One of the great ironies of Brexit is that, irrespective of where we end up as a result of the present political hokey-cokey, the UK will move forward with a large piece of European thinking at the heart of its future trading policy. We all know and love this as the General Data Protection Regulation and the GDPR (plus a little bit around national security) is now enshrined within the UK’s 2018 Data Protection Act, passed with very little political ... Continue Reading →
The key to being successful at data privacy is awareness: of what you’ve got and what you do with it.
Much has been made of GPDR Article 30, which talks to the requirement to maintain a Written Record of Processing. This sounds grandiose, but in fact it can be simply described as “writing down what you do”.
The first thing to say is that for most* organisations under 250 people, it isn’t mandatory. However, life is made ... Continue Reading →
Be careful out there…..
Much of our outsourced DPO work takes place in the health sector and we look after over 40 health related organisations.
Part of this work involves giving advice around third party Subject Access Requests. These come about, commonly, where there is a legal or insurance issue and the individual gives his/her permission for a solicitor or insurance company to contact the hospital or medical practice on their behalf to receive the relevant details from their health record.
However, ... Continue Reading →