It’s the start of a new year, hopefully, a happy and prosperous one.
You are most probably starting to fill in your 2018 diaries. Be mindful of what you write down as we begin what will be the most significant year for data protection.
The on and offline world will change as we know it. There will be strict requirements to examine consent, the retention of data, an individual’s rights, security and capturing information.
We can help you understand those requirements…
Consent is one of the next big changes to evolve on the data protection landscape. Consent to store an individual’s personal data can get a little wordy. It is filled with legal jargon and is also the area of the GDPR law that the ICO has stated will, “be subject to the highest tier of administrative fines.”
Consent can be split into three categories for ease of understanding:
- Third party consent
- Lawful grounds for processing other than consent
We can break down the barriers you may face with the new GDPR and help you understand the requirements. Read more…
Retention of data has always been a fragmented area of information security law. We can explain what personal data is, what constitutes processing data and for how long you should retain data, as it appears to be unclear within DPA and GDPR law.
Personal Data means any information relating to an identified or identifiable natural person (data subject). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
We can explain how the data retention landscape is changing. Read more…
Rights – all 7 of them! Several areas within the new GDPR concern the Rights of the individuals. Most of which are included in the Data Protection Act (DPA), which was based on an EU directive. The difference between EU directives and regulations is that ‘directives’ set out goals for each member state to implement and adapt within their own laws, whereas a ‘regulation’ is a binding legislative act that is non-negotiable and is immediately applied to each member state.
We closely examine the 7 Rights in one of our articles. Read more…
Security and data protection for a client, customer or employee is the key to any organisation. So how do you know you are doing the right things? Our be.privacy course **Insert link has been designed to help you understand basic practices of data security, delivered using real-world examples, not through tick-box questions filled with legal jargon.
To give just a few examples:
- If you have sensitive personal data on paper, is it kept securely locked away? Data protection concerns all data held, not just electronic data
- Do you work from outside your office and access information on the go? Are the devices you’re using to access this information encrypted? If your answer to either of these questions is “Yes!”, then you need to know how the DPA effects the way you work and how you can be compliant with the law
- Do any of your organisation’s operations require the transfer of data outside the European Economic Area? “No!” Are you sure about that? Best to check where your cloud data is stored or where your CCTV provider stores your security footage, because international data transfers, a keystone of the GDPR regulation states that cross-border data transfers outside the EEA are generally prohibited
We can help you ensure you are doing things by the book. Read more…
Capturing data and working within the means of the new regulations could be a challenge for you and your business. We have issued some helpful guidance, not only on consent itself but knowing what information you are capturing, what you are doing with this data and how you can prove the lifecycle of this data when it comes to a Subject Access Request.
We explain everything in full. Read more…
Not many people realise that the General Data Protection Regulation is effective now. However, come May 25th, 2018 it will be enforced. As we draw closer to the deadline, businesses will try to formulate sophisticated ‘opt-in’ based marketing strategies and approaches to ensure compliance.
Taking time to understand the GDPR is very important.
If you have a business or deal with people’s information, the on and offline world will change this year and we can make it easy for you to understand. We can help you prepare.