Blog

I do not update this blog as frequently as I would like, you can find all of the latest news, updates and details of important developments by viewing our LinkedIn Group which is updated daily.

Understanding Legitimate Interests v. Consent

Under the General Data Protection Regulation (GDPR) Data Controllers must have a lawful basis for processing any personal data. Article 6(1) of the GDPR states that the following 6 are the recognised lawful grounds for data processing: Consent The individual has opted in and consented to having his or her personal information processed. Contractual Obligation It is necessary to process the personal data to fulfil your contract or precontractual obligations. Legal Obligation It is necessary to process the personal data to fulfil a legal obligation. Vital Interests It is necessary to process the personal data to protect the vital interest …

Read more →

New rules from GDPR will limit the use of fully automated data processing

The General Data Protection Regulation (GDPR), which all UK organisations will need to be compliant with by May 2018 has created a lot of uncertainty, not helped by the ambiguous nature of some of the legislation wording. In an attempt to shine light on these areas, regulators and official bodies are issuing clarification statements and guidance. One set of guidance concerns the rules on automated decision-making and profiling. Issued by the Article 29 Working Party (A29WP), which is the advisory group made up of representatives from all EU Member State data protection regulation authorities. It states how these guidelines will …

Read more →

Quiz – 6 data subject rights you don’t want to get wrong

If you hold, store or process personal information on individuals you should be aware that they have a number of rights that you need to ensure you fully understand and are actively acting in compliance with. Take our quiz to test your knowledge on the 6th principle of Data Protection… 1. Which of the following is a ‘data subject right’? a) To claim compensation for any data breaches that cause damage to them b) To request a copy of the data you hold on them c) To object to any processing that is likely to cause them ‘damage or distress’ …

Read more →

Electronic marketing campaigns and data compliance

Are you planning an email marketing campaign but not sure who you can and can’t communicate with? With the GDPR fast approaching (just 6 months to go!) here’s some guidance on hitting those targets and keeping within the data protection law, old and new. Whilst it is true that, at present, the rules for direct marketing aren’t quite as tight if you are contacting organisations rather than directly marketing to individuals. Whether you are B2C or B2B, you’ll have to comply with a number of regulations, not just the GDPR. So, for best practice, we recommend following the B2C guidelines. …

Read more →

SMEs it’s time to start the GDPR process…

GDPR (General Data Protection Regulation) is just around the corner and it’s time to start thinking about your compliance. GDPR applies to all UK businesses, including SMEs. To stay on the safe side and avoid costly fines you could face if you do not comply, one of the first steps you need to take is completing a data audit. On the 25th May 2018, there will be a fundamental change in data protection legislation, allowing customers to gain greater rights when it comes to the use of their personal information. A GDPR compliance audit is the starting point for your …

Read more →

Understanding the real and ‘fake news’ of GDPR and what you should be doing

The General Data Protection Regulation (GDPR) has been circling the news a lot lately, informing all businesses and their marketing departments about the new regime. GDPR is a regulation which was created in April of 2016, to be implemented by May of 2018. The aim of the regulation is to strengthen data protection within the European Union and give the power back to citizens, so individuals can control who uses their personal data. What is GDPR ‘fake news’? Along with the new publicity about GDPR, there has also been ‘fake news’ rumours spread about GDPR which doesn’t involve anything that …

Read more →

How will GDPR impact B2B marketing?

It is already being reported that the EU General Data Protection Regulation (GDPR) will hugely shake up the way businesses collect, process and store marketing data when it comes into effect on the 25th May 2018. However, did you know that there is a possibility that ‘opt in’ might not apply for certain marketing data collected by B2B marketers? With or without the new GDPR law, B2B marketing data used for prospecting and lead generation will still need to comply with the Data Protection Act (DPA), and the Privacy and Electronic Communications Regulation (PECR). However, the type of consent you …

Read more →

73% of UK businesses are unprepared for the GDPR. Are you at risk of huge fines?

Thousands of UK businesses are at risk of huge fines if they do not comply with EU General Data Protection Regulation (GDPR) coming into effect on the 25th May 2018. Are you prepared? Time is running out. According to research published by Careers in Cybersecurity and London law firm Hamlins LLP, thousands of UK businesses are at risk of fines for not complying with GDPR. As part of the research they surveyed 207 people in the UK, between the dates of April – May 2017, who owned their own business or were directors or senior management of a business. From …

Read more →

SME firm hit by cyber-attack and fined £60,000 by the ICO

In recent news, cyber-attacks have been a major topic of concern across the UK and indeed the globe. The Information Commissioner’s Office (ICO) have just announced a huge fine of £60,000 to an SME who was a victim of a cyber-attack, for not complying with data protection legislation. After an investigation, the ICO found Berkshire-based, Boomerang Video Ltd failed to take simple steps to prevent its website from being attacked. The video game rental business, was the victim of a cyber-attack in 2014, commonly known as the SQL injection attack. Due to a lack of cyber security 26,331 customers had …

Read more →

Do you handle your employees’ personal data correctly?

As an employer, it is your responsibility to conform with the Data Protection Act to ensure your employees’ data is protected. Human resources should take great care in the transmission and disposal of employee data. In September 2016 Sports Direct were the victims of a cyber-attack, compromising the data of 30,000 employees. Not only were the hackers able to access names, emails, addresses and telephone numbers of these employees, the company failed to inform their employees of the attack, leaving them unaware of their personal data being compromised. We would like to share with you our advice for handling personal …

Read more →
Next Page »