The ICO on Data Governance

In the year prior to the implementation of GDPR, UK businesses failed to report data breaches in a timely manner. On average it took companies two months to complete the reporting to the Information Commissioners Office (ICO) UK, and often these reports were incomplete and missing vital information. The ICO have stated that since the […]

Read more
Information rights research

The ICO has conducted and commissioned several reports on customer satisfaction and information rights. One of the goals of the Information Commissioner’s Office (ICO) Information Rights Strategic Plan 2017-21 is ‘to increase the public’s trust and confidence in how data is used and made available’. It is therefore important for the ICO to gauge the […]

Read more
Right to Access – art. 12,15

Right to Access – art. 12,15 After data is collected, a data subject has the right to know how it has been collected, processed, and stored, what data exists, and for what purposes. Summary: Individuals have the right to access their personal data. This is commonly referred to as subject access. Individuals can make a subject […]

Read more
Your employees are in the frontline of GDPR compliance

Employees represent a significant risk factor to data security within organisations, not just maliciously but accidentally. According to data security statistics provided by ICO, the highest number of security breaches reported for the financial year 2017-2018 were incidents where employees had sent an email to an incorrect recipient. The second most reported incidents involved data […]

Read more
Data Protection Impact Assessments – In Brief

What’s new under the GDPR? What is a DPIA? When do we need to do a DPIA? How do we carry out a DPIA? Do we need to consult the ICO? What’s new under the GDPR? The GDPR introduces a new obligation to do a DPIA before carrying out processing likely to result in high […]

Read more
Data Protection Impact Assessments – Checklists

DPIA awareness checklist ☐ We provide training so that our staff understand the need to consider a DPIA at the early stages of any plan involving personal data. ☐ Our existing policies, processes and procedures include references to DPIA requirements. ☐ We understand the types of processing that require a DPIA, and use the screening […]

Read more
Data Protection Impact Assessments – At A Glance

At a glance A data protection impact assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. You must do a DPIA for certain listed types of processing, or any other processing that is likely to result in a high risk to individuals’ interests. You can use […]

Read more
Legitimate Interests – Checklist

Legitimate Interests ☐ We have checked that legitimate interests is the most appropriate basis. ☐ We understand our responsibility to protect the individual’s interests. ☐ We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision. ☐ We have identified the relevant legitimate interests. […]

Read more
Consent – Checklist

Asking for Consent ☐ We have checked that consent is the most appropriate lawful basis for processing. ☐ We have made the request for consent prominent and separate from our terms and conditions. ☐ We ask people to positively opt in. ☐ We don’t use pre-ticked boxes or any other type of default consent. ☐ […]

Read more