Sipping on a pre-prandial ice-cooled G&T has been a big part of appreciating the unusally pleasant bank-holiday weather this year. But whilst enjoying the great outdoors, the ICE I’ve been thinking about is the GDPR kind. That is, the “In Case of Emergency” information gathered by many employers from their staff. A few of our clients have been asking about it: what are the ‘rules’? how to I justify it? what do I have to tell people?
We’ve all got ICE ... Continue Reading →
JEM is pleased to welcome the addition of 7 Scottish hotels under the management of the ICMI group to our portfolio of service customers.
After working with a variety of hospitality providers in 2018 looking at their GDPR preparedness, including the ICMI family, it was great to be asked to offer a support function to these businesses. Although each one is different in their execution, the principles remain the same – there is staff data, supplier data and guest data: all ... Continue Reading →
A Merry Christmas and Happy Holidays to my reader (one doesn’t like to presume).
Our Christmas card this year features our designated Charity: TVAP . An amazing place providing play-space for children and adults with challenges… well, I’ll let them explain:
Of course over the past year, we’ve helped them with their data privacy challenges too. As you can imagine, running a charity with ... Continue Reading →
A bold claim by a privacy advocate or simply an attention-grabbing headline? Well, I confess, a bit of both!
In this blog we normally write about the effect of GDPR on companies, and the implications for their data-subjects. Today I’d like to focus on what data-subjects should be doing for themselves when on-line.
Last week we were at the ExecLN conference about privacy and security. One of the more intriguing presentations was about how much of your data is already out there.
A ... Continue Reading →
One of the great ironies of Brexit is that, irrespective of where we end up as a result of the present political hokey-cokey, the UK will move forward with a large piece of European thinking at the heart of its future trading policy. We all know and love this as the General Data Protection Regulation and the GDPR (plus a little bit around national security) is now enshrined within the UK’s 2018 Data Protection Act, passed with very little political ... Continue Reading →
The key to being successful at data privacy is awareness: of what you’ve got and what you do with it.
Much has been made of GPDR Article 30, which talks to the requirement to maintain a Written Record of Processing. This sounds grandiose, but in fact it can be simply described as “writing down what you do”.
The first thing to say is that for most* organisations under 250 people, it isn’t mandatory. However, life is made ... Continue Reading →
Be careful out there…..
Much of our outsourced DPO work takes place in the health sector and we look after over 40 health related organisations.
Part of this work involves giving advice around third party Subject Access Requests. These come about, commonly, where there is a legal or insurance issue and the individual gives his/her permission for a solicitor or insurance company to contact the hospital or medical practice on their behalf to receive the relevant details from their health record.
However, ... Continue Reading →
This week a colleague and I went to the “2018 e-Commerce Expo”: https://www.ecommerceexpo.co.uk/
Our aim was to gauge the market for GDPR services in the SME e-Commerce sector: how did people feel about it, what was the privacy support like from their 3rd- party service providers?
In short, was there a need for JEM and our services?
On that front we came away feeling quite buoyed, albeit with the occasional sigh of disappintment. The Platform providers generally ‘got it’ when it came ... Continue Reading →
A lot of comment on social media is about the impact (or lack thereof) of GDPR on Direct Marketing: “Another company still sending me emails, despite me saying no!” sums up a whole slew of Tweets.
I’ll cover some specifics on the opt-in/out controversy and the PECR later (hint – it’s not as straightforward as people want to believe). But it got me to thinking – are we “data subjects” focusing on the wrong thing?
The GDPR is first and foremost about ... Continue Reading →
Against a background of further high-profile fines and company reputation shredding, it may not be good news to learn that the GDPR may not be the last word in Data Protection regulation for organisations to contend with. The 2018 Data Protection Act is imminent and in the wake of the Cambridge Analytica scandal, the European Data Protection Board ( the replacement for the Article 39 Group) is limbering up and consulting on further regulation concerning the electronic processing of data.
As ... Continue Reading →