Under the GDPR (General Data Protection Regulation), all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. Additionally, there are circumstances in which…
What is data loss and how does it…
Data loss refers to the destruction of sensitive information. It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). Data can be…
GDPR data transfer rules: what you need to…
If you’re transferring data outside of the EEA, the GDPR (General Data Protection Regulation) imposes some restrictions. These apply to all data transfers, no matter the size of the transfer or how often you carry them…
GDPR data subject access requests (DSARs): How to…
The GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. This is known as a DSAR (data subject access request). This is not a new concept, but the GDPR introduced several changes…
How to write a GDPR data privacy notice…
The GDPR (General Data Protection Regulation) gives individuals more control over how their personal data is used. If your organisation processes personal data, the Regulation requires you to provide data subjects with certain information. This typically takes the…
List of mandatory documents required by the GDPR
The documentation of processing activities is a new legal requirement under the EU GDPR (General Data Protection Regulation). Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance…
GDPR: Data transfers outside the EU – what…
This blog has been updated to reflect industry developments. Originally published Jan 04, 2018. The EU General Data Protection Regulation (GDPR) restricts transfers of personal data to countries outside the EEA. These restrictions apply to…
British Airways faces sky high £183 million GDPR…
British Airways has been fined £183.4 million for a data breach that affected around 500,000 customers last year. The airline, owned by IAG, says it is “surprised and disappointed” by the penalty – the largest ever fine for a…
How to write a GDPR data protection policy…
A version of this blog was originally published on 6 February 2018. The GDPR (General Data Protection Regulation) isn’t just about implementing technological and organisational measures to secure the information you store. You also need…