Case Study Background There are many and varied educational establishments all of which carry a lot of personal data, the majority carry personal data for under 16’s and quite often cross into special category data for one reason or another. This GDPR Audit Case Study shows how we helped a school get on the path […]
Data Subject Access Requests (DSAR) will be free under GDPR Unlike current legislation in the UK (DPA), Data Subject Access requests (DSAR) must be provided free of charge, in most cases. Whilst this is a good thing for data subjects, this could lead to some unintended consequences for data controllers…
EU GDPR and the EU-US Privacy Shield, Both Sides of the Same Coin? US Organisations are starting to look at GDPR and ask, what do I need to do about it? In many cases the EU-US Privacy framework is likely to be the solution.
….is a statement that many companies seem to be making either explicitly, by looking at what they think needs to be done and thinking it doesn’t apply to them or implicitly by not even making the time and effort to find out what needs to be done.
Retailer Background This case study is based on a recent audit carried out on a high street retailer client. The retail industry typically works on high volume sales. For the high street, this also means high staff turnover, shops, warehouses, distribution, and consumer regulation. Sales and marketing is important to them and helps to entice […]
Article 32 – Security of processing states “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical […]
It seems that every website pertaining to be the front for a GDPR service has some sort of instant checklist. Many of which are not as comprehensive as the one the ICO provides on their website. At best, they provide a high-level view on where a business might be in relation to GDPR.
GDPR Certification, what is it and do I need it? The GDPR (General Data Protection Regulation) is already UK law. As with any law, abiding by it is not a choice it is mandatory. If, as a business you fall within scope of the GDPR due to the data you process then you must comply.