDPR. Big data is becoming increasingly important in clinical research, which also poses new challenges […]

Read More…

Existing customers: the ‘soft opt-in’

Although organizations can generally only send marketing texts or emails with specific consent, there is an exception to this rule for existing customers, known as the ‘soft opt-in’. This means organizations can send marketing texts or emails if:  · they have obtained the contact details during a sale (or negotiations for a sale) of a […]

Read More…