The first question we need to answer is: What is a document management system (DMS)? Simply, it is a means of receiving, tracking, managing, and storing documents that is line with your data protection and privacy policies. A query we get quite often at CSRB is, does UK GDPR apply to hard copy documents? The […]
Does your organisation have a UK GDPR compliant Document Management system in place? Read More »
A data protection audit determines whether the policies and procedures implemented to regulate data privacy and the use of data are working as planned. An audit will typically assess the organisation’s procedures, systems, records, and activities. Using data protection audits to just tick a box on a compliance sheet misses the opportunity to add value
Data Protection Audits – More than a state of the nation report Read More »
Earlier in this series of blogs we looked at the value that the Data Protection Officer (DPO) can bring to your organisation. We looked then at the core responsibilities of the DPO. However, there are some aspects of Articles 37-39 of the UK GDPR, the ones that describe the function of a DPO, that make
Why appoint an outsourced Data Protection Officer (DPO)? Read More »
Direct marketing consists of any marketing that relies on direct communication with individuals (data subjects). You are most likely on the receiving end of direct marketing within your business and personal life most days of the week. There is more than a little confusion about what is acceptable under the law, or indeed which regulations
Data Protection and Direct Marketing Read More »
UK GDPR Article 5 sets out seven key principles which lie at the heart of all personal data processing. There are two paragraphs that stand out, the first maps out the data processing principles, and the second focuses on accountability. It states: ‘The [data] controller shall be responsible for, and be able to demonstrate compliance
UK GDPR – The seven principles of data processing Read More »
One of the seven data processing principles of the UK GDPR is ‘accountability’. You must be able to demonstrate, to both external and internal data subjects, your adherence and compliance to UK data protection legislation. The UK GDPR states that: ‘You need to put in place appropriate technical and organisational measures to meet the requirements
Do you have a data protection training plan? Read More »
Have you had a letter from the ICO about the data protection fee? Have you carried out a self-assessment to see if you should be paying the fee? Read our latest blog to learn more about an area of data protection that can come as a surprise to business owners. The Information Commissioners Office (ICO)
Do we need to pay the ICO Data Protection Fee? Read More »
Your organisation’s Privacy Notice is more than just part of your website, it is the public aspect of your data protection compliance. Learn more about this vital document here. In earlier pieces we have looked at the rights of those whose personal data you hold to be informed about how their data is collected and
Privacy Notice – This is for our website, I think? Read More »
In one of our earlier blogs, we looked at the roles of the Data Controller and Data Processor. As a brief reminder the data controller legally owns the personal data, decides how personal data can be used and how it is stored, while the data processor acts on behalf of the data controller. The processor
Data Processing Agreements (DPAs) – More than a UK GDPR guarantee Read More »
Carrying out regular data protection audits is crucial to ensuring your compliance with the UK General Data Protection Regulation (UK GDPR). A data protection audit measures how well an organisation is complying with their obligations under UK GDPR, identifying data protection risks and promoting best practice within the business. As a way of establishing accountability
The Data Protection Audit – Our state of the nation Read More »
