Blog: Practical Privacy
As experts in data protection, privacy and the GDPR, we wanted to share our knowledge with you to ensure your compliance journey is as simple as possible. With a clear understanding, data protection best practice will become a natural part of your organisation’s way of working - a benefit to you and your business.
So take a look over our GDPR and data protection resources below.
Am I a controller, a processor, or both?
Controllers of personal information are the ones with all the liability under the GDPR, right? Wrong. Processors have obligations under the GDPR too. And then there’s joint controllers as well. They are jointly liable to people who have suffered damage because of a GDPR breach. To confuse matters further, an organisation can be both a controller and a processor at the same time (although not in relation to the same processing activity).
How to send marketing emails under the GDPR
Do you remember where you were during the great avalanche of May 2018? Piles of emails swamped inboxes across a vast area covering the UK and the EU. In the run up to the GDPR, these emails requested consent to send further emails to their recipients after 25 May 2018. Some were necessary, but a large proportion of them were not. The avalanche was borne of confusion about the GDPR and fear of fines. Even now confusion remains. Read on to find out when you need consent to send marketing emails and when you don’t.
When to appoint a Data Protection Officer
Appointing a data protection officer is much more than simply giving someone a title. The decision whether or not to appoint a data protection officer is a serious one and must be considered carefully. You need to know why you may need to appoint one. You need to know what you should look for in a data protection officer. And you need to know the risks if you appoint the wrong one.
When and how to notify a data breach
Almost all organisations have had a data breach. Some of them know they have had a data breach. Most probably don’t. People tend to think that a data breach is caused by a hacker breaking into an organisation’s systems and gaining access to customer personal information for malicious purposes. The reality is that personal data breaches are far more likely to be the result of careless mistakes by employees than the work of hackers. In fact, 90% of UK data breaches are caused by human error.
How to comply with the CCPA
Let’s get one thing straight – privacy protection is not going away. California is the first US State to give its residents a high level of protection and control over their personal information. It is not going to be the last. And protecting individuals’ rights over their information is a worldwide phenomenon driven by genuine concerns.