Personal Data Protection

In our blogs we make clear the need for all businesses to consider how they manage personal data within their organisations. One of the concerns for smaller businesses is that this can become expensive and time consuming. The other concern is, of course, the need to be compliant with the relevant regulations. Balancing these requirements […]

In recent years the use of CCTV, especially in domestic settings, has increased exponentially. There are now around 5.2 million cameras in the UK, but many operators are unaware that there has been a ‘Data Protection Code of Practice for Surveillance Cameras and Personal Information’ in place since the year 2000. In a recent action,

Data protection is a world filled with acronyms.  There are Data Subject Access Requests (DSARs), and you will also hear references to Subject Access Requests (SARS). SAR is the term used in the Data Protection Act (2018). To avoid confusion, in this blog, we will use the DSARs acronym. From the point of view of

The Information Commissioners Office (ICO) defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.”  Organisations may need to report a personal data breach to

Certification regarding personal data protection can often be confusing and a source of conjecture amongst business owners and data protection practitioners. There is currently, as we go to press with this blog, no one all-encompassing GDPR Certificate.  A recent information technology publication from 2021 suggested that: “Organisations simply need to comply with the GDPR (or

In June 2021, the EU published an adequacy decision meaning that they accept that the UK GDPR provides an equivalent level of protection for personal data transfers to that outlined within the EU GDPR.  If you never transfer personal data into or out of the UK, then the provisions for international data transfers will not

The first question we need to answer is: What is a document management system (DMS)?  Simply, it is a means of receiving, tracking, managing, and storing documents that is line with your data protection and privacy policies.  A query we get quite often at CSRB is, does UK GDPR apply to hard copy documents? The

A data protection audit determines whether the policies and procedures implemented to regulate data privacy and the use of data are working as planned. An audit will typically assess the organisation’s procedures, systems, records, and activities.  Using data protection audits to just tick a box on a compliance sheet misses the opportunity to add value

Earlier in this series of blogs we looked at the value that the Data Protection Officer (DPO) can bring to your organisation. We looked then at the core responsibilities of the DPO.  However, there are some aspects of Articles 37-39 of the UK GDPR, the ones that describe the function of a DPO, that make

Direct marketing consists of any marketing that relies on direct communication with individuals (data subjects). You are most likely on the receiving end of direct marketing within your business and personal life most days of the week.  There is more than a little confusion about what is acceptable under the law, or indeed which regulations