….is a statement that many companies seem to be making either explicitly, by looking at what they think needs to be done and thinking it doesn’t apply to them or implicitly by not even making the time and effort to find out what needs to be done.
In our latest post in our Article’s series, we look at Article 9 – Processing of special categories of personal data (sometimes this is referred to as sensitive personal data).
Retailer Background This case study is based on a recent audit carried out on a high street retailer client. The retail industry typically works on high volume sales. For the high street, this also means high staff turnover, shops, warehouses, distribution, and consumer regulation. Sales and marketing is important to them and helps to entice […]
Article 32 – Security of processing states “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical […]
Can I demonstrate freely given, specific, informed and unambiguous consent? In our fourth “The Articles” Series post we look at Article 7 – Conditions for consent. This follows on from our previous post on Lawfulness of Processing that concluded “consent should be the basis for processing PII for behavioural advertising”.
It seems that every website pertaining to be the front for a GDPR service has some sort of instant checklist. Many of which are not as comprehensive as the one the ICO provides on their website. At best, they provide a high-level view on where a business might be in relation to GDPR.
Is my processing legitimate…? In the third post of our “The Articles” Series we are looking at Article 6 – Lawfulness of Processing. Article 6 is quite far reaching so in this post we are specifically looking at paragraph 1. (f) Legitimate Interest as it is a hot topic particularly within the Direct Marketing community.
GDPR Certification, what is it and do I need it? The GDPR (General Data Protection Regulation) is already UK law. As with any law, abiding by it is not a choice it is mandatory. If, as a business you fall within scope of the GDPR due to the data you process then you must comply.
GDPR is not just about security, is it…? In a series of posts over the coming weeks GDPR Auditing will take a look at some of the more significant articles of the GDPR. In this post, the first from our “The Articles” series, we look at Article 32 – Security of Processing, that on the […]
Your compliancy depends on your data processors, and their processors… GDPR Auditing is a an established company providing auditing, training and consultancy services focused on the EU General Data Protection Regulation. Its not just your business that needs to be GDPR compliant, your service providers if processing personal Identifiable Information (PII) for your business also […]