GDPR – Data Protection

URM > Information Security and Cyber Security > GDPR - Data Protection
  • ICO issues enforcement notice to Experian

    Credit reporting agency found to be using personal data for marketing purposes without data subjects’ consent The Information Commissioner’s Office (ICO) has issued an enforcement notice to Experian, the credit reporting agency, asking it to make changes on how it handles personal data within its direct marketing services. The ICO has given Experian 9 months […]

  • What is the GDPR?, Understand how to comply with the General Data Protection Regulation, General Data Protection Regulation (GDPR), data protection act, data protection principles, what is the gdpr, data protection act, gdpr data protection, gdpr principles

    What is the GDPR?

    The General Data Protection Regulation (EU) 2016/679 (GDPR) is an EU regulation which came into effect on 25 May 2018 and has set a new benchmark for the processing of personal data. It applies to any organisation that is processing the personal information of data subjects inside the EEA. The Data Protection Act (DPA) 2018 sits alongside […]

  • The CJEU Declares the EU-US Privacy Shield Invalid and SCCs Valid…but with Conditions, services, consultancy, data protection, data privacy, EU-US Privacy shield, CJEU, SCCs, gdpr, Court of Justice of the European Union

    The CJEU Declares the EU-US Privacy Shield Invalid and SCCs Valid…but with Conditions

    What are the Implications and Next Steps for Your Organisation? On 16 July 2020, the Court of Justice of the European Union (CJEU) issued its judgement on the adequacy of both the Privacy Shield and standard contract clauses (SCCs). The EU-US Privacy Shield is a mechanism that enables participating companies to meet the EU requirements for […]

  • Transferring Personal Data with the EU - Are SCCs the Answer?, data protection, personal data transfer, personal data, dp, uk data protection, urm blog, data protection blog, gdpr blog, gdpr

    Transferring Personal Data with the EU – Are SCCs the Answer?

    With the transition period following the UK’s exit from the EU set to end on 31 December 2020, those organisations that rely on personal data transfers from the EU to the UK are looking to ensure that the transfers remain lawful from 1 January 2021. While there are a couple of frontrunners amongst the options […]

  • How to ensure data protection compliance as you return to the workplace

    Following the coronavirus (COVID-19) lockdown, the return to the workplace is presenting organisations across the globe with a number of challenges. In this blog, we will be addressing the challenge of maintaining compliance with applicable data protection legislation as new controls are proposed that involve processing staff health data for new purposes. Compliance Wheel: Assess the […]

  • GDPR, Brexit and the Adequacy Decision, brexit, gdpr, exit, european eunion, europe, leaving europe, urm consulting, news, blog, urm consulting gdpr, gdpr blog, brexit blog, brexit news

    GDPR, Brexit and the Adequacy Decision

    Subject to approval from the European Parliament, the UK will formally leave the EU on 31 January with a withdrawal deal and will enter a transition period until 31 December 2020. With this in mind, where does that leave the UK from a data protection perspective and what steps, if any, do organisations need to […]

  • DPO Blog: In-house Resource vs Virtual DPO, gdpt, data protection officer, general data protectionj regulation, data protection compliance, gdpr compliance, information security

    DPO Blog: In-house Resource vs Virtual DPO

    This week’s blog takes a look at data protection officers (DPOs) and considers when to look in-house and when a virtual, external resource or hybrid resource may be a better option. So, let’s start by considering the requirement for a DPO.  Under Article 37 of the General Data Protection Regulation (GDPR), certain organisations are required […]

  • Subject access requests (SARs) – The need for education and centralised processes, sar, sars, personal data, forms, gdpr, general data protection regulation, data protection , dp,

    Subject access requests (SARs) – The need for education and centralised processes

    In a previous blog, we looked at the importance of an organisation establishing a tried and tested subject access request (SAR) response process. Having a well-drilled team following a clearly defined process is all well and good but will be largely redundant if SARs received across the organisation are not getting through to your dedicated individual […]

  • Data Protection | Management System Standards | Which is best for me? GDPR ISO 27001 , information security, infosec

    Data Protection and Management System Standards – Which is best for me?

    A question we are increasingly asked is ‘Is there a catch-all international standard that effectively proves external verification of data protection compliance?’ It would be great if the answer to that question was a simple yes, but currently, despite some disingenuous marketing to the contrary, there is no official GDPR certification either centrally or from the […]