Under the GDPR (General Data Protection Regulation), all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. Additionally, there are circumstances in which…
Your DPO questions answered
Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect earlier this year. For many, that has included the…
How organisations are completing EU–US data transfers following…
Earlier this year, the ECJ (European Court of Justice) invalidated the EU–US Privacy Shield, ruling that it fails to protect people’s rights to privacy and data protection. It followed heavy criticism from the Austrian privacy…
GDPR Article 32: Your guide to the requirements
Perhaps the most widely discussed set of compliance requirements within the GDPR (General Data Protection Regulation) are those found in Article 32. That’s because it contains the measures that organisations must implement to prevent cyber…
GDPR data transfer rules: what you need to…
If you’re transferring data outside of the EEA, the GDPR (General Data Protection Regulation) imposes some restrictions. These apply to all data transfers, no matter the size of the transfer or how often you carry them…
GDPR for small business: the ultimate guide
What is the GDPR? A quick overview The Regulation came into effect on 25 May 2018, and was designed to strengthen the rights of EU residents regarding the way organisations process and use their personal…
GDPR data subject access requests (DSARs): How to…
The GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. This is known as a DSAR (data subject access request). This is not a new concept, but the GDPR introduced several changes…
GDPR: lawful bases for processing, with examples
First published June 2018. Last updated March 2020. Under the EU GDPR (General Data Protection Regulation), you need to identify a lawful basis before processing personal data. But what is a lawful basis for processing?…
How to write a GDPR data privacy notice…
The GDPR (General Data Protection Regulation) gives individuals more control over how their personal data is used. If your organisation processes personal data, the Regulation requires you to provide data subjects with certain information. This typically takes the…