The Data Protection Blog

January 19, 2018

It’s 2018! Have you started your GDPR preparations?

2018 is the year the General Data Protection Regulation (GDPR) kicks in. But how many organisations will be ready by the May 25 deadline? According to a survey run by multinational cyber-security provider Kaspersky Lab, only half of SMEs in the UK and EU are even aware of the GDPR and only a quarter are ready for it; many more haven’t begun their preparations for compliance.
January 8, 2018

Using Data Protection Impact Assessments to assess risky processing activities

If you're in any doubt about whether the processing of personal data you do is within the parameters of the General Data Protection Regulation (GDPR) then you should carry out a DPIA because the penalty for not doing so – when it’s appropriate to – is a €10-million fine, or 2% of annual global turnover, whichever is greater.
November 28, 2017

What does Uber’s breach tell us about the GDPR and data security?

It’s crime enough that hackers stole from Uber the personal information of millions of drivers and passengers, but concealing the breach, as Uber did for more than a year, would also be a serious transgression of the law under the European Union’s new General Data Protection Regulation (GDPR) which comes into effect in May 2018.
November 10, 2017

Not started with the GDPR? No GDPR compliance plan? GDPR365 to the rescue!

You must know about the GDPR by now. The European Union’s new General Data Protection Regulation. And that organisations have to become compliant with it by May 2018 or expose themselves to the risk of hefty fines. Recent research by multinational software corporation CA technologies’ indicates that with little more than six months from the GDPR coming into force, less than half of all organisations have a compliance programme in place.
November 8, 2017

Breach and loss going up. Next stop GDPR

Data breaches have been striking businesses worldwide, with the most alarming incidents occurring over the past two years and many more not even being reported.
November 6, 2017

Seven months till the GDPR and most UK businesses haven’t even begun to plan

A shock is coming to UK businesses who haven’t yet put a data protection programme in place. The General Data Protection Regulation comes into play in May 2018, by which time businesses need to show they’re already compliant with it.
November 1, 2017

Finalised GDPR Data Protection Impact Assessment (DPIA) guidelines released by WP29

A Data Protection Impact Assessment is a process for building and demonstrating compliance with the GDPR. It’s a process that an organisation can use to systematically describe its data processing purpose and operation, assess whether its processing is likely to result in risk for the data subjects concerned, and determine measures for addressing these risks.
October 31, 2017

Data mapping and compliance with GDPR Article 30

Article 30 of the General Data Protection Regulation (GDPR) stipulates that organisations maintain a record of their data processing activities. Basically, this means that for an organisation to become compliant with the GDPR, it needs to present an audit of personal data as it moves through an organisation.
October 18, 2017

Are schools ready for the GDPR?

There’s a lot of talk online about businesses becoming ready for the General Data Protection Regulation compliance deadline of May 2018, but what about all the thousands of schools out there? All schools, whether they’re private or public, need to comply with the GDPR. When the GDPR comes into play, schools will need to have their data protection programmes already operating. So where to begin?