The ICO have released details of a Telford company who have been fined for a breach of Data Protection. Read more
Telford Company fined for Data Protection Breach
Tag: GDPR
Make sure you’ve had the right GDPR advice
The GDPR regulations have been in force for one month now and it’s great to see so many organisations large and small taking on board the message that individuals personal information is a privilege to process and not a right. But for every exceptional measure we’re also seen some poorly put together privacy policies that fail to pass GDPR standards, either using inappropriate lawful bases, not declaring the use of their party processors, not notifying individuals of personal information obtained not directly from them, or just outright misuse of personal information. Read more
GDPR Day
What does this mean to you?
It’s arrived, May 25th 2018, the day GDPR comes into force. Find out what this could mean for you. Read more
GDPR: May 25th
Are you GDPR Ready?
nThe GDPR came into force on May 25th 2018. If you are still not compliant, contact us immediately!”,”serverSync”:”2018/05/10 16:57:54″}’>
Time is running out
The General Data Protection Act will come into force across Europe on May 25th 2018.
Any organisations that processes personally identifiable information will need to be compliant with the GDPR.
Time is running out, but we can still help you get your documentation and processes ready to meet your GDPR requirements.
GDPR doesn’t apply to me
The GDPR does not apply to you if you’re just managing information for purely personal or household activities. So you don’t need to worry about keeping the window cleaners details in your phone.
However, If you are a business of any size and you manage personally identifiable information, the GDPR will apply to you.
What is personally identifiable information?
The GDPR says that Personally Identifiable Information is any information that can be used to identify an individual.
This can be directly (like a person’s name or email address) or indirectly (such as a client reference number, or IP details)
Common types of personally identifiable information you may use are things like employee details, customer and supplier information, cookies used on your website and emails.
But my only contacts are other businesses
In reality, this is probably note the case.
Most people have personal information for their business contacts, such as their name, position in the company or personalised email address.
What do I have to do?
You need to make sure you have documented how you collect and manage personal data, stating what safeguards you have to protect that information, and how it’s going to be used.
You need to identify a lawful basis for using the information, and make sure it is only used for that purpose.
And you need to know where the information is, who has access to it and how you can manage it if you receive a data subject request
#WeCanHelp
There’s a lot of work that needs to be done getting GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.
We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.
Contact Us Today!
Some of the GDPR specific services we offer include:
- Data Protection Officer Services
- Policy Writing
- Data Handling
- ICO Registering
- Process Monitoring
- Process Assessment
ICO Regulatory Action Policy
The Draft Regulatory Action Policy
The ICO have opened consultation on their Regulatory Action Policy which sets out how the ICO will deal with the organisations it regulats under various legislation, including the General Data Protection Regulation (GDPR or the Data Protection Bill as it will be in the UK once we leave Europe), the Freedom of Information Act and the Privacy and Electronic Communications Regulations (PECR) Read more
Cyber Security Breaches 2018
Cyber Security Review 2018
With only a month to go until the new Data Privacy regulations come into force, we;ve taken a look at the Cyber Security Breaches report released from the Department of Digital, Culture, Media & Sport. Read more
GDPR
General Data Protection Regulation
Regulation EU 2016/679, known as the GDPR or The Data Protection Act 2018 in the UK relates to the use of individuals personally identifiable information.
What is Personally Identifiable Information?
Any information that can be used to identify an individual directly or indirectly is personally identifiable information and so covered under the GDPR.
Common types of Personally Identifiable Information are;
- Names
- Email Address (personal ones and business ones if they identify the individual such as joe.blogs@company.com)
- Address
- Unique Reference Numbers
- Registration Plates
- Photos
- Phone Numbers
Some types of Personally Identifiable Information have a special category status, these include things like;
- Health Information
- Bio-metric Information
- Sexual information
- Religious Information
If you handle any of the special category information, you need to provide additional levels of security and have explicit consent from the data subject to process it.
Do I handle Personally Identifiable Information?
If you have any of the following, it’s likely that you are handling Personally Identifiable Information;
- Employee Information
- Customer Information
- Prospects Information
- Suppliers Information
What do I have to do to be compliant?
You need to make sure you are registered with the ICO as being compliant to handle Personally Identifiable Information.
You need to make sure you know how your organisation is processing information under the GDPR, where is it coming from, how is it being used, who has access to it, where does it go, how long do you hold it for?
You need a Privacy Policy to document how your are managing the security of the information you have, in this you need to identify the lawful basis for processing the information, and keep records of how you have come to the lawful basis, how you have processed information, and how you have ensured the security of the information.
You need a Privacy Notice to notify the individuals who’s information you have, about how you have obtained that information, how you’re going to use it, your lawful basis for using it, how you’re going to protect it and how they can submit requests to update or prevent processing on it.
You also need a means of monitoring your information store, either paper based or digital, that can identify when a breach happens. A breach could be as simple as accidentally deleting information or it could be as serious as someone unauthorised getting access to the information.
Responding to individual requests
Individuals have various rights to their data depending on your lawful basis for processing. You are required to respond to these requests in 30 days, and without any fee. You must provide any information in an easy to access format, and explain any technical terms used.
Responding to individual requests is something you should have a documented process for, this will save you time and trouble if and when you receive any requests, and will help keep you compliant with the GDPR.
#WeCanHelp
There’s a lot of work that needs to be done getting your organisation GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.
We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.
General Data Protection Regulations
Data Protection Act 2018
The GDPR UK implementation and the UK Data Protection Act 2018 govern how organisations can process personally identifying information.
If your organisation needs to process personal information, it needs to be registered on the ICO database, and have a Data Protection Policy in place detailing the use of personal information.
Personal Information is any information that can identify an individual, such as employee names, customer id’s or CCTV footage.
If you need help assessing your GDPR compliance, contact us immediately for a GDPR review.
GDPR: What it means to everyone else
What is all this GDPR?
It’s not just businesses that need to know about GDPR. The GDPR is all about you.
The GDPR are a set of new regulations that say how organisations can collect, use and store data about you. It also states what rights you have to your data, and how you can get hold of the data any organisation has about you.
GDPR: Photos & CCTV
Are you GDPR Ready?
“,”serverSync”:”2018/06/13 11:55:14″}’>
General Data Protection Regulation
If you’re primary business is photography, have you considered the impact the GDPR is going to have on you and how you operate?
What about if you have CCTV that monitors and records an area that members of the public can access? Read more
GDPR: Business to Business
Business to Business marketing
The GDPR covers information that identifies individuals only, so any business to business marketing would not be covered as long as the details are generic and don’t identify an individual.
So if the email address was sales@businessname.co.uk that would be fine, no individual is identified, however if your contact is j,bloggs@busniessname.co.uk then you are identifying an individual and therefore GDRP does apply.
That doesn’t mean you can’t send marketing materials to them, there are several basis for consent that could apply depending on the situation, as long as the information you’re sending is relevant, expected and not intrusive.
Business Cards
The GDRP will apply to business cards if they contain an individuals personally identifiable information, like their name (and what business cards don’t have names on them!) and if you store them in an ‘organised filing system’
That could apply to a filofax, rotadex or similar system, or if you input the details into a digital storage system, like your phone or PC address book. It’s slightly less clear if the information is ‘stored’ loose in your draw or desk.
Again, the GDPR offers means to ‘store and process’ this information in this way, you just have to be aware of it and make sure you don’t use the information in a way that would be unexpected. It might be expected to pass the details onto an interested third party, say a work colleague, who might want to make contact with the individual. It would probably not be expected for you to pass that information onto a third party marketing company that has no relation to you or your business.
#WeCanHelp
There’s a lot of work that needs to be done getting GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.
We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.
Contact Us Today!
Some of the GDPR specific services we offer include:
- Data Protection Officer Services
- Policy Writing
- Data Handling
- ICO Registering
- Process Monitoring
- Process Assessment
General Data Protection Regulations
Data Protection Act 2018
The GDPR UK implementation and the UK Data Protection Act 2018 govern how organisations can process personally identifying information.
If your organisation needs to process personal information, it needs to be registered on the ICO database, and have a Data Protection Policy in place detailing the use of personal information.
Personal Information is any information that can identify an individual, such as employee names, customer id’s or CCTV footage.
If you need help assessing your GDPR compliance, contact us immediately for a GDPR review.