Archives

Blog

DSPT: Why Care Providers Need to Comply
DSPT: Why Care Providers Need to Comply

Establishing Best Practices in Data Security and Patient Trust The Data Security and Protection Toolkit (DSPT) is a critical framework designed to ensure that care providers, including those in the health and social care sectors, adhere to stringent data security...

Navigating the UK GDPR: What Business Owners Need to Know

An Overview of the General Data Protection Regulation (GDPR) Introduction The General Data Protection Regulation (GDPR) is a regulatory framework enacted by the European Union (EU) in 2018 to protect individuals' personal data and privacy. Since it came into effect,...

ESA’s 2nd Batch Publication

The three European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) have published a second batch of policy products under the Digital Operational Resilience Act (DORA). This batch consists of four final draft regulatory technical standards (RTS), one set of...

Creating an AI Policy

If you are considering integrating AI into your business? Are you not sure where to start, or how to navigate the challenges? Fear not, you are not alone. That statement is not helpful I know, but don’t worry, we are very helpful indeed! Many organisations...

Data Processing Agreements and why you need them.

Whenever a controller uses a processor, there must be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. The UK GDPR sets out what needs to be included in the contract. If a processor uses...

GDPR Adoption…the reality
GDPR Adoption…the reality

It is almost four and a half years since the GDPR became enforced in May of 2018. Since that date, when the world went mad over consent, subscriptions and other connection requests that most of the requestors ignored, we have had Harry and Megan, Brexit, Covid-19 and...

What is the cost of PCI DSS Compliance?
What is the cost of PCI DSS Compliance?

The PCI DSS (Payment Card Industry Data Security Standard) compliance is not easy or inexpensive. In fact, depending on the size of your organisation and the complexity of your CDE (cardholder data environment), it could take months and cost tens of...

Yodel Hack – Parcel Delivery Delays
Yodel Hack – Parcel Delivery Delays

The delivery service company Yodel has suffered a “cyber incident” resulting in widespread disruption. Customers awaiting deliveries noted that Yodel’s systems were offline last weekend. Yodel said: “We are working to restore our operations as quickly as possible but...

Meta (Facebook) Fined £14 Million

Meta has been fined €17 million for twelve breaches of the EU GDPR. The company, formerly known as Facebook, violated several GDPR (General Data Protection Regulation) requirements. More than 30 million people have been affected. The Irish DPC (Data...

Special Categories of Data

What is special category data? Found out here. Special category data is personal data that needs more protection because it is sensitive.In order to lawfully process special category data, you must identify both a lawful basis under Article 6 of the UK GDPR. You also...

Six Data Privacy Mistakes every company makes

Does the following sentence sound familiar?  “I have read and accepted the privacy policy.”  This checkbox is found beneath various online forms. It’s completely superfluous. There is no need to accept a privacy policy because it merely serves an informational...

The GDPR Accountability Principle

The GDPR Accountability Principle is one of the data protection principles. It makes you responsible for complying with the UK GDPR. The regulation states that you must be able to demonstrate your compliance. It is sometime known as the seventh principle....

GDPR Accountability Checklist

Welcome to our GDPR Accountability Checklist. ☐ We take responsibility for complying with the UK GDPR, at the highest management level and throughout our organisation. ☐ We keep evidence of the steps we take to comply with the UK GDPR. We put in place...