
This blog considers at high-level various possible legal ramifications of using Chatbots, especially ChatGPT, concerned with data protection risks.

In this blog, we will outline a step-by-step procedure on how you can create a ROPA.

Under the UK GDPR, the majority of organisations processing personal data are required to create and maintain a ROPAs

Let’s face it, there is nothing straightforward or simple about responding to a data subject access request (DSAR).

On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers.

One of the fundamental rights of an individual (data subject), under the UK GDPR is to be able to access and receive a copy of their personal information.

We are focussing on transfer risk assessments (TRAs), commencing with the background that led to their introduction and then addressing the five questions.

The GDPR (EU) 2016/679 is an EU regulation which came into effect on 25 May 2018 and set a new benchmark for the processing of personal data.

On 16 July 2020, the CJEU issued its judgement on the adequacy of both the Privacy Shield and standard contract clauses (SCCs).

The need for guidance on how organisations should best protect privacy and manage personal information has never been more pertinent.

The EU GDPR and the UK DPA both require organisations to protect and ensure the privacy of any personal data which they process.

This blog takes a look at DPOs and considers when to look in-house and when a virtual, external resource or hybrid resource may be a better option.

We discuss the importance of ensuring that your whole organisation can identify a DSAR and the benefits of controlling the entry points of DSARs.

We look at the requirement within both the DPA and the GDPR to verify the identity of an individual making a request before acting or releasing information

Is there a catch-all international standard that effectively proves external verification of data protection compliance?

This blog looks at a very specific area of the GDPR - Article 28 and data transfer outside of the EEA.

This blog focuses on an aspect of the GDPR which can be particularly challenging for a number of organisations.

There is some confusion about the difference between personal data and sensitive personal data and even whether sensitive personal data exists as a term!

We provide some questions which should help you in determining your level of compliance with the GDPR

We have seen an increased focus on the General Data Protection Regulation (GDPR) by certification body (CB) assessors when conducting ISO 27001 audits.

BS 10012 is a standard which has been developed to enable organisations to implement a personal information management system (PIMS).

Why can it still be challenging to gain traction on your GDPR compliance project?

The adoption of the General Data Protection Regulation (GDPR) in April 2016 had wide-ranging impacts. These affect all organisations.

A DPIA delivers a pre-emptive approach to assessing these risks, and can prevent a data breach occurring. We present an outline of steps in conducting a DPIA

DTA and the UK Addendum to the current European Commission’s SCCs re the next steps in providing a transfer tool for complying with the UK GDPR.

In this blog, we will outline a step-by-step procedure on how you can create a ROPA.

Under the UK GDPR, the majority of organisations processing personal data are required to create and maintain a ROPAs
URM can offer a host of consultancy services to help you managing DSARs, DPIAs ROPAs, privacy notices, data retention schedules and training programmes.
If uncertain, URM is able to conduct a high-level GDPR gap analysis which will assist you understand your current levels of compliance and identify gaps and vulnerabilities.
By attending URM’s online BCS Foundation Certificate in Data Protection course, you will gain valuable insights into the key aspects of current DP legislation including rights of data subjects and data controller obligations.