Archives

Blog

Is New York the next City to enforce Data Protection?

New York Consumer Privacy Bill is to be Reintroduced On 13th May 2021, New York State Senator Kevin Thomas, the Chair of New York’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”). The act is designed to be a comprehensive consumer...

Practice Hub Data Breach

A story from last month that Practice Hub, an online service for Chiropractors and other practices, was breached. Details emerged in May about a serious incident involving the Practice Hub data breach. We have been working to find out exactly what has happened and...

GDPR Compliance is only ever a phone call away

BACKGROUND GFHR Consulting is as an Independent HR Consultancy based in South East England. Founded by Gemma Farina in 2010, Gemma and her team of HR experts have helped hundreds of small and medium sized organisations with their HR issues, requests and...

Tories fined for Breach of the PECR

The Conservative party has been fined £10,000 for a breach of the PECR, the ICO announced today. The fine is for sending 51 marketing emails to people who did not want to receive them. The fine follows an ICO investigation relating to emails sent from the Conservative...

GDPR – 3 Years and counting

The 25th May 2018 saw the GDPR become enforced in law. But what exactly changed and where are we now? The flurry of emails demanding your consent to this that and the other have now ended thankfully. Businesses have now realised that consent is not the only way to...

ISO or not ISO? Now that is the question!

The International Standard for Organisation develop and publish standards and has as its members 165 national standards bodies. Commonly known as the ISO derived from the Geek word 'isos', meaning equal. However, when is ISO not ISO and how can you tell the...

What does Cyber Essentials Cost?

Cyber Essentials is one of the most cost-effective ways to boost your organisation’s information security. But, what does Cyber Essentials cost? Designed to help organisations address common weaknesses Designed to help organisations address common weaknesses, it can...

Happy third Birthday

For many new businesses, celebrating a happy third birthday is a key milestone. However, reaching three years is not easy to achieve. This week we celebrated our third birthday and we had the opportunity to sit and discuss what we did well and also what we did wrong....

Data Subject Rights and the GDPR

The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights and meet requests promptly. Failure to do so is a breach of the GDPR....

GDPR and Encryption

Pseudonymisation and encryption are the only technological measures specifically mentioned in the GDPR (General Data Protection Regulation). But what exactly is meant by ‘pseudonymisation’ and ‘encryption’? Are these measures mandatory? More importantly, how can...

GDPR Processing Lawful Bases

The EU GDPR (General Data Protection Regulation) states that you need to identify a lawful basis before processing personal data. But, what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what is meant by the term...

GDPR Risk Assessments

Your business is required to comply with the GDPR (General Data Protection Regulation). Therefore you are obliged to conduct regular GDPR risk assessments. This isn’t just because the Regulation says that you should. Risk assessments are essential for...

DPIA (Data Protection Impact Assessment)

DPIA (data protection impact assessment) is a type of risk assessment designed to identify the risks affecting the security of personal data. A DPIA will help you understand the likely consequences of processing such data. Understanding what a DPIA is is all part...

Data Protection by Design and BY Default

Data protection by design and default is nothing new. But, while privacy by design was good practice under the Data Protection Act of 1998, data protection by design and by default are legal requirements of Article 25 of the GDPR. Here’s how data protection by design...

Personal Data and Sensitive Data

Do you know the difference? The GDPR includes a sub-category of sensitive personal data that comes with its own requirements. The GDPR (General Data Protection Regulation) has been in force for some time. So, no doubt you are familiar with the term ‘personal...