Understanding the GDPR Conditions & Rights

AML banner

Initially published in 2017 ahead of the General Data Protection Regulation (GDPR) enforcement, this article has been updated for those new to the UK GDPR. Understand some of the GDPR Conditions & Rights that apply under the UK’s data protection Regulation and see how to comply with your obligations. Lawfulness of Processing Conditions The onus […]

What Does Data Minimisation Mean?

What Does Data Minimisation Mean?

What does ‘data minimisation’ mean?  Simply put, data minimisation is the process of limiting the collection and retention of personal data to what is absolutely necessary. The purpose for processing personal data should be identifed by the data controller. The information collected should be adequate to fulfil that purpose, directly relevant and limited to what […]

How to Carry out a Data Protection Impact Assessment

How To Write a CCTV Policy

What is a Data Protection Impact Assessment? A Data Protection Impact Assessment (DPIA) is a mandatory requirement under the UK GDPR for certain types of data processing and activities. Article 35 states that a DPIA must be carried out where the type of processing is likely to result in a high risk to the rights […]

How to Write a CCTV Policy

How to Write a CCTV Policy

Why Do You Need a CCTV Policy? If you are using CCTV surveillance across any business area you should know how to write a CCTV policy. You have a legal obligation to notify individuals that you are using CCTV! You should implement a CCTV policy which defines how, why and when you use CCTV and […]

Legitimate Interests Assessment Process

Legitimate Interests Assessment (LIA) Process

Lawful Basis for Processing Why do you need to understand the legitimate interests assessment process? When processing personal information, it is a legal requirement to comply with the UK GDPR and data protection laws. Specifically, adhering to the Article 6 lawfulness of processing obligations. Businesses processing personal data should identify which legal basis they are […]

GDPR and the Data Protection and Digital Information (No. 2) Bill

GDPR and Digital Information Bill Summary After tabling and then withdrawing the initial data protection reform bill, the revised Data Protection and Digital Information (No. 2) Bill (“the Bill) is now making its way through the parlimentary channels. The second version of the Bill provides some additional clarifications on its predecessor. It aims to make […]

What Are GDPR Technical and Organisational Measures?

The GDPR refers to the ‘appropriate technical and organisational measures’ 92 times! This alone emphasises the importance of having these measures in place. But what are they? Unfortunately, the Regulation doesn’t go into any detail about these measures and what exactly they are. Hence the creation of this article.

GDPR Data Protection Impact Assessment

Article 35 of the General Data Protection Regulation (GDPR) focuses on the Data Protection Impact Assessment (DPIA) and what obligations organisations have in considering and carrying them out.

Where processing is likely to result in a high risk to individuals, an impact assessment is the tool used to protect the individual(s) and their information as far as possible.

GDPR Templates to Compy with the GDPR

Is One GDPR Policy Template Enough? The GDPR has now been in force in the UK since 2018. However, there are still hundreds of new and existing businesses who need to comply with the UK’s data protection framework. Unfortunately, it is not as simple as drafting one GDPR Policy! A suite of data protection policy […]

Sample Cookie Policy Template

Writing a Sample Cookie Policy This article goes through the main headings and sections of a sample cookie policy template. However, it is not a complete Cookie Policy Template and should be used to write your own cookie notice. Read through the ICO guidance pages on PECR if you are unsure of your cookie law […]