Category: GRC

Context: It should be made clear up front that contracts are an area where specific legal advice should be sought. The detail given below gives

Context: Where the GDPR mandates that a DPO is required it also stipulates that the organisation provides an appropriate level of support to the DPO

Context: One of the key ways that personal data can be protected and which is outlined within the GDPR is security measures. What the GDPR

Context: Having a well rounded set of data protection policies is not only required by the GDPR but is good business practice.

Context: In order to determine if the appropriate technical security measures have been implemented, notice needs to be taken of the risks associated with processing.

Context: In some cases the GDPR refers to explicit organisational measures that need to be implemented such as data protection policies and human intervention. In

Context: A fundamental, under-pining concept for the GDPR (outlined in Article 15) is that personal data is the property of the individual. This ownership is

Context: The GDPR recognises that there will be situations where there are 2 or more ‘joint’ controllers. All controllers have a responsibility to ensure that

Context: A core principle behind the GDPR is that personal information is the property of the data subject. This principle is embodied in two key