Large scale processing of personal data provides some indication that the activity an organisation is undertaking might be a higher risk. If large scale processing is combined with other high risks, such as processing sensitive personal data, then a Data Protection Impact Assessment (DPIA) may be required. However, there is no clear definition of what […]
Large Scale Processing Read More »
A high risk assessment is not a term specifically noted within the GDPR or the Data Protection Act (2018). However it is common for organisations to assess activities or projects to determine if the risk associated with them might require a Data Protection Impact Assessment (DPIA). A high risk assessment is therefore a short questionnaire which
High Risk Assessment Read More »
All of the EU’s member states must provide one or more independent supervisory authorities (or regulators), which must act independently of the government and must be provided with adequate resource to undertake their duties. In the UK the regultor is the Information Commissioners Office (ICO). All entities which process personal data must register with their
Supervisory Authorities Read More »
The role of a data protection officer (DPO) is to work within the organisation as a representative for the data subject. They must be able to inform and advise both the controller and the processor of their obligations, monitor compliance within the organisation, provide advice on assessments such as Data Protection Impact Assessments etc and be a point of contact for both
Data Protection Officer Read More »
A data controller is any person, authority organisation or other body which either on its own or jointly with another party determines the purposes and means of processing personal data. In simple terms, the controller is responsible for ensuring the control of the personal data. Relationships with Data Processors When a controller passes on responsibility
Children’s personal data is considered to be a higher risk due to the potential vulnerabilities of children. An individual under the age of 16 is considered to be a child under the EU data protection laws, although individual member states are allowed to set this at a different age, for example the UK state that
Processing activites are events which an organisation undertakes to fulfil its objectives, where personal data is processed, data protection teams are keen to understand and identify any risks. Understanding how personal data is used within your organisation is often the starting point of determining where risks lie and how to manage them. It is sensible
Transparency is important in order to ensure that data subjects understand how thier personal data is processed. It is one of the core data protection principles to process personal data in a fair, transparent and lawful manner, so this means that we must be sure that we have informed the data subject of how their
The data protection principles are laid out within data protection legislation and they form the backbone of the requirements for any organisation processing personal data. Failure to implement the principles throughout the organisation is deemed to be a significant breach of the regulation and could attract the highest level of fines from the supervisory authority.
Data Protection Principles Read More »
In order for personal data to be processed lawfully, it must be processed according to a specific lawful basis. Personal data should only be processed if at least one of the following applies: Where the data being processed is sensitive personal data, then additional lawful bases are needed in order to justify the processing of this
If you would like to ask more questions or to arrange training, complete the form below and we will respond shortly.
Prefer to schedule a 15 minute call? Schedule call today >>
