Computer Screen
Avoiding Email Data Security Breaches
Latest update:
6 Oct
2022

For all of us, email can be both a blessing and a curse. On one hand you have the speed and convenience of communication, and on the other hand you have a significant information security risk...

Read more
What is the GDPR?
Latest update:
30 Sep
2022

The General Data Protection Regulation (EU) 2016/679 (GDPR) is an EU regulation which came into effect on 25 May 2018 and set a new benchmark for the processing of personal data. It applies to any...

Read more
ROPA Spreadsheet
Who Needs a ROPA and Why?
Latest update:
2 Sep
2022

Under the UK General Data Protection Regulation (UK GDPR), the majority of organisations processing personal data are required to create and maintain a formal record of processing activities (ROPA)...

Read more
Blog Preview Image
GDPR
updateD:
2/9/2022
UK International Data Transfer Agreement

On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers. The international data transfer agreement...

Blog Preview Image
GDPR
updateD:
25/7/2022
How to Respond to a Data Subject Access Request (DSAR)

Let’s face it, there is nothing straightforward or simple about responding to a data subject access request (DSAR).

Blog Preview Image
GDPR
updateD:
25/7/2022
What is the UK International Data Transfer Agreement and What Are the Implications?

On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers. The international data transfer agreement...

Blog Preview Image
GDPR
updateD:
25/7/2022
Data Subject Access Requests (DSARs) Services

One of the fundamental rights of an individual (data subject), under the UK GDPR is to be able to access and receive a copy of their personal information being held by an organisation...

Blog Preview Image
GDPR
updateD:
25/7/2022
Data Transfer Risk Assessment

In this blog, we are focussing on transfer risk assessments (TRAs), commencing with the background that led to their introduction and then addressing the five questions. What is a TRA? Who does it...

Blog Preview Image
GDPR
updateD:
25/7/2022
The CJEU Declares the EU-US Privacy Shield Invalid and SCCs Valid

On 16 July 2020, the Court of Justice of the European Union (CJEU) issued its judgement on the adequacy of both the Privacy Shield and standard contract clauses (SCCs). The EU-US Privacy Shield was...

Blog Preview Image
GDPR
updateD:
25/7/2022
What is the Purpose of ISO 27701 and What Benefits Does it Bring?

The need for guidance on how organisations should best protect privacy and manage personal information has never been more pertinent. Fortunately, guidance exists in the form of ISO/IEC 27701:2019...

Blog Preview Image
GDPR
updateD:
25/7/2022
ISO 27701:2019 and the GDPR

The EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA) both rquire organisations to protect and ensure the privacy of any personal data which they process...

Blog Preview Image
GDPR
updateD:
25/7/2022
In-house Resource vs Virtual DPO

This blog takes a look at data protection officers (DPOs) and considers when to look in-house and when a virtual, external resource or hybrid resource may be a better option.

Blog Preview Image
GDPR
updateD:
25/7/2022
Supply Chain Compliance with the GDPR

This blog focuses on an aspect of the GDPR which can be particularly challenging for a number of organisations, namely, how do you ensure your supply chain complies with the Regulation when processing

Blog Preview Image
GDPR
updateD:
25/7/2022
Data Subject Access Requests (DSARs) – The Need for Education and Centralised Processes

In this blog, we will discuss the importance of ensuring that your whole organisation can identify a DSAR, the benefits of controlling the entry points of DSARs and creating a centralised DSAR process

Blog Preview Image
GDPR
updateD:
22/7/2022
Verifying the Identity of Someone Requesting Information Under the GDPR

This blog looks at the requirement within both the DPA 2018 and the GDPR to verify the identity of an individual making a request before acting or releasing information. Our clients are regularly...

Blog Preview Image
GDPR
updateD:
22/7/2022
Data Protection and Management System Standards – Which is Best for Me?

A question we are increasingly asked is ‘Is there a catch-all international standard that effectively proves external verification of data protection compliance?’ It would be great if the answer to..

Blog Preview Image
GDPR
updateD:
22/7/2022
Transferring Personal Data Outside of the EEA

This blog looks at a very specific area of the GDPR - Article 28 and data transfer outside of the EEA. One of the ways in which you can legitimise an ex-EEA data transfer is by using the standard...

Blog Preview Image
GDPR
updateD:
22/7/2022
What is the Difference Between Personal Data and Sensitive Personal Data?

There is some confusion about the difference between personal data and sensitive personal data and even whether sensitive personal data exists as a term! So, let’s see if we can clarify the situation

Blog Preview Image
GDPR
updateD:
22/7/2022
Tips on Demonstrating UK GDPR Compliance

The easy way (if it was available!) would be to certify to an approved UK GDPR certification scheme. The Data Protection Act 2018 gave the UK’s privacy regulator, the Information Commissioner’s...

Blog Preview Image
GDPR
updateD:
22/7/2022
Are you adequately covering GDPR within your ISMS?

We have seen an increased focus on the General Data Protection Regulation (GDPR) by certification body (CB) assessors when conducting ISO 27001 audits. In the past, assessments typically focused on..

Blog Preview Image
GDPR
updateD:
21/7/2022
BS 10012:2017 – What are the Benefits and How Do I Achieve Certification

BS 10012 is a British management system standard which has been developed to enable organisations to implement a personal information management system (PIMS). It provides a framework for maintaining

Blog Preview Image
GDPR
updateD:
21/7/2022
Gaining Senior Management Buy-In to GDPR Compliance

“It is non-negotiable…….. the potential fines are enormous…….individuals can be held personally liable”. So, with all of these compelling reasons, why can it still be challenging to gain traction on

Blog Preview Image
GDPR
updateD:
21/7/2022
THE GDPR – 5 Myths Dispelled

The adoption of the General Data Protection Regulation (GDPR) by the European Council and Parliament in April 2016 had wide-ranging impacts. These affect all organisations processing personal data...

Blog Preview Image
GDPR
updateD:
15/7/2022
When and How to Conduct a Data Protection Impact Assessment (DPIA)

A DPIA delivers a pre-emptive approach to assessing these risks, and by applying corrective actions can help prevent a data breach occurring. We present an outline of steps in conducting a DPIA

Blog Preview Image
GDPR
updateD:
23/6/2022
How to Create a Record of Processing Activities (ROPA)

Creating a ROPA will involve understanding and capturing processing activities throughout an organisation. In this blog, we will outline a step-by-step procedure on how you can create a ROPA.

"
We used URM as we had a large amount of information to redact for a Court of Protection case and neither had the time nor the knowledge to be able to complete this appropriately. URM were suggested to us and we made contact. They responded very quickly and were able to explain their role, estimated timescales & costings. During the initial consultation, they were very professional and approachable, and certainly had the skills we required. URM’s consultant provided us with details of the work they had completed before & we felt confident to pursue the work with them. We were on a tight deadline for court and URM were confident that they could provide the services we required in a timely manner. The logistics of sending a large amount of confidential documents were easy to navigate and straightforward. We were unable to very accurately gauge how much work was required, however URM’s Team supported us with this and maintained regular contact regarding their progress and addressed any concerns they had. When we needed to contact them, they were prompt with their responses. The work did take longer that envisaged, however that was due to the amount of work that we, as clients, were unable to accurately identify would be required. We did, however, meet the deadline for court. I would certainly use the services of URM again & if possible would work with same team. The services are not cheap, however redacting sensitive information is a skilled task and, therefore, having a professional complete this work is priceless.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.