Privacy Impact Assessments

Steps to GDPR Compliance: Privacy Impact Assessments

Posted · Add Comment

Use Privacy Impact Assessments to measure the impact of data processing operations Crash Test Dummy – why every prudent processor of data should use Privacy Impact Assessments (PIA) We all feel more secure when we get into our cars knowing they are kitted out with multiple safety features developed through testing and predicting risks of […]


Steps to GDPR Compliance: Vendor Management

Posted · Add Comment

Vendor management Through the GDPR looking glass… “She generally gave herself very good advice, (though she very seldom followed it)” – Why all entities processing data should follow the “very good advice” to “know your Vendor” Introduction In Step 2 of our GDPR blog series, we talked about the importance of data mapping, and knowing where […]

GDPR Right to be forgotten

Steps to GDPR Compliance: The Right to be Forgotten

Posted · Add Comment

The “Right To Be Forgotten” What is the “right to be forgotten”? Article 17 of the GDPR contains the right for data to be erased: otherwise known as “the right to be forgotten”. The principle behind this, as stated by the UK Information Commissioner’s Office (ICO), is to “enable an individual to request the deletion […]

GDPR Subject Access Request

Steps to GDPR Compliance: Subject Access Rights

Posted · Add Comment

“What you looking at?” Will subject access rights become the Vogue under the GDPR? What changes will there be to the current regime? Based on what we know for now, the GDPR subject access request (“SAR”) process will be similar to that under the current regime. The key changes taking effect from May 2018 are: […]

GDPR Data Mapping

Steps to GDPR Compliance: Data Mapping

Posted · Add Comment

Data mapping Step 2 – Follow the yellow brick road Why data map Data mapping should be a key element in any organisation’s compliance strategy, including any pre-employment screening policy. The prospective employer (data controller) can face questions from its candidate base about where their personal data is being sent and how it is used. […]