How to Carry Out a Legitimate Interests Assessment (LIA)

What is Legitimate Interests? This article looks at how to carry out a Legitimate Interests Assessment (LIA) and gives guidance on the suggested stages. Legitimate Interests is one of the legal basis for processing personal data under the GDPR. Article 6(1)f of the Regulation states: – “Processing is necessary for the purposes of the legitimate […]

GDPR Compliance

Whether you are starting from scratch, revising existing data protection policies or use templates from a professional provider; documenting your GDPR measures and controls is a labour-intensive task. Although the GDPR/DPA18 has been in place since May 2018, there are still thousands of firms who are only partially compliance with the mandatory data protection laws […]

GDPR & DPA18 Exemptions

The ICO have expanded their data protection guidance on exemptions, which looks at some of the rights and obligations under the GDPR and DPA18. The ICO note that any exemption should not simply be routinely relied upon; instead, every event should be reviewed and considered on a case-by-case basis. They also reiterate that some areas […]

GDPR International Transfers Guidance

The ICO’s GDPR guidance pages have been devoid of any updates since the Regulation and DPA18 came into force back in May. However, the regulator has this week updated their guidance on International Transfers, providing a Q&A style assessment noting steps & actions when transferring data outside the EU. The guidance utilises a number of questions […]

Guide to the Data Protection Fee

Our guide to the Data Protection Fee looks at the ICO’s recent published guidance on the new data protection fee, which looks at the Governments’ new charging structure for data controllers. The fee will help to ensure the continued funding of the Information Commissioner’s Office (ICO) and will be based on a 3-tier model. Whilst […]

GDPR Compliance Statement Template

Already included in our GDPR Documentation Toolkit, whilst it is not a mandatory GDPR document, many of our clients have been asked to produce (or are adding to their website) a GDPR Compliance Statement. This document serves as a business plan for GDPR compliance, providing a summary of how an organisation is preparing for, and […]

ICO GDPR Assessment for Controllers & Processors

The ICO are replacing their existing GDPR checklist with 2 new versions, one for data controllers, and another for processors. The controller checklist is available now, with the processor version being released tomorrow (6th Dec). The checklists are designed to assess your compliance with data protection legislation and includes areas such as the new rights […]

GDPR & The ePrivacy Regulation

The Privacy and Electronic Communications Directive (2002/58/EC) goes hand in hand with data protection and focuses primarily on personal data, data protection and privacy in the digital arena. Known as the ‘ePrivacy Directive’, its core is rooted in the EU’s secondary law (Article 7 of the Charter of Fundamental Rights of the EU), the fundamental […]

GDPR Processing Activities Register Template

Maintaining written (including electronic) records of processing activities is a GDPR requirement under Article 30, applying to controllers & processors with 250+ employees (and in limited cases , to those with fewer than 250 persons). Recital 82 advises that “each controller and processor should be obliged to cooperate with the supervisory authority and make those […]

GDPR Data Mapping & Information Flow

Organising your personal data, reviewing the avenues for obtaining, using and storing the information and completing an information audit is an important part of the General Data Protection Regulation (GDPR) planning and implementing process. Starting with a data mapping exercise is pivotal to ensuring that you comply with the GDPR requirements and for structuring your personal […]