How to Carry out a Data Protection Impact Assessment

Data Protection Impact Assessment

What is a Data Protection Impact Assessment? A Data Protection Impact Assessment (DPIA) is a mandatory requirement under the UK GDPR for certain types of data processing and activities. Article 35 states that a DPIA must be carried out where the type of processing is likely to result in a high risk to the rights […]

How to Write a CCTV Policy

How to Write a CCTV Policy

Why Do You Need a CCTV Policy? If you are using CCTV surveillance across any business area, you have a legal obligation to notify individuals of its use. You should implement a CCTV policy which defines how, why and when you use CCTV and what controls and security measures you have in place. Privacy by […]

Legitimate Interests Assessment Process

Legitimate Interests Assessment (LIA) Process

Lawful Basis for Processing Why do you need to understand the legitimate interests assessment process? When processing personal information, it is a legal requirement to comply with the UK GDPR and data protection laws. Specifically, adhering to the Article 6 lawfulness of processing obligations. Businesses processing personal data should identify which legal basis they are […]

GDPR and the Data Protection and Digital Information (No. 2) Bill

Data Protection and Digital Information (No. 2) Bill After tabling and then withdrawing the initial data protection reform bill, the revised Data Protection and Digital Information (No. 2) Bill (“the Bill) is now making its way through the parlimentary channels. The second version of the Bill provides some additional clarifications on its predecessor. It aims […]

What Are GDPR Technical and Organisational Measures?

The GDPR refers to the ‘appropriate technical and organisational measures’ 92 times! This alone emphasises the importance of having these measures in place. But what are they? Unfortunately, the Regulation doesn’t go into any detail about these measures and what exactly they are. Hence the creation of this article.

GDPR Data Protection Impact Assessment

Article 35 of the General Data Protection Regulation (GDPR) focuses on the Data Protection Impact Assessment (DPIA) and what obligations organisations have in considering and carrying them out.

Where processing is likely to result in a high risk to individuals, an impact assessment is the tool used to protect the individual(s) and their information as far as possible.

GDPR Templates to Compy with the GDPR

Is One GDPR Policy Template Enough? The GDPR has now been in force in the UK since 2018. However, there are still hundreds of new and existing businesses who need to comply with the UK’s data protection framework. Unfortunately, it is not as simple as drafting one GDPR Policy! A suite of data protection policy […]

Sample Cookie Policy Template

Writing a Sample Cookie Policy This article goes through the main headings and sections of a sample cookie policy template. However, it is not a complete Cookie Policy Template and should be used to write your own cookie notice. Read through the ICO guidance pages on PECR if you are unsure of your cookie law […]

Update Your International Data Transfer Policy

Transfers of personal data outside the UK have changed since Brexit. Likewise, with the introduction of the International Data Transfer Agreement (IDTA), it is essential that you update your international data transfer policy. Read this article to find out how and why. Transfers of Personal Data Outside the UK Article 44 of the UK GDPR […]

Privacy Policy Template & Guidance

Privacy Policy vs Privacy Notice In data protection programs, the terms privacy policy and privacy notice can often be used interchangeably. In most cases, they refer to the same document, the content of which aims to provide the reader with information about the how, why and what of processing personal data. There are some suggestions […]