Cyber Essentials is a UK government scheme that outlines the basic steps that organisations can take to secure their systems. Implementing its five controls effectively will help you prevent about 80% of cyber attacks. In…
How to write a GDPR data privacy notice…
Data protection law in the UK has changed as a result of Brexit. You can find the latest guidance here. Under the GDPR (General Data Protection Regulation), organisations must provide individuals with certain information via a…
7 key stages of the data protection impact…
Under the GDPR, DPIAs (data protection impact assessments) are mandatory for data processing that is “likely to result in a high risk to the rights and freedoms of data subjects”. Effectively a type of risk…
Organisations received £155 million in GDPR fines in…
In 2020, organisations received €182 million (about £155 million) in fines for violating the GDPR (General Data Protection Regulation), according to an IT Governance report. Our GDPR Fines Quarterly Report revealed that more than two…
Personal data vs. sensitive data: what’s the difference?
Data protection law in the UK has changed as a result of Brexit. You can find the latest guidance here. At the heart of the GDPR (General Data Protection Regulation) is the concept of ‘personal…
Have you completed these 3 data protection tasks…
When the UK left the EU on 31 January 2020 – sparking a transition period that ends on New Year’s Eve – there were plenty of questions about how organisations would transfer personal data to…
When are schools required to report personal data…
Under the GDPR (General Data Protection Regulation), all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. Additionally, there are circumstances in which…
Your DPO questions answered
Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect earlier this year. For many, that has included the…
How organisations are completing EU–US data transfers following…
Earlier this year, the ECJ (European Court of Justice) invalidated the EU–US Privacy Shield, ruling that it fails to protect people’s rights to privacy and data protection. It followed heavy criticism from the Austrian privacy…