Last month we started looking at the 12 steps which organisations should have taken to prepare for the introduction of GDPR. This is still a very useful approach for determining your compliance status. In the previous blog we looked at the first four steps. Here we will look at steps 5-8: 5. Data subject access […]
Demonstrating compliance with the UK GDPR – the 12 steps – Part 2 Read More »
The ICO says: “Accountability is one of the key principles in data protection law – it makes you responsible for complying with the legislation and says that you must be able to demonstrate your compliance.”
Training and awareness – CSRB launch UK GDPR Refresher Online Course Read More »
Obtaining an understanding of any piece of UK legislation, so that you can ensure compliance within your organisation, is important.
Demonstrating compliance with the UK GDPR – the 12 steps – Part 1 Read More »
In our blogs we make clear the need for all businesses to consider how they manage personal data within their organisations. One of the concerns for smaller businesses is that this can become expensive and time consuming. The other concern is, of course, the need to be compliant with the relevant regulations. Balancing these requirements
UK GDPR Support for Business Owners Read More »
In recent years the use of CCTV, especially in domestic settings, has increased exponentially. There are now around 5.2 million cameras in the UK, but many operators are unaware that there has been a ‘Data Protection Code of Practice for Surveillance Cameras and Personal Information’ in place since the year 2000. In a recent action,
CCTV & your responsibilities Read More »
Data protection is a world filled with acronyms. There are Data Subject Access Requests (DSARs), and you will also hear references to Subject Access Requests (SARS). SAR is the term used in the Data Protection Act (2018). To avoid confusion, in this blog, we will use the DSARs acronym. From the point of view of
Data Subject Access Requests (DSARs) Read More »
The Information Commissioners Office (ICO) defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.” Organisations may need to report a personal data breach to
Common Data Breaches Read More »
Certification regarding personal data protection can often be confusing and a source of conjecture amongst business owners and data protection practitioners. There is currently, as we go to press with this blog, no one all-encompassing GDPR Certificate. A recent information technology publication from 2021 suggested that: “Organisations simply need to comply with the GDPR (or
Do you need a Data Protection Certification? Read More »
In June 2021, the EU published an adequacy decision meaning that they accept that the UK GDPR provides an equivalent level of protection for personal data transfers to that outlined within the EU GDPR. If you never transfer personal data into or out of the UK, then the provisions for international data transfers will not
International Data Transfers Read More »
The first question we need to answer is: What is a document management system (DMS)? Simply, it is a means of receiving, tracking, managing, and storing documents that is line with your data protection and privacy policies. A query we get quite often at CSRB is, does UK GDPR apply to hard copy documents? The
Does your organisation have a UK GDPR compliant Document Management system in place? Read More »