As experts in data protection, privacy and the GDPR, we wanted to share our knowledge with you to ensure your compliance journey is as simple as possible. With a clear understanding, data protection best practice will become a natural part of your organisation’s way of working - a benefit to you and your business.
So take a look over our GDPR and data protection resources below.
Numpty Nigel presses ‘Send’
We’ve all done it. We hit ‘Send’ and then scramble to try and get the email back, or stop it sending. That sinking feeling as we realise that the email has gone. The mistake has been made. And we have to face the consequences. What is worse is where the mistake leaves a person worried that their organisation may have to report their mistake to the regulator and they may have just lost their job. That is the most common data breach we come across at the The Privacy Compliance Hub (although we’ve never seen anyone lose their job over it).
Numpty Nigel misses a Subject Access Request
Deadlines are boring aren’t they? They are meant to hurry us up. To make us do what the man wants us to do. Nobody wants to be a slave to the man. We are individuals. We should take our time. After all, deadlines are a target that can always be pushed out. Can’t they?…….. Well, not this one! It is the number one privacy fail resulting in complaints to privacy regulators.
How to create an Article 30 Record
Records can be interesting if you are a Strava athlete. Or a collector of vinyl. But Article 30 Records are not interesting. Even if we call them by their other name – ‘Records of Processing Activities’ – they still don’t sound interesting. And they are not. What they are is an essential (and often legally required) building block of any data protection compliance programme.
How to map your data flows
“Data flows”. Sounds like a job for someone in IT right? Wrong! Creating accurate maps of your data flows is an essential building block of any data protection compliance programme. Don’t get this bit wrong. If you do, everything else will be wrong as well. Time spent on getting this right will save you time over and over again as you build out your programme. Let us give you some pointers.
The Privacy Guy – Privacy Promise 8 – Privacy by design & by default
As everyone that has read his thoughts and watched his videos knows, The Privacy Guy is one seriously cultured individual. Without culture he would be nothing. He’d be an empty shell of a man. A man in an ill fitting grey suit with a clipboard, ticking boxes and shouting, “Computer says no!”. In short, he would be an unsuccessful man.
For a long time organisations have been very generous with their cookies. Website and app owners have been setting cookies on our devices, often without us even realising. But most cookies require the device user’s prior consent otherwise they are unlawful. Read on to find out when you need consent to set cookies and when you don’t.
The Privacy Guy – Privacy Promise 7 – International
The rules in relation to personal data are different from country to country. This has the potential to make the lives of some companies complicated. Which rules apply? How can we make compliance easier? How can we make sure that personal information is protected, wherever it travels? What if the way we process personal information is right in one country, but wrong in another?
The age of consent
What is the biggest myth touted about the GDPR? It is, “If you want to use personal information you must have consent”. Why is this a myth? Because what you need is a lawful basis for processing personal information, not consent. Consent is just one of the six lawful bases available under the GDPR.
The Privacy Guy – Promise 6 – Security
You’ve got to keep personal information safe they say. What does that mean? How safe do you have to keep it? And how do I check whether it is safe enough? All good questions. But, you won’t find the answers in the GDPR, or any other data protection legislation. What you need is a little help from real data protection experts like The Privacy Guy.