#GDPR Infographics

#GDPR Featured Articles

GDPR Dirty Dozen: Myths, Misconceptions, and Misunderstandings about GDPR

The General Data Protection Regulation will be enforceable from Friday, May 25. Consequently, there has been a lot of media coverage of this new European Union leglisation. There are a lot of misconceptions concerning what GDPR actually states, whom it affects and how it will be implemented. […]

GDPR for US Companies

The implications of the General Data Protection Regulations (GDPR) for US companies who collect, maintain, or process the personal data of individuals located within the EU will be significant – and compliance is compulsory. The GDPR is a new EU data protection law that will take effect on May 25, 2018. […]

Who Does GDPR Apply to?

The General Data Protection Regulations (GDPR) became enforceable on May 25 and there is still a lot of confusion surrounding this legislation. If you are not living in a European Union (EU) country, you may think that GDPR has nothing to do with your personal data. Many organizations think that they are not affected because of their size or location. Many are in for a surprise, and not necessarily a good one. […]

Guide to GDPR Penalties

The General Data Protection Regulations (GDPR) is now enforceable in all European Union (EU) states. All business, not just those in EU Member States, are affected if they employ, hire, trade with or sell to any EU citizen or company. The penalties for not being GDPR compliant are extremely high. The biggest concerns about the GDPR are the size of the fines. Businesses will be fined the larger of €20m or 4% of their annual income. […]

How to Report a GDPR Breach

The General Data Protection regulations have just kicked in in all European Union (EU) Member States. Due to this, if your business or organization employs, trades with, buys or sells to or from an individual or business that involves an EU citizen anywhere in the world your company is subject to rules and penalties. There are several changes in relation to data protection plans that were introduced before GDPR came into effect. One of these is personal data breaches. […]

What is GDPR Compliance?

In May 2018, GDPR compliance will become compulsory for every business or organization that collects, maintains or uses the personal data of EU citizens. The implementation of the General Data Protection Regulation (GDPR) and the subsequent need for GDPR compliance will have a significant impact on how businesses and organizations approach data protection, regardless of their geographical location. […]

#GDPR Basics

What is GDPR in Simple Terms?

Data protection has become an ever more important issue as use of the Internet has grown. The more data that is collected online, the more potential there is for the data to be compromised. For several years there has been talk of introducing more uniformity to data protection rules across the EU. Now the General Data Protection Regulation (GDPR), which was agreed in 2016, is set to make that happen. GDPR becomes law on 25 May 2018, and it is important that businesses […]

What are the Countries Subject to GDPR Privacy Law?

If you think that your company will not be affected by the General Data Protection Regulation (GDPR), as it is not based within the EU, you may be in for a surprise. Whether a company is expected to be compliant or not does not depend on where it is based. If your company has any offices within the EU, or if it processes the data of any EU citizens, it must comply with the GDPR. Given the global nature of most business […]

GDPR Compliance Checklist

The objective of this article is to provide a GDPR compliance checklist to allow companies to get started on GDPR compliance. It is not a comprehensive guide, but instead is a quick-start guide. The General Data Protection Regulation has been a reality since it was first agreed upon, in 2016. But, according to Spice works, only 2% of IT professionals surveyed within the EU felt that their company was fully prepared […]

GDPR Best Practices

The General Data Protection Act (GDPR) becomes law on 25 May 2018, so it’s important that all businesses and organisations are aware of GDPR best practices. Failure to adopt these GDPR best practices could result in non-compliance. This in turn could lead to businesses facing heavy fines, or other sanctions. No business can afford for this to happen. Of course, complying with the GDPR also means […]

GDPR Terminology

As the implementation of the General Data Protection Regulation (GDPR) draws near, it is important that businesses and organisations understand the terminology that is being used. Here are some of the terms that you may have seen, with a short explanation for each. Data Controller – a person who decides what personal data is processed and how it should be processed. […]

GDPR Summary

The text of the General Data Protection Regulation was agreed as far back as 2015, and the regulation becomes law on 25 May 2018, from when the details in this GDPR summary apply. From this date, any business or organisation which is required to comply with the GDPR, and fails to do so, could be subject to the imposition of fines and other sanctions. The level of fine imposed will be decided by the relevant […]

GDPR Frequently Asked Questions

The General Data Protection Regulation (GDPR) is due to become law in May 2018, and already there are many GDPR frequently asked questions. The introduction of the GDPR is intended to provide a level of uniformity to the way personal data is handled, across the EU. It also improves the rights of EU citizens, with the regards to the processing of their personal data, by businesses and organisations. […]

GDPR Data Protection

Prior to the enforcement of GDPR data protection, there are currently data protection regulations and recommendations in place, throughout the various member states of the EU. One of the main reasons for the introduction of the General Data Protection Regulation (GDPR) is to try and bring a level of uniformity in the way that data protection is addressed throughout the EU. […]

Essential Steps for GDPR Compliance

Europe is a couple of months away from enforcing the General Data Protection Regulation. With this limited time, several studies still show that most companies are not prepared for the new requirements. The fact remains that they will have to find a way of complying with this law before May 2018 if they want to remain operational in Europe without incurring heavy fines. The law essentially does two things […]

GDPR Implementation Priorities

The General Data Protection Regulation (GDPR) comes into force on 25 May 2018, and many businesses and organisations still do not feel as though they are fully prepared. If you are feeling concerned about being ill-prepared for GDPR, it is important not to panic. Hopefully, you should already have plans in place to ensure […]

How to Prepare for GDPR

You only need to look at the results of surveys by Exchange Wire, Calligo and McAfee, among others, to see that many data professionals, and their organisations, are not fully prepared for the General Data […]

Cost of GDPR Compliance

Legal tech firm Axiom reported that its research had shown that FTSE 100 and Fortune 500 companies could end up paying around £800 million in order to scrutinise contracts, to ensure compliance with the General […]

What are the GDPR Penalties?

If you are concerned that your business or organisation may not be fully prepared for the enforcement date of the General Data Protection Regulation (GDPR), you really should be taking action. The date in question is 25 May 2018, and if your business is not prepared for compliance by then it could face serious penalties. Much of the definition around penalties is still to be announced […]

What is the GDPR deadline?

If you live within the EU, chances are that you will have heard the General Data Protection Regulation (GDPR) mentioned. But, do you know how it affects you? If the business or organisation that you […]

How to Report a GDPR Breach

The General Data Protection regulations have just kicked in in all European Union (EU) Member States. Due to this, if your business or organization employs, trades with, buys or sells to or from an individual or business that involves an EU citizen anywhere in the world your company is subject to rules and penalties. There are several changes in relation to data protection plans that were introduced before GDPR came into effect. […]

Data Retention Policies under GDPR

As of this Friday, May 25, the General Data Protection Regulation come into effect in all European Union (EU) states. Many countries who are not members of the EU are unconcerned about the regulations of the GDPR. However, if your company or organization does business with any clients or employees who are EU citizens then the GDPR does indeed affect your business. […]

#GDPR for US Companies

GDPR for US Companies

The implications of GDPR for US companies who collect, maintain or process personal data of EU citizens will be significant – and compliance is compulsory. The European Union´s General Data Protection Regulation (GDPR) takes effect in May 2018. The Regulation affects how the personal data of EU citizens is collected, used and maintained, and introduces the right for individuals […]

Does GDPR Apply to EU Citizens in US?

This would seem like a simple question. However, with many things in the soon-to-be-enacted GDPR, there is not simple answer. If read to the letter of the law, anyone who is a European citizen is […]

Does GDPR apply to EU citizens in the United States

The use of the words ‘European Union citizen’ can be confusing, when discussing the General Data Protection Regulation (GDPR). It makes more sense to talk about people who are located within the EU. This is […]

GDPR for US Companies Selling into The European Union

Many people make the mistake of believing that the upcoming General Data Protection Regulation (GDPR) only applies to businesses and organisations that are based within the EU. This is not the case. GDPR applies to […]

#GDPR for IT Teams

GDPR Requirements for Cloud Providers

The General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, is a lot more wide reaching than many people are aware of. This wide reach can be especially important to recognise for third party providers, such as Cloud services providers. These providers could be affected by the GDPR even if they do not directly have any Europe based clients. […]

What is High and Very High Risk for GDPR?

The introduction of the General Data Processing Regulation (GDPR), on 25 May 2018, is intended to regulate the way different member states of the EU deal with data protection matters. This should lead to a new level of uniformity. It is important to note that this does not just apply to companies and organisations within the EU, but also to companies and organisations that have offices in an EU country […]

GDPR Compliance Requirements for Website Owners

You may not think that the new General Data Protection Regulation (GDPR) applies to your website because it is an EU regulation and your business or organisation is based outside of the EU. However, it is important to remember that GDPR deals with the data protection rights of all EU citizens. This means that if EU citizens provide you with their data via your website, you need to make sure […]

GDPR Implications for WiFi Networks

Too many businesses or organisations do not realise that they will be affected by the introduction of the General Data Protection Regulation (GDPR), or are not fully prepared for it. If your business or organisation is based outside of the European Union (EU), you may be thinking that this EU based regulation has nothing to do with you, but you could be wrong. […]

GDPR Compliance for Cloud Applications

The introduction of the General Data Protection Regulation, on 25 May 2018, has far reaching implications. These implications apply for any company across the globe, that is involved with the processing of personal data related to people who live within the European Union. When it comes to Cloud applications, GDPR applies to both the data controller that uses the Cloud […]

GDPR Data Backup Requirements

Physical and technological failures and glitches occur even in the best-maintained and most secure files. This is why the General Data Protection Regulation (GDPR) must have in place a plan to safeguard and restore data in […]

What are the GDPR Password Requirements?

The new General Data Protection Regulation (GDPR), which comes into force in 2018, does not outlaw the use of a simple username and static password system for accessing personal data, but it does state that access procedures need to be secure. If procedures are not secure, businesses and organisations can be found to be in breach of GDPR stipulations. This can have serious consequences. […]

What are GDPR Email Archiving Rules?

The first thing to say is that the General Data Protection Regulation (GDPR) does not provide specific rules for the handling and archiving of emails, but it does make a big difference to the way […]

Data Collection Rules under GDPR

The General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, contains several principles which businesses and organisations must comply with. These principles are displayed in Article 5 of GDPR. Let’s look […]

Information Governance and GDPR

The new General Data Protection Regulation (GDPR) is not all about ensuring that your business or organisation has consent to process personal data; there is far more to it than that. Information governance is a […]

What is the GDPR Definition of Personal Data?

There has been some confusion regarding what is defined as personal data, under the General Data Protection Regulation (GDPR). Much of this is due to the fact that there is no set list of what […]

What is GDPR Right to Erasure?

According to the soon-to-be-implemented General Data Protection Regulations (GDPR) under Article 17, every European Union citizen has the right to request that his personal data file be modified or deleted. What GDPR States Regarding Erasure […]

What is GDPR Right to Data Portability?

The General Data Protection Regulation will go into effect in all EU states in late May. Among its clauses is the right to data portability. This allows individuals to acquire and use their own personal […]

Cross Border Data Transfer Rules under GDPR

General Data Protection Regulation, which becomes law on 25 May 2018, is similar to the current Data Protection Directive in the way it refers to cross border transfer of data, but it is more explicit about the various protections that have to be in place in order for a business or organisation to transfer data to a third country. […]

GDPR Subject Access Request Rules Explained

The procedures for requesting a Subject Access Request (SAR) are set to change very little with the introduction of the General Data Protection Regulation (GDPR), in May 2018. But, the process for providing a response is a little different. It’s important for businesses and organizations to be aware of these changes, as if they do not comply with GDPR they could be on the receiving end of a variety […]

#GDPR Legal Definitions and Rules

What are the Exemptions to GDPR?

To be accurate, The General Data Protection Regulation (GDPR) soon to go into effect on May 28, 2018 applies to all businesses based in the European Union. But it also applies to any organisations anywhere in the world that have customers who are citizens of any of the European Union countries. […]

GDPR: How it Changes EU Data Protection Law

The primary objective of the GDPR is to safeguard the European Union citizens from data breaches. This is particularly important since the world is increasingly becoming data-driven and the conditions are largely different from the the time that the 1995 directive was enacted. Although the fundamental tenets of the previous directive still hold, the new General Data Protection Regulation which is set to […]

What are the Best Data Retention Policies under GDPR?

Even under the Data Protection Directive, companies and organisations should not continue storing and processing personal data for any longer than is necessary. The same will be true when the General Data Protection Regulation (GDPR) […]

GDPR Enhanced Citizen Rights Explained

The new General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The regulation brings with it new rights for people living within the EU. The rights relate to personal data which is processed by businesses and organisations, whether the business or organisation is based within the EU or not. […]

GDPR Article 30 Documentation Requirements

Once the General Data Protection Regulation (GDPR) comes into operation, on 25 May 2108, all businesses and organisations that are involved with processing the data of people living within the EU will be expected to comply with its stipulations. It is also important to note that, as detailed in Article 30 of GDPR, businesses and organisations need to keep records of their processing activities […]

How is Personally Identifiable Data Defined under GDPR?

By now, most businesses and organisations will be aware of the General Data Protection Regulation (GDPR) All businesses or organisations that process the personal data of people who live within the European Union must comply with the new regulation […]

GDPR Article 35 Compliance

Article 35 of the General Data Protection Regulation (GDPR) stipulates that a Data Protection Impact Assessment (DPIA) should be carried out if the processing of data is high risk. Although there is no definitive explanation of what high risk is, the Article 29 Working Party has provided some advice as to what type of data processing could be considered high risk. This list includes areas such as […]

Nominating a GDPR Lead Supervisory Authority

Following the introduction of the General Data Protection Regulation (GDPR), in May 2018, each business or organization will report to a Lead Supervising Authority (LSA), in that this will be where they get any advice and guidance that they need. More importantly, the LSA will be responsible for determining the fines and sanctions that are applicable, should a business be found […]

Summary of GDPR Notification Requirements

GDPR’s data breach notification requirements will be significantly different from the existing ones. The regulation tends to move away from the current general notifications and introduces a new practice that embraces policies and procedures. Under this law, businesses will have to report any data breach that if left unaddressed may lead to a substantial damaging impact on a person such as causing […]

What is the definition of Personal Data under GDPR?

The General Data Protection Regulation (GDPR), which comes into force of 25 May 2018, is intended to give EU citizens more control over the personal data about them that is held by businesses and organisations. GDPR does not just apply to businesses that are located within the EU, it applies to any business that processes the personal data of EU citizens. This means that the introduction of the GDPR […]

Differences Between Controller and Processor Under GDPR Rules

One of the changes that will be introduced with General Data Protection Regulation (GDPR) in 2018 includes the delineation of specific obligations on data controllers and processors. Contrary to the current law, the new data protection regulations place statutory responsibilities on data processors. In this case, it is advisable for companies to be in a position to determine whether they are […]

Does Every Company Need to Appoint a GDPR Data Protection Officer?

The simple answer to this question is that not all companies need to appoint a Data Protection Officer (DPO) under the General Data Protection Regulation (GDPR). It is expected that larger companies (those that employ more than 250 people), and process personal data on a large scale, will appoint a DPO. However, small businesses may also need to appoint a DPO, if they process large amounts […]

What Exemptions are there from GDPR?

The introduction of General Data Protection Regulation (GDPR), on 25 May 2018, is intended to bring consistency to the way in which data protection is dealt with across the EU. That being said, there will be situations where member states can implement their own rules. There are certain areas, covered by Article 23 of GDPR, where EU member states can create derogations, which enable […]

What are the Rights of Individuals under GDPR?

There are two main reasons for the introduction of General Data Protection Regulation (GDPR); to create uniformity in the way data protection is dealt with across the EU and to provide new, and clarified, rights to people living within EU states. There are several rights of the individual which are detailed in the GDPR and which need to be complied with once the regulation becomes law on 25 May 2018. […]

What are the Differences between GDPR and the EU Data Privacy Directive?

The Data Privacy Directive was originally adopted in 1995, as a means of regulating the way personal data was dealt with in EU member states. Since the EU Data Privacy Directive was introduced, much has changed, regarding the availability of data. These changes have been brought about by the growth of the Internet, which has meant that a person’s data can now be held, and accessed […]

GDPR Guidelines on Binding Corporate Rules

The Article 29 working party has produced two documents which detail General Data Protection Regulation (GDPR) requirements, in relation to Binding Corporate Rules (BCRs). One document deals with controller BCRs and the other deals with processor BCRs. Here are some of the elements which are included in the documents. […]

Lawful Basis for Processing Personal Data under GDPR

The General Data Protection Regulation (GDPR) becomes law on May 25 2018. Once this happens, any business or organisation that processes the personal data of individuals who live within the European Union will have to comply with the legislation […]

What are the Rights of Individuals under GDPR?

There are two main reasons for the introduction of General Data Protection Regulation (GDPR); to create uniformity in the way data protection is dealt with across the EU and to provide new, and clarified, rights to people living within EU states. There are several rights of the individual which are detailed in the GDPR and which need to be complied with […]

Differences between European Privacy Laws and American Privacy Laws

Although General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, is a European law, it affects businesses and organisations across the globe. This is because any business or organisation that processes the personal data of people who live in EU states must comply with the GDPR, no matter where the business or organisation is based. This can have […]

GDPR Impact on the Definition of Personal Data

You may be aware that on 25 May 2018 the General Data Protection Regulation (GDPR) becomes law. GDPR applies to any business or organisation that processes the data of people who live within the EU, no matter where the business or organisation itself is located. GDPR goes a lot further than the directive which has been in place since 1995. It is intended to bring […]

GDPR Rules for Recording Calls

Call recording is a process that is widely used by businesses and organizations across the globe. It is a valuable tool, and one that will continue to be used for years to come. But, there are regulations that businesses need to be aware of, when it comes to the recording of calls. One set of rules which needs to be considered […]

Privacy Shield vs GDPR Comparison?

One of the stipulations of the General Data Protection Regulation (GDPR), which will be enforced from 25 May 2018, is that the personal data of people living within the European Union can only be transported […]

Data Breach Notification Obligations under GDPR

The soon to be introduced General Data Protection Regulation (GDPR) places greater emphasis on the security of personal data than the previous Directive. This means that businesses and organisations need to pay attention to the way in which they secure the personal data they process and the way they notify relevant parties about data breaches […]

What is the GDPR right to be Forgotten?

When the General Data Protection Regulation (GDPR) comes into force, in May 2018, it applies to any individual who is living in the EU at the time. This means that any business that handles personal data relating to these individuals must comply with GDPR. One of the important factors covered by GDPR is the right to be forgotten. This right applies to situations where there is no reasonable reason to continue […]

What is Legitimate Interest in GDPR?

You may have heard a lot about consent, in relation to the General Data Protection Regulation (GDPR), which becomes a reality in May 2018. But, this is not the only reason organizations and companies can process personal data. There is also legitimate interest to be considered. Detailed guidance regarding legitimate interest is not expected to be provided until next year. But, there are some basic facts that it’s important […]

GDPR Guidelines on Binding Corporate Rules

The Article 29 working party has produced two documents which detail General Data Protection Regulation (GDPR) requirements, in relation to Binding Corporate Rules (BCRs). One document deals with controller BCRs and the other deals with processor BCRs. Here are some of the elements which are included in the documents. […]

GDPR Data Protection Officer Role Clarified

When the General Data Protection Regulation (GDPR) comes into force, on 25 May 2018, there will be a requirement for businesses and organizations that deal with mass people monitoring, or large amounts of sensitive personal […]

Can People Access Personal Data Files and Supplementary Information?

According to the General Data Protection Regulations (GDPR), soon to be implemented in all European Union Member States, every EU citizen — no matter where in the world they is residing — has the right […]

What Exemptions are there from GDPR?

The introduction of General Data Protection Regulation (GDPR), on 25 May 2018, is intended to bring consistency to the way in which data protection is dealt with across the EU. That being said, there will be situations where member states can implement their own rules. There are certain areas, covered by Article 23 of GDPR, where EU member states can create derogations […]

Overview of GDPR Notification of Data Breaches

When the General Data Protection Regulation becomes law, on 25 May 2018, businesses and organisations will face new rules regarding the reporting of a data breach. Reporting a data breach to the Data Protection Authority […]

GDPR Notification Requirements

Currently there is no general responsibility for companies who process data of EU citizens to report a data breach to data subjects, although some companies do send notifications as a matter of course. Once the General Data Protection Regulation (GDPR) comes into force, on 25 May 2018, there will be a requirement to notify data subjects of a data security breach, in certain circumstances. […]

What is the GDPR Right to be informed?

Under the General Data Protection Regulations (GDPR) which become law in every European Union State at the end of this month, everyone has the right to be informed. This means that every EU citizen must be given the information regarding what is held in their personal data file, how this information is being collected and what will be done with it. […]

What is GDPR Special Category Data?

The General Data Protection Regulations becomes law in every European Union State on May 25. This legislation is aimed at protecting the personal data of all European Union citizens—around the globe. GDPR has a direct effect in all EU member states. Regardless of where your business, organization, or enterprise exists, you must ensure it complies if it employs and/or does business with any EU citizens. […]

What is a GDPR Code of Conduct?

The General Data Protection Regulations come into power on May 25. This legislation aims to protect the personal data of all European Union citizens — no matter where they live. GDPR has a direct effect in all EU member states. Businesses, organizations and enterprises that employ and/or deal with EU citizens will have to comply with the guidelines of GDPR. […]

GDPR Right to Restrict Processing Explained

The new General Data Protection Regulations come into effect the last week of May. These guidelines are aimed at protecting the rights of EU citizens. Businesses that employ or do business with EU citizens must comply with these regulations or face stiff penalties. Individuals whose personal data is being collected have the right to ask that their personal data be restricted or suppressed—in special situations. […]

Can People Access Personal Data Files and Supplementary Information?

According to the General Data Protection Regulations (GDPR), soon to be implemented in all European Union Member States, every EU citizen — no matter where in the world they is residing — has the right to access his personal data file and any supplementary information attached to it. […]

GDPR Right to Corrections and Rectifications

One of the rights ensured to European Union citizens under GDPR is their right to access personal data. In addition to having access to their personal data file, EU citizens also have a right to see any supplementary information attached to this data. Article 16 of the GDPR outlines an individual’s right to correction. […]

GDPR Rules for Criminal Offense Data

General Data Protection Regulations become law in every European Union State at the end of this month. Aimed at protecting the personal data of all European Union citizens, GDPR has a direct effect on Criminal Offense data and how it is collected, processed, used and stored in all EU member states. […]

What is GDPR Special Category Data?

The General Data Protection Regulations becomes law in every European Union State on May 25. This legislation is aimed at protecting the personal data of all European Union citizens—around the globe. GDPR has a direct effect in all EU member states. Regardless of where your business, organization, or enterprise exists, you must ensure it complies if it employs and/or does business with any EU citizens. […]

What is a GDPR Code of Conduct?

The General Data Protection Regulations come into power on May 25. This legislation aims to protect the personal data of all European Union citizens — no matter where they live. GDPR has a direct effect in all EU member states. Businesses, organizations and enterprises that employ and/or deal with EU citizens will have to comply with the guidelines of GDPR. […]

GDPR Right to Restrict Processing Explained

The new General Data Protection Regulations come into effect the last week of May. These guidelines are aimed at protecting the rights of EU citizens. Businesses that employ or do business with EU citizens must comply with these regulations or face stiff penalties. […]

What is the GDPR Right to be informed?

Under the General Data Protection Regulations (GDPR) which become law in every European Union State at the end of this month, everyone has the right to be informed. This means that every EU citizen must be given the information regarding what is held in their personal data file, how this information is being collected and what will be done with it. […]

GDPR Subject Access Request Procedures

At the end of May, the General Data Protection Regulation becomes law across all European Union Member States. This legislation aimed aims to provide greater protection of the data of all EU citizens whereever they reside. One of the main components of GDPR legislation is Data Subject Access Request (DSAR). This means that all EU citizens who have data collected by any business or enterprise can check to ensure that their data is being processed legally. […]

What are GDPR Data Subject Rights?

Under the General Data Protection (GDPR) legislation which becomes effective tomorrow, Friday May 25, individuals who are European Union (EU) citizens have eight fundamental rights. Many EU citizens, and companies that have collected their personal data seem to be under the assumption that each EU citizen has these eight rights carved in stone. However, these rights are not absolute. […]

#GDPR for Human Resources

GDPR’s Direct Impact on Human Resources

The right for individuals, including employees, to access the personal data held by their employers is a fundamental principle of the current data protection regulation. This tenet will continue to be important under the new GDPR. […]

GDPR and Employee Engagement

When you first think about GDPR and employee engagement, they may not seem as though they are related in any way. However this is not the case. There is actually a strong connection between the […]

GDPR Impact on Recruitment Industry

It is has been almost two decades since the introduction of the Data Protection Acts (DPAs). As technology develops, business operations and human activities keep changing. The laws governing these activities must keep pace with the rate of change. The European Union seems to have taken heed of this advice and, on May 25 2018, will introduce General Data Protection Regulation […]

GDPR Compliance for Off-site Workers

When the General Data Protection Regulation (GDPR) legislation is enacted by the European Union on May 25 2018, firms that have established a safe information management process that incorporates offsite workers will be in a position to demonstrate that they have satisfied all the requirements to mitigate risks to their information. This will help in safeguarding IP and customer data […]

Who is Responsible for GDPR Training?

Any business which employs more than 250 people, and processes personal data, is required to have a Data Protection Officer (DPO) under GDPR rules. Businesses will need to be compliant with this rule once the General Data Protection Regulation (GDPR) is introduced, in May 2018. The problem is that there is a lack of suitably qualified data protection experts. Ideally, businesses should hire people […]

Does GDPR Apply to Employees?

The simple answer to the question, does GDPR apply to employees, is that yes it does. Businesses cannot only think about complying with the General Data Protection Regulation (GDPR) in respect of clients, it applies just as much to the people who work for the business. It is important that businesses ensure that they are meeting all of their obligations, when it comes to protecting the personal data […]

What are the GDPR Restrictions on Employee Data?

You may think that you know everything there is to know about General Data Protection Regulation (GDPR), but the rules dealing with employee data are different to those which deal with the data of individuals who are dealing with a business or organisation as a customer or potential customer. If you think about it carefully, you can understand why HR activities within a business […]

What are the GDPR Restrictions on Employee Data?

You may think that you know everything there is to know about General Data Protection Regulation (GDPR), but the rules dealing with employee data are different to those which deal with the data of individuals who are dealing with a business or organisation as a customer or potential customer. If you think about it carefully, you can understand why HR activities within a business […]

#GDPR and Marketing

What are the GDPR Rules for Cold Emailing?

Cold emailing can be an important tool, especially for small businesses. It is a way of interesting people in a product or service. But, what happens when the General Data Protection Regulation (GDPR) becomes law, in May 2018. Will businesses will be able use cold emailing. The answer to this question is yes; but there are rules which need to be followed. […]

GDPR Impact on Email Marketing

The EU’s General Data Protection Regulation (GDPR) unifies different email laws from across member states. The new law is set to bring greater consistency to how businesses use and store data. GDPR modifies various critical aspects of email marketing including how the marketers ask, collect and record users’ consent. The unified regulations will enable organizations to maximize the Digital Single […]

GDPR Requirements for Emailing Existing Customers

The European Union’s approach to online privacy sets new requirements for communications between email marketing companies and their subscribers. The new General Data Protection Regulation (GDPR) legislation, to be introduced on May 25 2018, brings far-reaching changes that will make organizations accountable for their actions while empowering and protecting the users […]

What are the GDPR Customer Consent Rules?

When the General Data Protection Regulation (GDPR) comes into force on 25 May 2018, rules for obtaining consent are going to be more stringent than they are at present. Business owners and data protection specialists need to be aware of the changes. If they do not make sure they are aware, they could be faced with a hefty fine, or other enforcement methods. It is important to remember that any business […]

Does GDPR Require New Consent from Existing Clients?

When the General Data Protection Regulation (GDPR) activates, on 25 May 2018, you may still be able to use the consent you already hold, under previous data protection regulations. Under GDPR, consent must still be given freely, and it must be specific and informed. This is no different to what is currently expected, so your organisation should already be complying. […]

Is Profiling Allowed under the GDPR?

Writers of The General Data Protection Regulations (GDPR) have defined profiling to include ‘any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to […]

#GDPR for Software Development

Software Upgrades for GDPR Compliance

When the General Data Protection Regulation (GDPR) becomes law, on 25 May 2018, you will need to know about software upgrades for GDPR compliance. It could be that your business or organisation may need to upgrade software that is already in place, or it may need to find a different software solution. Let’s start by examining what the GDPR actually is […]

GDPR Compliance for Software Applications

As a software developer, you may have heard about the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. It is important that you know how the introduction of this regulation affects your role as a developer. Basically, you need to ensure that the work you do fits with the business complying […]

#GDPR for Specific Markets

How does GDPR Apply to Schools?

The two-year grace period for organizations to align their systems and processes to General Data Protection Regulation (GDPR) requirements is almost coming to an end with less than eight months remaining. This has left many organizations fighting to adjust their processes in the limited time remaining to comply with the regulations and avoid potential hefty fines. Some of the organizations […]

GDPR Compliance for the Insurance Industry

You may have heard about the implementation of the General Data Protection Regulation (GDPR), which is due to take place on 25 May 2018; let’s take a look at GDPR and the Insurance Industry in more detail. This type of in depth consideration is important, as failure to comply with GDPR rules could lead to the imposition of significant fines and other sanctions. One thing it’s important to note is that the GDPR […]

GDPR for Medical Devices

The growth of the Internet has brought connected medical devices to the fore. They can help with everything from the monitoring of patients to the collection and use of statistical data. This helps to improve medical care across the globe and progresses the medical knowledge of health professionals. The use of these devices provides […]

UK General Data Protection Regulation

In this article we are going to look at the UK General Data Protection Regulation, or rather, how the General Data Protection Regulation (GDPR), will affect how data protection is dealt with in the UK. The GDPR takes effect from 25 May 2018, so it’s important that any businesses and organisations are well prepared for its implementation by then. […]

What are the Implications for GDPR in the UK after Brexit?

You may have heard about the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. However, do you understand what its implications are pre and post Brexit? It is vital that any businesses or organisations based in the UK understand what those implications are as non-compliance with the GDPR can lead to serious consequences, including fines of up to 20 million euros […]

What Does GDPR Mean for International Organizations?

It is a common misconception that the General Data Protection Regulation (GDPR), which becomes a reality in May 2018, only applies to businesses and organizations which are based within the EU. This is not the […]

Does GDPR Apply to Canadian Companies?

Currently the Personal Information Protection and Electronic Documents Act (PIPEDA) is in place, to ensure the free flowing of personal data from companies within the EU to companies in Canada and vice versa. It is […]

GDPR Compliance for Websites

You have more than likely heard about the General Data Protection Regulation (GDPR), but you may not know how it is going to affect your business, and what it means for your website. Most businesses […]

GDPR and its Effects on the Cloud

A recently convened roundtable called to discuss digital storage could not have been arranged at a more opportune time. The panel of UK based data experts was put together in the main for a broad […]

GDPR Rules for Hotels

The newly-introduced European Union General Data Protection have far-reaching effects on businesses and organizations that deal with, or employ, European Union citizens anywhere in the world. One of the mains business sectors affected by this legislation which was introduced last Friday May 25, is the hotel industry. […]

#GDPR for SMEs

GDPR for Small Business

GDPR for small business has resulted in some confusion. Many small businesses assume that the General Data Protection Regulation (GDPR) does not apply to them. If you are a small business owner that believes this to be the case, you could be in for a shock when the GDPR comes into force, on 25 May 2018. It’s certainly true that Article 30 of the GDPR states that small businesses will not be bound […]

GDPR Guideline for Companies with less than 250 Employees

By now, most business owners will have heard more than they want about the General Data Protection Regulation commonly referred to as GDPR. For those of you unfamiliar with the new legislation here is a […]

EU GDPR Official Resources

GDPR Official Text

Official EU Data Protection Portal

Personal data protection: processing and free movement of data (General Data Protection Regulation)

Working Party 29 Guidance

WP29 Home Page

Guidelines on “Right to Portability” (pdf)

Guidelines on Data Protection Officers (pdf)

Guidelines for identifying a controller or processor’s lead supervisory authority (pdf)

European Commission Factsheets

Better rules for European businesses

Better Data Protection rights for European citizens

Next steps before 25 May

General Data Protection Regulation: ensuring its enforcement

Successful application of the Data Protection Reform: a concerted effort