UK GDPR Article 5 sets out seven key principles which lie at the heart of all personal data processing. There are two paragraphs that stand out, the first maps out the data processing principles, and the second focuses on accountability. It states: ‘The [data] controller shall be responsible for, and be able to demonstrate compliance […]
UK GDPR – The seven principles of data processing Read More »
One of the seven data processing principles of the UK GDPR is ‘accountability’. You must be able to demonstrate, to both external and internal data subjects, your adherence and compliance to UK data protection legislation. The UK GDPR states that: ‘You need to put in place appropriate technical and organisational measures to meet the requirements
Do you have a data protection training plan? Read More »
Have you had a letter from the ICO about the data protection fee? Have you carried out a self-assessment to see if you should be paying the fee? Read our latest blog to learn more about an area of data protection that can come as a surprise to business owners. The Information Commissioners Office (ICO)
Do we need to pay the ICO Data Protection Fee? Read More »
Your organisation’s Privacy Notice is more than just part of your website, it is the public aspect of your data protection compliance. Learn more about this vital document here. In earlier pieces we have looked at the rights of those whose personal data you hold to be informed about how their data is collected and
Privacy Notice – This is for our website, I think? Read More »
In one of our earlier blogs, we looked at the roles of the Data Controller and Data Processor. As a brief reminder the data controller legally owns the personal data, decides how personal data can be used and how it is stored, while the data processor acts on behalf of the data controller. The processor
Data Processing Agreements (DPAs) – More than a UK GDPR guarantee Read More »
Carrying out regular data protection audits is crucial to ensuring your compliance with the UK General Data Protection Regulation (UK GDPR). A data protection audit measures how well an organisation is complying with their obligations under UK GDPR, identifying data protection risks and promoting best practice within the business. As a way of establishing accountability
The Data Protection Audit – Our state of the nation Read More »
Individuals have the right to be informed about the how their personal data is collected and used. If businesses and organisations are transparent about how they manage personal data, then individuals retain control over how and when their personal information is used. Articles 13 and 14 of the UK GDPR specify the types of information
Data Protection – The right to be informed Read More »
The world of data protection can be as full of jargon as any other. Businesses usually fall into one of two categories – Data Controllers and Data Processors. This may sound complex but in fact your responsibilities are quite clear whichever one you fall under. Article 30 of the UK GDPR requires companies to produce
Data Protection – What are our responsibilities? Read More »
What is a Data Protection Officer (DPO)? Their primary role is to ensure that an organisation processes the personal data of its staff, customers, providers, or any other individuals “in compliance with the applicable data protection legislation”. Do we need a Data Protection Officer (DPO)? One of the questions CSRB is often asked is “Do
The value of the Data Protection Officer Read More »
