SM&CR Templates

The FCA are now bringing in their Senior Managers and Certification Regime (SM&CR) for solo-regulated firms (those regulated by the FCA only), which will apply from 9th December 2019. This regime will replace those already regulated under the Approved Persons Regime and already applies to UK banks, building societies, credit unions and the largest investment […]

GDPR Appropriate Technical and Organisational Measures

The GDPR refers to having the ‘appropriate technical and organisational measures’ in place 89 times, stressing the importance the Regulation places on such measures. However, when it comes to defining exactly what these measures are, the Regulation is not quite as generous! The GDPR references these measures in areas such as: – “a controller shall […]

How to Write a GDPR Data Protection Policy

This article offers guidance on How to Write a GDPR Data Protection Policy based on the General Data Protection Regulation (GDPR) including numerous documentation requirements for those obligated under the Regulation. Measures and controls that demonstrate compliance will need to be recorded; with some being included in an organisation’s data protection policies and procedures. What […]

How to Carry Out a Legitimate Interests Assessment (LIA)

What is Legitimate Interests? This article looks at how to carry out a Legitimate Interests Assessment (LIA) and gives guidance on the suggested stages. Legitimate Interests is one of the legal basis for processing personal data under the GDPR. Article 6(1)f of the Regulation states: – “Processing is necessary for the purposes of the legitimate […]

GDPR Documentation Requirements

Whether you are starting from scratch, revising existing data protection policies or use templates from a professional provider; documenting your GDPR measures and controls is a labour-intensive task. While the Regulation and ICO guidance provide sufficient information on what you are expected to document, it can still be overwhelming sifting through the information, identifying mandatory […]