bgreenall Archive

Under EU and UK law, individuals have the right to know what personal data an organisation processes about them and how it is used. They can exercise this right by submitting a DSAR (data subject access request). The rules for …

The EU GDPR (General Data Protection Regulation) requires certain organisations to appoint a DPO (data protection officer) to comply with the Regulation.  However, a shortage of DPOs means many organisations appoint staff to act as DPOs without the proper level of expertise, experience or qualifications.  The …

Although DPIAs (data protection impact assessments) are not a new concept, the GDPR (General Data Protection Regulation) now mandates them under certain circumstances. A DPIA is essentially a risk assessment that needs to be conducted before carrying out any processing …

Since the EU’s GDPR (General Data Protection Regulation) came into effect in May 2018, the international shortage of DPOs (data protection officers) has increased. The Regulation stipulates that certain organisations must appoint a DPO to monitor data protection compliance and …

What does Article 30 require? Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. As the GDPR has a heavy emphasis on accountability, organisations …

Although the EU General Data Protection Regulation (GDPR) deadline is only three weeks away, many organisations are still struggling to fill the cyber security skills gap and ensure that they are compliant. Your staff need to be aware of the …

The new EU General Data Protection Regulation (GDPR) confirms that privacy must be designed by default into the processing of personal data. This ‘privacy by design’ concept is not new, and has for many years been recommended by the UK Information …