“Are we data protection compliant?” We are asked this question so often that it has almost lost meaning. Without some recognition of the many layers to this question there is a risk you might not like the answer. The short …
Category Archives: Data Protection Act 2018
Webinar: How to Conduct a Data Protection Audit – from your desk
Categories: Data Protection Act 2018, GDPR, Guidance, WebinarData Protection touches so many areas of an organisation. So where do you start an audit? You might want to know if your policies and procedures cover all the areas they should. Or you might be trying to understand …
How to get the most out of your DPIA process
Categories: Breach, Data Protection Act 2018, Data Sharing, GDPR, Guidance, ICO, Public Information, UncategorisedIf your heart says yes, can your DPIA say it too? We wrote back in March about the common mistakes organisations make with Data Protection Impact Assessments (DPIAs). The importance of DPIAs can be seen in three recent cases. In the True Visions Productions (under the DPA 1998) the lack of DPIAs was seen by the Information Commissioner Office (ICO) as one of …
GDPR: the seven principles to follow
Categories: Breach, Consent, Data Protection Act 2018, GDPR, ICOLeading up to May 2018 there was a lot of coverage of the incoming GDPR Data Protection (DP) legislation. Organisations of all sorts knew that something needed to be done but weren’t always sure what it was. Consequently, as a …
NHS Foundation Trust leaks patient email addresses
Categories: Consent, Data Protection Act 2018, Data Sharing, GDPR, ICOOn the 6th September the Tavistock and Portman Clinic sent out an email inviting just under 2,000 patients to participate in an art competition. Unfortunately for the clinic, all the email addresses leaked, visible to all the recipients. An initial …
5 common mistakes made with DPIAs
Categories: Breach, Consent, Data Protection Act 2018, Data Sharing, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorizedWe have outlined 5 common mistakes made with DPIAs. With the GDPR, a DPIA, or ‘Data Protection Impact Assessment’ has moved from being a good practice recommendation to being a mandatory activity for some kinds of personal data processing. The …
5 Tips for Incident Management
Categories: Accuracy, Breach, Brexit, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, DFE, Fines, Fundraising, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorizedThis article is not a guide about how to handle a notifiable breach. By now, you’re all familiar with the ICO Guidance on that. This piece is about the day to day handling of incidents based on over a decade …
We all know about PECR, right?
Categories: Accuracy, Breach, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, Events, Fines, Fundraising, GDPR, ICO, Security, TransparencyAt the Protecture seminar on e-Privacy at the end of November, Rowenna Fielding reminded us that PECR is about more than just consent for electronic direct marketing. I don’t think that Rowenna meant to alarm anyone, just a gentle poke …
Launch of the IRMS Third Sector Retention and Disposal Toolkit
Categories: Accuracy, Breach, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, Events, Fundraising, GDPR, Guidance, ICO, Security, TransparencyThe Information and Records Management Society (IRMS) and Protecture were delighted to formally launch the IRMS Third Sector Retention and Disposal Toolkit and Schedule at an event in Central London last week. Attendees from a number of charities, not-for-profits and …
Equifax – 12 lessons to learn
Categories: Accuracy, Breach, Brexit, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, DFE, Fines, Fundraising, GDPR, Guidance, ICO, Public Information, Security, TransparencyAs the Data Protection Act 1998 (DPA98) comes to an end, we have a first! The first maximum fine under the old law was issued in September to Equifax Ltd. If you’ve heard any of the Data Protection Leads here …