Policies, Procedures and other internal documents

Posted · Add Comment

It is important to realise that the evidence your organisation is on track for GDPR compliance lies within your policies, procedures and other internal documents.  While your privacy policy and terms and conditions are the external documents people look at most the ICO would be more interested in your internal documentation.   What’s most important […]

Poor Data Controller

Posted · Add Comment

So, who is the person at the “sharp end” of the wedge, as far as data protection is concerned?  It is the poor data controller.  This is the person who has a lot of responsibility, perhaps without a lot of knowledge, who often feels out on a limb with little support. Responsibility yes, but any […]

What is a Data Breach Anyway?

Posted · Add Comment

As individuals we should fear what data breaches can mean to us.  The effect of a data breach ranges from damage to reputation through financial impacts to a complete cloning of identity.  Please be aware that this way of presenting severity is only one view – there are many others – and many other individuals […]

Why Bother complying with Data Protection Regulations?

Posted · Add Comment

Why should we bother complying with data protection regulations anyway?  This is the question I am asked so much and, while there are some obvious ones, to be honest some of the answers are not what you might expect. Complying regulations can increase your standing, thereby making you a more attractive trading counterpart and save […]

Legal basis for Processing

Posted · Add Comment

Part of the first principle of GDPR is the ability to identify the legal basis for processing personal data.  This helps to satisfy all three of the elements of the joint principle of being “legal, fair and transparent”.  As has been mentioned in the {} blog, there can be more than one legal process that […]

Recorded (or voice) data and GDPR

Posted · Add Comment

We have all heard that dreadful message when calling a company “This call is being recorded for training and data quality purposes”.  In truth, normally that’s really only a part of the reason.  The “data quality” part really means that, if we get into a dispute we will call up the recording and use it […]

The use of CCTV by Organisations

Posted · Add Comment

CCTV is generally used in two ways by organisations, a) providing security on their premises for the safety of all that use them and b) to ensure that staff act in a way that matches the terms & conditions and HR policies that an organisation has issued. If, as an organisation, you only want to […]

Sharing Data – What’s the Story?

Posted · Add Comment

So, what is it about sharing data that people find so confusing?  If you went to a football match or an athletics meeting would you tell your life story to the person sitting next to you, including where you live, your bank account details, and so on?  Even if you did would you want the […]

What Does a Data Policy Really Need to Have?

Posted · Add Comment

Firstly, what is a data policy?  It is the internal guideline that you will follow when processing data. You do not have to show this policy to anyone outside your organisation, but you should have terms and conditions written and a privacy policy shown on your website (if you have one) available for any interested […]

Data Types in GDPR

Posted · Add Comment

To me, there are two ways of thinking about data.  One is the categorisation by the regulations and the other is the different forms that data is stored in. In GDPR, there are two categories of data named, those being personal data and special category data.  Just to make things nice and simple the Information […]