Blog

I do not update this blog as frequently as I would like, you can find all of the latest news, updates and details of important developments by viewing our LinkedIn Group which is updated daily.

Legitimate Interests vs. Consent. Do you really know the difference?

We are now just over one month away from the introduction of the EU General Data Protection Regulation (GDPR), which is set to drastically alter the way in which data is stored and processed. The aim of this new legislation is to put the modern consumer and citizen first, by protecting and limiting access to their data. On the 25th May 2018, the GDPR will come into force, and the way in which some organisations currently process data will cease to be legal. With just over 7 weeks to go, it is important you understand the changes that are due …

Read more →

Where is your company data being held?

Many companies use the convenience of cloud-based storage services such as Dropbox or Live Drive to store their company files. Whilst these services are great for saving space and making sure that files are accessible to other members of a team, these services also tend to sync to local devices such as mobiles and tablets. This means that companies could potentially have thousands of copies of files on private devices without any form of encryption. This is dangerous for your data protection. Especially if the files contain data from your client’s companies, as well as your own. The chances are …

Read more →

Why HR professionals need to get consent right first time

If you have begun aligning your company procedures to the new GDPR Regulation due to come in force in May (and if you haven’t, we urge you to do this urgently), you will be aware that you must have a valid lawful basis in order to process data – and this includes the data your hold about your employees. There is a hidden trap here. You may be operating under the assumption that you have the employees’ consent to process their data, therefore ‘everything is ok’.  That would be the wrong assumption.   All they would need to do is withdraw …

Read more →

GDPR and cyber security: is your data protected?

In as little as 3 months, the EU General Data Protection Regulation (GDPR) will come into effect, overtly changing the way organisations handle, store and protect their data. Seen as one of the most significant changes in global privacy laws in 20 years, this law isn’t just about how you use data but also how it is stored. With a 134% rise in cyber-attacks in 2017 and the UK being seen as the most targeted region in the world for cyber threats, it is vital that all organisations have the appropriate measures in place to ensure that all company data …

Read more →

The Morrisons Case – Data Protection Breaches and Liability

When are you liable for a data breach? How will this change when the new UK Data Protection Bill and the General Data Protection Regulation (GDPR) come into force later this year? These are the questions particularly hot in the press as the Morrisons Data Breach (2014) case continues to be investigated in UK courts… On the 12th of January 2014, supermarket giant Morrisons suffered a sizable data breach when a file containing 99,998 of Morrisons’ employee’s personal details was uploaded onto a file sharing website. The file was also loaded onto a CD and sent to 3 UK newspapers. …

Read more →

Part two – Erasing your data

Welcome back, we hope you had a lovely Christmas break and are back, refreshed and ready to tackle preparations for the General Data Protection Regulation (not long now… don’t forget… 25th of May!) In part one of this two-part series, we looked at data mapping and the benefits of overhauling your data right now to ensure you are prepared and ready for the GDPR… read more here. In this second part, we are going to have a look at how the guidelines to deleting data are changing, and the best practices for deleting data post GDPR. The main purpose of …

Read more →

Merry Christmas from the Griffin House Gang

  Merry Christmas  Can you believe another 12 months have flown by again!? We just wanted to send you our warmest festive greetings at this special time of the year. We are so fortunate to have so many incredible, interesting, passionate, intelligent and frankly awesome contacts within our network, and to each and every one of you, thank you for your custom, support and encouragement. We have been humbled by the generosity of spirit and kind words which we have received over the year. We wish you health, wealth (in whatever way you chose to measure that) and may 2018 …

Read more →

Part one – Mapping your data in preparation for the GDPR

The GDPR is but a mere few months away and you have a database full of prospects that you have collected over the years… can you still use it? Is it GDPR friendly? This is a hot question many businesses are asking… if you are one of them, then keep reading. Mapping your data You need to take a broad look at the data you hold, you need to map: • What personal data you hold • Where the data came from • Who you share that data with • What you currently do/intend to do with that data This …

Read more →

What is the difference between the Data Protection Bill and the GDPR?

If you’ve found this page because you’ve just managed to get your head around the GDPR and now there is all this new talk of a Data Protection Bill, then you are in the right place. If you’re looking for a quick overview of the new Data Protection Bill, how it could impact you and an overview of how it relates to the GDPR, then read on… What is the Data Protection Bill? Broadly speaking the Data Protection Bill, that was published on 14 September 2017, refreshes 4 main sections of data protection with an aim to keep the laws …

Read more →

Understanding Legitimate Interests v. Consent

Under the General Data Protection Regulation (GDPR) Data Controllers must have a lawful basis for processing any personal data.   Article 6(1) of the GDPR states that the following 6 are the recognised lawful grounds for data processing: Consent The individual has opted in and consented to having his or her personal information processed. Contractual Obligation It is necessary to process the personal data to fulfil your contract or precontractual obligations. Legal Obligation It is necessary to process the personal data to fulfil a legal obligation. Vital Interests It is necessary to process the personal data to protect the vital …

Read more →
Next Page »