What is a Data Protection Impact Assessment? A Data Protection Impact Assessment (DPIA) is a mandatory requirement under the UK GDPR for certain types of data processing and activities. Article 35 states that a DPIA must be carried out where the type of processing is likely to result in a high risk to the rights […]
Why Do You Need a CCTV Policy? If you are using CCTV surveillance across any business area, you have a legal obligation to notify individuals of its use. You should implement a CCTV policy which defines how, why and when you use CCTV and what controls and security measures you have in place. Privacy by […]
Lawful Basis for Processing Why do you need to understand the legitimate interests assessment process? When processing personal information, it is a legal requirement to comply with the UK GDPR and data protection laws. Specifically, adhering to the Article 6 lawfulness of processing obligations. Businesses processing personal data should identify which legal basis they are […]
Data Protection and Digital Information (No. 2) Bill After tabling and then withdrawing the initial data protection reform bill, the revised Data Protection and Digital Information (No. 2) Bill (“the Bill) is now making its way through the parlimentary channels. The second version of the Bill provides some additional clarifications on its predecessor. It aims […]
The GDPR refers to the ‘appropriate technical and organisational measures’ 92 times! This alone emphasises the importance of having these measures in place. But what are they? Unfortunately, the Regulation doesn’t go into any detail about these measures and what exactly they are. Hence the creation of this article.
Article 35 of the General Data Protection Regulation (GDPR) focuses on the Data Protection Impact Assessment (DPIA) and what obligations organisations have in considering and carrying them out.
Where processing is likely to result in a high risk to individuals, an impact assessment is the tool used to protect the individual(s) and their information as far as possible.
Is One GDPR Policy Template Enough? The GDPR has now been in force in the UK since 2018. However, there are still hundreds of new and existing businesses who need to comply with the UK’s data protection framework. Unfortunately, it is not as simple as drafting one GDPR Policy! A suite of data protection policy […]
Writing a Sample Cookie Policy This article goes through the main headings and sections of a sample cookie policy template. However, it is not a complete Cookie Policy Template and should be used to write your own cookie notice. Read through the ICO guidance pages on PECR if you are unsure of your cookie law […]
Transfers of personal data outside the UK have changed since Brexit. Likewise, with the introduction of the International Data Transfer Agreement (IDTA), it is essential that you update your international data transfer policy. Read this article to find out how and why. Transfers of Personal Data Outside the UK Article 44 of the UK GDPR […]
Privacy Policy vs Privacy Notice In data protection programs, the terms privacy policy and privacy notice can often be used interchangeably. In most cases, they refer to the same document, the content of which aims to provide the reader with information about the how, why and what of processing personal data. There are some suggestions […]