I first came across this case early in 2017 when I received an unexpected and unwanted message about a loan to my phone via an organisation calling themselves the ‘Data Supply Company Ltd’. Who were this mysterious organisation and what do they do?
Not many people will know this about me (Dr Botson being the exception), but I occasionally like to dabble in the odd computer game – those escape room ones are a particular favourite! I was concerned to hear that some of my personal details might have been exposed by a major games retailer earlier this …
A recent report from Collyer Bristow*, one of Londons leading law firms, found that 55% of organisations with over 250 staff are unaware of GDPR. Based on the 2017 company figures from the Office of National Statistics (ONS) there are 2.69 million PAYE and VAT registered business in the UK. About 50,000 of those have …
Can there be an equation for compliance? As in mathematical formulas, there is a balance in compliance that needs to be resolved. Every organisation needs to understand what is required of them; what regulations and standards are applicable (Gravity) and understand what are the affected assets (Data in this case). Then, how do they meet …
The imminent GDPR will be a wake up call for some organisations. A host of new rights for individuals are being introduced. Organisations will need to provide processes that allow individuals to exercise these rights.
A Simple GDPR overview for those getting started So what is the GDPR? The General Data Protection Regulation is a new European Union law that becomes enforceable on the 25th of May 2018. It’s aim is to protect individuals by updating data protection law which has not kept pace with the changes brought about by …
A GDPR Primer for those getting started So what is the GDPR? The General Data Protection Regulation is a new European Union law that becomes enforceable on the 25th of May 2018. It’s aim is to protect individuals by updating data protection law which has not kept pace with the changes brought about by modern …
Context: The GDPR requires organisations to maintain a detailed record of their processing activities. This requirement applies to organisations that process data for themselves and on behalf of others. The records created need to be made available to the supervisory authority on their request.
Context: In some cases the GDPR refers to explicit technical measures that need to be implemented such as data encryption and psuedonymisation. In other instances the regulation is vague on what constitutes appropriate security. Therefore there is no definitive list of exactly which technical measures need to be implemented. The measures an organisation chooses should …
Context: The data protection impact assessment is the key documentary requirement which arises in the GDPR. It’s purpose is to ensure that risks to the personal information of individuals have been considered and, where risks are identified, mitigated. It is a mandatory requirement in some instances but is advised across all processing of personal information. …
Copyright ©2016–2022 Gydeline Ltd | Company Registered in England & Wales No. 09559617 | North Wing, Norway House, Summers Street, Lostwithiel, Cornwall, PL22 0BT | VAT No: 226 0817 24