An Overview of the General Data Protection Regulation (GDPR) Introduction The General Data Protection Regulation (GDPR) is a regulatory framework enacted by the European Union (EU) in 2018 to protect individuals' personal data and privacy. Since it came into effect,...
Archives
GDPR
GDPR Compliance: A Critical Checklist for Businesses in 2024
Are you confident that your business is fully GDPR compliant? With the General Data Protection Regulation (GDPR) in full effect, ensuring compliance is non-negotiable for businesses handling the personal data of EU citizens. Failure to adhere to GDPR principles can...
What is a data protection officer?
Find out what the data protection officer role involves and who or what you need to hire. The General Data Protection Regulations (GDPR) is something you've heard a lot about, whether you collect, store and use customer data, or you don't. It's the biggest...
The Data Protection Act 2018
On 25th May 2018 when the GDPR came into force, the European regulation attracted all the headlines. However, another price of regulation also came into law which acted differed from the EU GDPR. The Data Protection Act of 2018 is strewn with references to the GDPR...
GDPR Adoption…the reality
It is almost four and a half years since the GDPR became enforced in May of 2018. Since that date, when the world went mad over consent, subscriptions and other connection requests that most of the requestors ignored, we have had Harry and Megan, Brexit, Covid-19 and...
GDPR Compliance is only ever a phone call away
BACKGROUND GFHR Consulting is as an Independent HR Consultancy based in South East England. Founded by Gemma Farina in 2010, Gemma and her team of HR experts have helped hundreds of small and medium sized organisations with their HR issues, requests and...
Happy third Birthday
For many new businesses, celebrating a happy third birthday is a key milestone. However, reaching three years is not easy to achieve. This week we celebrated our third birthday and we had the opportunity to sit and discuss what we did well and also what we did wrong....
Accountants! When was the last time you reviewed your GDPR?
Accountants are very good with numbers as we all know and appreciate. However, is your data management up to the required standard? Was it within the last year. Did you cary out a thorough audit? Have you actually achieved compliance? Accountants! When was the last...
GDPR Compliance Checklist
1. Obtain board-level support and put accountability measures in place 2. Plan your GDPR compliance project and its scope 3. Conduct a data inventory and data flow audit 4. Undertake a comprehensive risk assessment 5. Carry out a detailed gap analysis 6. Develop...
A Letter From the ICO
Many businesses have now received a letter from the ICO asking for a registration fee of £40 or £60. We are being asked all the time whether or not the letter is genuine and whether a business needs to pay. Every organisation or sole trader who processes personal...
Post-Brexit Data Protection
The Brexit transition period ended on 31st December 2020. UK organisations that process personal data must now comply with the following laws: The DPA (Data Protection Act) 2018 and UK GDPR (General Data Protection Regulation) if they process only domestic...
Data Subject Rights and the GDPR
The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. Organisations must let individuals know how they can exercise these rights and meet requests promptly. Failure to do so is a breach of the GDPR....
GDPR and Encryption
Pseudonymisation and encryption are the only technological measures specifically mentioned in the GDPR (General Data Protection Regulation). But what exactly is meant by ‘pseudonymisation’ and ‘encryption’? Are these measures mandatory? More importantly, how can...
GDPR Processing Lawful Bases
The EU GDPR (General Data Protection Regulation) states that you need to identify a lawful basis before processing personal data. But, what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what is meant by the term...
ISO 27001 and GDPR Compliance
Anyone struggling with the EU GDPR (General Data Protection Regulation) should look no further than ISO 27001. It’s the international standard for information security. The ISO 27001 framework is close enough to the Regulation’s that many experts consider it a perfect...
GDPR Risk Assessments
Your business is required to comply with the GDPR (General Data Protection Regulation). Therefore you are obliged to conduct regular GDPR risk assessments. This isn’t just because the Regulation says that you should. Risk assessments are essential for...
DPIA (Data Protection Impact Assessment)
DPIA (data protection impact assessment) is a type of risk assessment designed to identify the risks affecting the security of personal data. A DPIA will help you understand the likely consequences of processing such data. Understanding what a DPIA is is all part...
Data Protection by Design and BY Default
Data protection by design and default is nothing new. But, while privacy by design was good practice under the Data Protection Act of 1998, data protection by design and by default are legal requirements of Article 25 of the GDPR. Here’s how data protection by design...