Many businesses have now received a letter from the ICO asking for a registration fee of £40 or £60. We are being asked all the time whether or not the letter is genuine and whether a business needs to pay. Every organisation or sole trader who processes personal...
Archives
Howard Freeman
Post-Brexit Data Protection
The Brexit transition period ended on 31st December 2020. UK organisations that process personal data must now comply with the following laws: The DPA (Data Protection Act) 2018 and UK GDPR (General Data Protection Regulation) if they process only domestic...
Data Subject Rights and the GDPR
The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights and meet requests promptly. Failure to do so is a breach of the GDPR....
GDPR and Encryption
Pseudonymisation and encryption are the only technological measures specifically mentioned in the GDPR (General Data Protection Regulation). But what exactly is meant by ‘pseudonymisation’ and ‘encryption’? Are these measures mandatory? More importantly, how can...
GDPR Processing Lawful Bases
The EU GDPR (General Data Protection Regulation) states that you need to identify a lawful basis before processing personal data. But, what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what is meant by the term...
ISO 27001 and GDPR Compliance
Anyone struggling with the EU GDPR (General Data Protection Regulation) should look no further than ISO 27001. It’s the international standard for information security. The ISO 27001 framework is close enough to the Regulation’s that many experts consider it a perfect...
GDPR Risk Assessments
Your business is required to comply with the GDPR (General Data Protection Regulation). Therefore you are obliged to conduct regular GDPR risk assessments. This isn’t just because the Regulation says that you should. Risk assessments are essential for...
DPIA (Data Protection Impact Assessment)
DPIA (data protection impact assessment) is a type of risk assessment designed to identify the risks affecting the security of personal data. A DPIA will help you understand the likely consequences of processing such data. Understanding what a DPIA is is all part...
Data Protection by Design and BY Default
Data protection by design and default is nothing new. But, while privacy by design was good practice under the Data Protection Act of 1998, data protection by design and by default are legal requirements of Article 25 of the GDPR. Here’s how data protection by design...
Personal Data and Sensitive Data
Do you know the difference? The GDPR includes a sub-category of sensitive personal data that comes with its own requirements. The GDPR (General Data Protection Regulation) has been in force for some time. So, no doubt you are familiar with the term ‘personal...
What is an Information Security Policy?
It is well known that your people are the weakest part of your business security defences. You can spend a great deal of time designing processes to protect your business. You can then invest in state-of-the-art technology to detect threats. However, these will only...
The Age Appropriate Design Code
The Children's Code The Children’s Code (or Age Appropriate Design Code to give its proper title) is a data protection code of practice for online services. This includes apps, online games, and web and social media sites that are likely to be accessed by...
Electronic Signatures
In July 2016, the EU issued the eIDAS regulation, which increased the significance of electronic signatures drastically. However, under the current circumstances, the value of signing documents online is higher than ever before. What is an electronic signature?...
DSP Toolkit for Care Homes
The recently launched NHS DSP Toolkit for Care Homes was designed to help care homes with an NHS email address. Full compliance, or standards met is also available allowing care homes to take part in Coordinate My Care. When registered, he care home faces a tad which...
GDPR the data differences
What’s the difference between personal data and sensitive data? Now that the GDPR (General Data Protection Regulation) has been in effect for over two years, you’ve likely become acquainted with the term ‘personal data’. But what exactly does personal data...
The Privacy and Electronic Communications (EC Directive)
STATUTORY INSTRUMENTS 2003 No. 2426ELECTRONIC COMMUNICATIONSThe Privacy and Electronic Communications (EC Directive) Regulations 2003 Made - - - 18th September 2003 Laid before Parliament - - - 18th September 2003 Coming into force - - - 11th...
The NHS Data Security and Protection Toolkit for Care Homes
The NHS Data Security and Protection Toolkit, or as it is generally referred to, the DSP Toolkit, is for users in the care home sector. These care homes have signed up with NHSmail or have upgraded their existing account to NHSmail. Preparing your care home for the...
Your CCTV and the GDPR?
In case you didn’t know, but CCTV footage is subject to the GDPR (General Data Protection Regulation). The Regulation isn’t just about written or electronic data such as names and addresses. It applies to any information that can identify someone. That includes...