Do I need an EEA Representative? One of the most overlooked areas of the General Data Protection Regulation seems to be that of EEA Representation. If you are a non-EU business and don’t know what we are talking about then we prove point.
Or any other personal data breach for that matter. The very recent £183 million fine imposed on British Airways for their data breach has brought to light an issue with the GDPR and how to go about enforcing it.
In this post we discuss whether the 13 months old GDPR regulation is proving more difficult to police that the old Data Protection ACT 1998. The DPA 1998 is now quite old and for the eagle eyed is also obsolete, but the fines and enforcement notices were steady. Roughly speaking, we would say that there were […]
GDPR may not exactly be a hot topic for most, indeed it’s take up so far had been sketchy with many organisations doing little or nothing, and businesses that have embraced GDPR often getting it wrong or failing to address the most critical areas. When will GDPR become a regulation that businesses feel they must […]
Do you consider your business to be ethical, upstanding and law abiding? Do your policies talk about employee respect, standards and behaviour, social media rules, drugs and alcohol? Does your business abide by industry standard for health and safety, distance selling, kite marks, ISO standards, even PCI? Most businesses will recognise and uphold many of […]
How GDPR compares to California CCPA First, we had Safe Harbour and the EU Data Directive, now we have GDPR and Privacy Shield, so who is the new guy on the block? The US or at least a large part of it is catching up, GDPR came into full force on the 25th May 2018 […]
Email my passport for a GDPR SAR? In a cruel twist of fate and for some an inevitable irony, the GDPR might just be responsible for the unnecessary proliferation of highly sensitive documents by insecure means. Thousands of organisations in the UK and Europe (at least those who give a hoot) have set out their […]
Marking your own homework is all very well but who carries the can if you get it wrong. Forward thinking organisations have completed some of their GDPR work or in some cases are nearly finished. Some of these companies increasingly looking for someone to check what they have done, give a second opinion, and sign […]
Multi-disciplinary approach to GDPR Readiness GDPR is a regulatory framework and organisations need to translate into practice this framework and associated legislation. As such getting ready for GDPR is essentially a technology-related business change. It requires the skills of a multi-disciplinary team, blending the knowledge of the leadership teams and managers responsible for business operations […]
Data Subject Access Requests (DSAR) will be free under GDPR Unlike current legislation in the UK (DPA), Data Subject Access requests (DSAR) must be provided free of charge, in most cases. Whilst this is a good thing for data subjects, this could lead to some unintended consequences for data controllers…