Archives

GDPR

Transferring data to the US
Transferring data to the US

Assessment and Action Plan Make sure your EU-US data transfer is lawful  In July 2020, the European Court of Justice delivered its ruling on the Schrems II case, declaring the EU-US Privacy Shield invalid. The Privacy Shield was one of the three options available...

Estate agency fined
Estate agency fined

Estate agency fined £80,000 for failing to keep tenants’ data safe. The Information Commissioner’s Office (ICO) has fined a London estate agency £80,000 for leaving 18,610 customers' personal data exposed for almost two years. The security breach happened at...

GP surgery secretary fined
GP surgery secretary fined

A former GP surgery secretary has been fined for reading medical records of 231 patients in two years, the ICO reported in 2018. A trip back in time to November of 2018 for this blog. We shouldn't forget that whilst this story may have a few cobwebs on it, this could...

Brexit and the new UK GDPR
Brexit and the new UK GDPR

The United Kingdom has now left the European Union. However, until 31st December 2020, EU laws, which include the General Data Protection Regulation (GDPR), continue to apply to the U.K. This is the transition period. Once the transition period has ended,...

Danish Authority Data Protection Breach
Danish Authority Data Protection Breach

The Danish data protection authority ('Datatilsynet') announced, on 20th August 2020, that it had itself suffered a personal data breach. The breach was the discovery of its paper waste containing confidential and sensitive information about citizens and employees....

GDPR Supply Chain Audit
GDPR Supply Chain Audit

Consider the way in which your business operates. Could it operate without suppliers? This will include any other business you deal with, from an outsourced payroll company, to a medical insurance provider and even the company that waters plants in the office. The...

GDPR Periodic Audits
GDPR Periodic Audits

Why carry out GDPR periodic audits? Article 32.1.d of the GDPR, data controllers and data processors must implement appropriate technical and organisational measures to ensure a level of security. This security should be appropriate to the risk. The regulation states...

Data Retention and the GDPR
Data Retention and the GDPR

How will you tackle data retention? Two plus years on from GDPR enforcement, does your housekeeping need a refresh? How long you will keep personal data raises lots of questions. Where to start? How to judge necessity? Have you considered your method of disposal of...

WE’VE CHANGED OUR PRIVACY POLICY!
WE’VE CHANGED OUR PRIVACY POLICY!

GDPR and POPI - MUST SOUTH AFRICANS COMPLY? The EU’s General Data Protection Regulation (GDPR) took effect on 25 May 2018 – as heralded by the million-or-so “We’ve changed our Privacy Policy” messages we all received at the time and continue to do so. Whilst...

Helping small businesses
Helping small businesses

We’re here to help you create added value for your clients and prospects As a client of the HR Dept we know how hard you work. We also know that we talk to the same people and are often asked where the GPDR resources pack should be kept. We always say, "with...

GDPR Technical Web Site Audits
GDPR Technical Web Site Audits

To get your business moving forward, you need your visitors to contact you What is tracked is managed. Have you started tracking your personal data usage? This brings focus to your practical step towards achieving GDPR compliance. In order to take your first steps...

Privacy Shield ruled invalid
Privacy Shield ruled invalid

The EU's Court of Justice has just invalidated the "Privacy Shield" data sharing system between the EU and the US, because of overreaching US surveillance. Privacy Shield ruled invalid after hearing. Schrems argued that there were insufficient safeguards in place and...

Is Privacy Shield all but dead?
Is Privacy Shield all but dead?

Commission conducting ‘preparatory work’ should ECJ invalidate privacy shield The European Commission is preparing for the eventuality that the European Court of Justice (ECJ) may invalidate the EU-US data transfer agreement know as the Privacy Shield. The agreement...

POPIA compliance
POPIA compliance

South Africa's new data privacy law and what it means for you South Africa's Protection of Personal Information Act, POPIA is now law. This is good news for South African citizens and residents as the aim of the legislation is to protect their personally identifiable...

GDPR for Sports Clubs and Associations
GDPR for Sports Clubs and Associations

Many organisations may not realise how the GDPR affects them and how they handle data. Sports clubs and associations are typical of the type of organisation that can run into trouble if they are not careful. This article explains what sports clubs need to do to comply...

GDPR Training
GDPR Training

Staff and contractor training on GDPR is vitally important if a business is to remain compliant to the regulation. Since the arrival of the GDPR in May of 2018, all types of training courses have come and gone. Some have claimed to be official and certified. However,...