Information Security Policy Toolkit

Having robust and structured information security policies and a detailed ISMS program are essential to every business, regardless of its size or scope. Information security is a broad area of compliance that protects information, data, systems, people, entities and the business itself from external or internal threats. These threats can be risk related, physical or […]

Data Protection Impact Assessment GDPR

What Are DPIA’s Article 35 of the General Data Protection Regulation (GDPR) focuses on the Data Protection Impact Assessment (DPIA) and what obligations organisations have in considering and carrying them out. The ICO and The Article 29 Working Party (WP29) have also created guidelines and publications on impact assessments, with the latter citing the definition […]

Coronavirus & Data Protection

The World is a very different place than it was a few weeks ago and businesses are now operating in a time of flux, with many not being able to operate at all. With so many employees working from home and contact with customers being made in new or different ways; you need to ensure […]

Coronavirus & Protecting Personal Data

How robust your data protection program is may be being tested during this difficult time, with employees working from home and others in workplaces with an abundance of staff absences. Having compliant GDPR and DPA18 policies, procedures and controls in place is mandatory, but has never been so important. How you process personal data during […]

GDPR Data Protection Policy Template & UK GDPR After Brexit

This article provides guidance on writing your own GDPR/DPA18 Policy and utilises the requirements set out under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA18). What is a Data Protection Policy? The GDPR advises that controllers must implement appropriate technical and organisational measures to comply with the GDPR; with those measures […]

How to Carry Out a Legitimate Interests Assessment (LIA)

What is Legitimate Interests? This article looks at how to carry out a Legitimate Interests Assessment (LIA) and gives guidance on the suggested stages. Legitimate Interests is one of the legal basis for processing personal data under the GDPR. Article 6(1)f of the Regulation states: – “Processing is necessary for the purposes of the legitimate […]

GDPR Compliance

Whether you are starting from scratch, revising existing data protection policies or use templates from a professional provider; documenting your GDPR measures and controls is a labour-intensive task. Although the GDPR/DPA18 has been in place since May 2018, there are still thousands of firms who are only partially compliance with the mandatory data protection laws […]