GDPR - Data Protection Archives - URM
  • When and How to Conduct a Data Protection Impact Assessment (DPIA)

    A data protection impact assessment (DPIA) is mandatory in certain circumstances under the UK General Data Protection Regulation (GDPR). It is also a tool that can be of great value to organisations by assisting them meet their data protection obligations in identifying the risks associated with data processing and, specifically, those posed to data subjects.

  • GDPR scrabble

    Happy Fourth Birthday GDPR!

    On 25 May (exactly 4 years after the GDPR came into force) URM Consulting delivered a 45 minute webinar: ‘The GDPR – Four Years On’ addressing the following topics:

  • Who Needs a ROPA and Why?

    Under the UK General Data Protection Regulation (GDPR), the majority of organisations processing personal data are required to create and maintain a formal record of processing activities (ROPA). It is widely regarded as the core data protection compliance document. In this, the first of two blogs on ROPAs, we are going to address two fundamental questions.

  • Responding to Data Subject Access Requests (DSARs) – Factors to Consider

    Responding to Data Subject Access Requests (DSARs) Let’s face it. There is nothing straightforward or simple about responding to a data subject access request (DSAR). The words ‘I want all of my data’ equate to hours of trawling systems, reviewing content, redacting files, and collating information before any disclosure can take place. Dealing with DSARs […]

  • UK International Data Transfer Agreement

    UK International Data Transfer Agreement On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers. The international data transfer agreement (IDTA) and the UK Addendum to the current European Commission’s standard contractual clauses (SCCs) are the next steps in providing a transfer tool for complying with […]

  • Data Transfer Risk Assessment, gdpr risk assessment template, transfer risk, data risk assessment, transfer the risk

    Data Transfer Risk Assessment (TRA)

    Data Transfer Risk Assessment In our previous post on the Schrems II judgement, we explored the wider implications for transfering personal data between the EU and the US and the implications for the UK in a post-Brexit world. In this blog, we are focussing on transfer risk assessments (TRAs) and, having provided some of the […]