Personal Data Protection

Age assurance refers to a range of measures which allow organisations to prevent children from accessing services which are inappropriate for their age. It is also used to tailor services to suit children’s developmental needs. The Office of Communications (Ofcom), which regulates broadcasting and telecommunication activities, and the ICO have a mutual interest in ensuring […]

Over the last two blogs we have been examining the 12 steps which organisations were advised to take to prepare for the introduction of GDPR. This time we will look at the final four steps in the process: 9. Personal Data breaches – Organisations need to have the right procedures in place to detect, report

Last month we started looking at the 12 steps which organisations should have taken to prepare for the introduction of GDPR. This is still a very useful approach for determining your compliance status. In the previous blog we looked at the first four steps. Here we will look at steps 5-8: 5. Data subject access

Obtaining an understanding of any piece of UK legislation, so that you can ensure compliance within your organisation, is important.

The ICO says: “Accountability is one of the key principles in data protection law – it makes you responsible for complying with the legislation and says that you must be able to demonstrate your compliance.”

In our blogs we make clear the need for all businesses to consider how they manage personal data within their organisations. One of the concerns for smaller businesses is that this can become expensive and time consuming. The other concern is, of course, the need to be compliant with the relevant regulations. Balancing these requirements

In recent years the use of CCTV, especially in domestic settings, has increased exponentially. There are now around 5.2 million cameras in the UK, but many operators are unaware that there has been a ‘Data Protection Code of Practice for Surveillance Cameras and Personal Information’ in place since the year 2000. In a recent action,

Data protection is a world filled with acronyms.  There are Data Subject Access Requests (DSARs), and you will also hear references to Subject Access Requests (SARS). SAR is the term used in the Data Protection Act (2018). To avoid confusion, in this blog, we will use the DSARs acronym. From the point of view of

The Information Commissioners Office (ICO) defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.”  Organisations may need to report a personal data breach to

Certification regarding personal data protection can often be confusing and a source of conjecture amongst business owners and data protection practitioners. There is currently, as we go to press with this blog, no one all-encompassing GDPR Certificate.  A recent information technology publication from 2021 suggested that: “Organisations simply need to comply with the GDPR (or