How should you write a consent request? Consent requests need to be prominent, concise, easy to understand and separate from any other information such as general terms and conditions. Article 7(2) says: “If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent […]
Read More… from How should you write a consent request and what information it should contain?
Introduction It is vital in any democratic society that political parties and campaigners are able to communicate effectively with voters. But it is equally vital for the integrity of elections and democracy that all organisations involved in political campaigning handle and process personal data in a way that is compliant with data protection law. In […]
Read More… from Guidance for the use of personal data in political campaigning
USB devices offer a convenient way to transfer data between two computers. However, their small physical size and large data capacity means that large volumes of personal data can be lost or stolen with relative ease. Furthermore, if personal data is not securely wiped from USB devices prior to reuse there is a possibility that […]
Data protection and marketing are so closely interconnected that no marketing plan involving data can move forward without getting data protection right. GDPR – General Data Protection Regulation – and PECR – Privacy and Electronic Communication Regulations – are regulations concerning data protection that marketers must familiarise themselves with. The two regulations are complementary, indeed […]
Read More… from What is the difference between GDPR and PECR
What is the data minimisation principle? Article 5(1)(c) says: “1. Personal data shall be: (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)” So you should identify the minimum amount of personal data you need to fulfil your purpose. You should hold that […]
The GDPR (General Data Protection Regulation) outlines six data protection principles that summarise its many requirements. These are an essential resources for those trying to understanding how to achieve compliance. Indeed, small organisations, which often lack the resources to appoint data protection experts to guide them through compliance, may find them particularly useful. We take a look […]
Read More… from The GDPR: Understanding the 6 data protection principles
What is the ‘legitimate interests’ basis? Article 6(1)(f) gives you a lawful basis for processing where: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require […]
The implications for companies based outside the EU are exactly the same as those for EU countries, if they process personal data from the EU. That’s because GDPR applies to the personal data of people based in the EU. If you want to process it, e.g. to sell to customers in the EU, you have […]
Read More… from What Does GDPR Mean For Companies Based Outside The EU?
What is a DPIA? A DPIA is a process designed to help you systematically analyse, identify and minimise the data protection risks of a project or plan. It is a key part of your accountability obligations under the GDPR, and when done properly helps you assess and demonstrate how you comply with all of your data […]
Read More… from What is a DPIA(Data Protection Impact Assesment) and why are DPIA’s important?
With all that’s changed in the world, the arrival of the third anniversary of the General Data Protection regulation may seem trivial, even irrelevant. But dismissing it would be a mistake. This is actually an opportune moment to take stock of what effect it’s had on data protection and whether your organization has managed to […]
+44 1772 217800
+353 01 554
9700 
+1 303 317
5998