“Assessing the compliance of firms with Consumer Duty obligations.” Consumer Duty assessment and monitoring has been a key focus for the FCA since it came into force last year. The regulator has been completing monitoring waves across a range of sectors to assess compliance with the Consumer Duty rules. The second wave of monitoring sampled […]
YES! Organisations should be reading the Recitals alongside the Articles to ensure complete compliance with the Regulations. The Recitals provide a mixture of additional information and supporting context, therefore supplementing the Articles. The information provided in the GDPR Recitals serve to make them more relatable to businesses and provide essential information for effectively implementing the […]
GDPR Information to be Provided GDPR Art. 13 & 14 specify what information needs to be provided to individuals when their personal data is being processed. The former Article refers to data collected directly from the subject and should be provided in a Privacy Notice. The Regulation is very specific in the information provision requirements, […]
Know Your Compliance Limited are market leaders in GDPR policy and template development. We have been writing and selling data protection policies and procedures for more than 10 years and supply thousands of customers from hundreds of industries. Our exclusive GDPR Self Assessment Checklist is an Excel based tool that enables a business to assess […]
What is an Important Business Service? An important business service is one that if disrupted, could cause potential harm to consumers and/or pose a risk to the stability and integrity of the financial market or system. Completing an Important Business Services Assessment is mandatory for many regulated firms. The identification and documentation of such services […]
The use of CCTV surveillance “CCTV” requires the user to have certain measures and controls in place. Measures can range from signposting that makes the public aware CCTV is being used; through to having a compliant CCTV policy and checklist. The data obtained through the use of CCTV falls under the data protection legislation. This […]
Initially published in 2017 ahead of the General Data Protection Regulation (GDPR) enforcement, this article has been updated for those new to the UK GDPR. Understand some of the GDPR Conditions & Rights that apply under the UK’s data protection Regulation and see how to comply with your obligations. Lawfulness of Processing Conditions The onus […]
What does ‘data minimisation’ mean? Simply put, data minimisation is the process of limiting the collection and retention of personal data to what is absolutely necessary. The purpose for processing personal data should be identifed by the data controller. The information collected should be adequate to fulfil that purpose, directly relevant and limited to what […]
The Privacy and Electronic Communications Regulations (PECR) are overseen by the Information Commisioner’s Office (ICO). They work alongside the current UK GDPR and the Data Protection Act 2018 (including subsequent amendments). The PECR sets out specific privacy rights on electronic communications. These include the cookie law, direct marketing by electonic means and online traffic and […]
What is Operational Resilience? Operational resilience framework and templates can help a business to continue trading in the event of one or more operational or business incidents. Operational resilience is a company’s ability to identify, control, mitigate and manage operational disruptions. All businesses should have an operational resilience framework that identifies potential vulnerabilities and the […]