What is A Data Protection Impact Assessment (DPIA)? Data Protection Impact Assessments (DPIA) are a requirement of the UK GDPR. The assessment aids in compliance with the data protection requirements and obligations. It’s aim is to help firms identify the risks associated with data processing and those posed to data subjects. Completing a DPIA is […]
GDPR & Data Protection, General Blog Articles, Information Security
Example Information Security Policy Template
01
Nov
Nov
What is Information Security? Given the digital scope of business today, most firms are heavily invested in their Information Security programs and procedures. Ensuring that data, systems and infastructures are safe and secure should be run of the mill and a top priority, regardless of size or sector. Information Security in its broadest sense is […]
Why do you need to know how to write a complaints procedure? Regardless of the industry you work in, having an effective Complaints Procedure is imperative. Firstly, is it an essential part of good customer service. Secondly, it is often a legal or regulatory requirement. Most procedures follow a similar pattern of acknowledgment, timeframe, investigation […]
29
Sep
Sep
PECR Breaches Throughout 2021/22, the Information Commissioner’s Office (ICO) issued over £1,700,000 in fines for breaches of the direct marketing laws. This included extensive PECR breach fines for ‘We Buy Any Car’. The ICO has powers under the Privacy and Electronic Communications Regulations 2003 (PECR) which enables them to take action to change the behaviour […]
Most firms will have an Outsourcing Policy Template that is used to document their objectives and procedures for outsourced services and functions. The term ‘outsourcing’ refers to any business function or service that is provided by, or contracted out to an external provider or supplier.
Common examples of functions that are outsourced or are provided by an external supplier include postal and mailing services; shredding and confidential waste disposal; IT services and disaster recovery; debt collection and translations.
Art. 13 and Art. 14 of the UK GDPR specify what information needs to be provided to individuals when their personal data is being processed. Art. 13 details the requirements where data has been collected directly from the data subject and should be provided in the form of a Privacy Notice.
What is Data Protection Consent? Whether you have new obligations under the UK GDPR or you are reviewing your existing data protection regime, it is essential that you understand how consent works and what your responsibilities are. The UK GDPR tailored by the Data Protection Act 2018 sets a very high standard for consent. This […]