GDPR Appropriate Technical and Organisational Measures

The GDPR refers to having the ‘appropriate technical and organisational measures’ in place 89 times, stressing the importance the Regulation places on such measures. However, when it comes to defining exactly what these measures are, the Regulation is not quite as generous! The GDPR references these measures in areas such as: – “a controller shall […]

How to Write a GDPR Data Protection Policy

This article offers guidance on How to Write a GDPR Data Protection Policy based on the General Data Protection Regulation (GDPR) including numerous documentation requirements for those obligated under the Regulation. Measures and controls that demonstrate compliance will need to be recorded; with some being included in an organisation’s data protection policies and procedures. What […]

How to Carry Out a Legitimate Interests Assessment (LIA)

What is Legitimate Interests? This article looks at how to carry out a Legitimate Interests Assessment (LIA) and gives guidance on the suggested stages. Legitimate Interests is one of the legal basis for processing personal data under the GDPR. Article 6(1)f of the Regulation states: – “Processing is necessary for the purposes of the legitimate […]

GDPR Documentation Requirements

Whether you are starting from scratch, revising existing data protection policies or use templates from a professional provider; documenting your GDPR measures and controls is a labour-intensive task. While the Regulation and ICO guidance provide sufficient information on what you are expected to document, it can still be overwhelming sifting through the information, identifying mandatory […]

Suggested Actions for GDPR Implementation

The Impending GDPR This article covers our suggested actions for GDPR implementation and with there not being many businesses who haven’t heard of the data protection changes due on 25th May 2018, this article rings together guidance, suggestions and tools for preparation! The General Data Protection Regulation (GDPR) (2016/679) brings data protection legislation into the […]