What is GDPR Article 13 – Privacy Notice? The correct title of GDPR Article 13 is actually “Information to be provided where personal data are collected from the data subject.” Essentially, this is information to be provided on the website Privacy Notice (the term used by the ICO), which some organisations still refer to as …
Article 13 – Privacy Notice (Website Privacy Policy) Read More »
What is GDPR Article 6 Lawfulness of processing? Under GDPR, each purpose of processing must be assigned a lawful basis. Consent is only one type of lawful basis, so you can chose other lawful bases (where approporate) and not use Consent. Further lawful bases are available under the UK Data Protection Act, including “Preventing and …
GDPR Article 6 Lawfulness of processing – Lawful Basis Read More »
What is GDPR Article 5 – Principles of Processing? GDPR provides several core principles (considerations / requirements) for processing personal data. GDPR Article 5 defines those processes for us. What does GDPR Article 5 – Principles of Processing actually say? Need More Help with GDPR Article 5 – Principles of Processing? We have data protection …
What is GDPR Article 4 Definitions? GDPR Article 4 Definitions quite simply defines a number of the key terms that apply in the regulation. What does GDPR Article 4 Definitions actually say? For the purposes of this Regulation: Need More Help with GDPR Article 4 Definitions? We have data protection experts available to help with …
What is GDPR Article 30 Records of Processing Activities (RoPA)? Under GDPR, organisations must maintain a Records of Processing Activities, if they “employ” 250 people of more, processes data in a way that may result in a risk to the rights and freedoms of data subjects, is not occasional, or includes special categories of data. …
GDPR Article 30 Records of Processing Activities (RoPA) Read More »
What is GDPR Article 25 – Data protection by design and by default? Data protection by Design requires organisations to consider data protection through the lifecycle of the processing, from process design to data destruction. Data protection by Default requires organisations to only provide necessary people access to necessary data for the defined purpose of …
GDPR Article 25 – Data protection by design and by default Read More »
What is GDPR Article 28 – Processor? When an organisation requires data for its own purposes and decides how that data will be used (a Controller), they may decide to outsource that processing to a third party (the Processor). The Controller tells the processor what to do with the data, and the Controller remains fully …
The UK Data Protection Act We believe the following to be accurate transcription of the legislation, but provide no guarantee about its accuracy or completeness. Links to particularly useful parts: DPA Schedule 1 Data Protection Act2018CHAPTER 12Explanatory Notes have been produced to assist in the understanding of this Act and are available separatelyData Protection Act …
Privacy and Electronic Communications Regulation (PECR) We believe the following to be accurate transcription of the legislation, but provide no guarantee about its accuracy or completeness. Statutory Instruments 2003 No. 2426 ELECTRONIC COMMUNICATIONS The Privacy and Electronic Communications (EC Directive) Regulations 2003. Made 18th September 2003. Laid before Parliament 18th September 2003. Coming into force …
The EU General Data Protection Regulation (GDPR) Contact us to find out more. We believe the following to be accurate copy of the legislation, but provide no guarantee about its accuracy or completeness! I (Legislative acts) Article 8(1) of the Charter of Fundamental Rights of the European UnionREGULATIONSREGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND …
