GDPR: What Life Science organisations need to do to comply

Since GDPR became a thing on May 25th 2018, organisations need to be prepared to comply with a whole new set of data protection regulations, or face fines of up to 4% of your worldwide annual revenue. The regulation is set to disrupt businesses across the world, and provide a big data privacy boost for consumers, […]

Read More… from GDPR: What Life Science organisations need to do to comply

Subject Access Request (SAR) Empathy

There are many definitions of empathy but the Wikipedia definition is, ‘the capacity to understand or feel what another person is feeling from within their terms of reference’. This is a little deep for a Monday but I think this is a very important consideration when you reply to any sort of GDPR SAR or complaint. […]

Read More… from Subject Access Request (SAR) Empathy

What is Schrems II and how does it affect your international data transfer

On July 16, 2020 the Court of Justice of the European Union [CJEU] issued its judgement in the Data Protection Commissioner vs. Facebook Ireland Limited, Maximilian Schrems (C-311.18) – the Schrems II case. In this landmark decision, the CJEU declared the European Commission’s Privacy Shield – one of the most widely used primary data transfer […]

Read More… from What is Schrems II and how does it affect your international data transfer

Is buying data legal and GDPR compliant?

This is a complicated question, but in short, using bought data is legal and in line with GDPR (General Data Protection Regulations). HOWEVER, this is only the case if it has been purchased in the right way, from the right source. GDPR states that, to contact an individual, you need explicit consent from them. Most […]

Read More… from Is buying data legal and GDPR compliant?

Most common types of GDPR violations

As GDPR effect is growing day by day and a lot of companies are affected, we would like to present a recap of the most common mistakes that companies are making that need to be avoided in order not to face SAR’s data breaches or investigation from the responsible authority and face a huge fine. […]

Read More… from Most common types of GDPR violations

ICO published the next chapter of the Anonymisation guidance draft : Anonymisation, pseudonymisation and privacy enhancing technologies guidance

How to ensure anonymisation is effective? The ICO is calling for views on its updated draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies. ICO are sharing their thinking in stages to ensure they gather as much feedback as possible to help refine and improve the final guidance, which will carry out a formal consultation. In […]

Read More… from ICO published the next chapter of the Anonymisation guidance draft : Anonymisation, pseudonymisation and privacy enhancing technologies guidance

When can we refuse to comply with a SAR (Subject Access request) ?

A lot of companies are receiving SAR’s almost every day. Not all of the SAR’s are relevant and a lot of them might be from the people that are issuing them for a private reasons of to gain some financial revenue. Check this article and find out what are the situtations that you can refuse […]

Read More… from When can we refuse to comply with a SAR (Subject Access request) ?

Children code came into force in September- What’s next ?

The transition year is up and the Children’s code came fully into force on 2 September. It’s a ground breaking code that creates a better internet for children by ensuring online services likely to be accessed by children, respect a child’s rights and freedoms when using their personal data. As you’d expect it’s already having an impact […]

Read More… from Children code came into force in September- What’s next ?

How should you write a consent request and what information it should contain?

How should you write a consent request? Consent requests need to be prominent, concise, easy to understand and separate from any other information such as general terms and conditions. Article 7(2) says: “If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent […]

Read More… from How should you write a consent request and what information it should contain?

GDPR Regulations for CCTV , Photography and Video equipment and drones.

CCTV In general, CCTV is directed at viewing and/or recording the activities of individuals. Therefore, most uses of CCTV by organisations or businesses will be covered by the DPA. The ICO has also issued a code of practice that provides recommendations on the use of CCTV systems to help organisations comply with the DPA. CCTV […]

Read More… from GDPR Regulations for CCTV , Photography and Video equipment and drones.