Art. 13 and Art. 14 of the UK GDPR specify what information needs to be provided to individuals when their personal data is being processed. Art. 13 details the requirements where data has been collected directly from the data subject and should be provided in the form of a Privacy Notice.
What is a Business Continuity Plan? A business continuity plan (BCP) is a policy and procedural document that details how an organisation aims to prevent and recover from any potential threats. The scale and scope of the BCP largely depends on the size and complexity of the company itself. The purpose of the plan is […]
There has never been a more important time to ensure that your Information Security program is compliant, robust and effective. With more and more employees working remotely and the far reaching connectivity of the digital age; securing systems, data and processes is an essential business practice. Whether you are looking to gain certification in schemes […]
Now that the UK has left the EU and the transition period is over, some UK businesses are understandably confused by how the GDPR applies to them and what changes have been made. Having a robust and compliant data protection framework in place is not only mandatory for those processing personal data, but it is […]
As the UK has written the EU GDPR into UK law (UK-GDPR) to be read alongside the DPA18, much of the former Regulation on data protection still applies as written to those processing personal data within the UK. The main area causing some confusion is GDPR Chapter V (Art. 44-50) on transfers of personal data […]