Legislation

When is a DPIA Required? GDPR legal obligations

When is a GDPR DPIA Required? DataGRC consultants help a large number of organisations and have found there’s still a lot of confusion in companies around when DPIAs (Data Protection Impact Assessments) are legally required under GDPR – the UK and EU data protection legislation. We’ve found that many organisations are doing more DPIAs than …

When is a GDPR DPIA Required? Read More »

What is GDPR Article 13 – Privacy Notice? The correct title of GDPR Article 13 is actually “Information to be provided where personal data are collected from the data subject.” Essentially, this is information to be provided on the website Privacy Notice (the term used by the ICO), which some organisations still refer to as …

Article 13 – Privacy Notice (Website Privacy Policy) Read More »

What is GDPR Article 6 Lawfulness of processing? Under GDPR, each purpose of processing must be assigned a lawful basis. Consent is only one type of lawful basis, so you can chose other lawful bases (where approporate) and not use Consent. Further lawful bases are available under the UK Data Protection Act, including “Preventing and …

GDPR Article 6 Lawfulness of processing – Lawful Basis Read More »

What is GDPR Article 5 – Principles of Processing? GDPR provides several core principles (considerations / requirements) for processing personal data. GDPR Article 5 defines those processes for us. What does GDPR Article 5 – Principles of Processing actually say? Need More Help with GDPR Article 5 – Principles of Processing? We have data protection …

GDPR Article 5 – Principles of Processing Read More »

What is GDPR Article 4 Definitions? GDPR Article 4 Definitions quite simply defines a number of the key terms that apply in the regulation. What does GDPR Article 4 Definitions actually say? For the purposes of this Regulation: Need More Help with GDPR Article 4 Definitions? We have data protection experts available to help with …

GDPR Article 4 Definitions Read More »

What is GDPR Article 30 Records of Processing Activities (RoPA)? Under GDPR, organisations must maintain a Records of Processing Activities, if they “employ” 250 people of more, processes data in a way that may result in a risk to the rights and freedoms of data subjects, is not occasional, or includes special categories of data. …

GDPR Article 30 Records of Processing Activities (RoPA) Read More »

What is GDPR Article 25 – Data protection by design and by default? Data protection by Design requires organisations to consider data protection through the lifecycle of the processing, from process design to data destruction. Data protection by Default requires organisations to only provide necessary people access to necessary data for the defined purpose of …

GDPR Article 25 – Data protection by design and by default Read More »

Data Processing Agreements – GDPR Contracts for Controllers and Processors Under UK and EU data protection laws – the General Data Protection Regulation (GDPR), data can only be shared between Data Controllers and Data Processors, if there is an adequate written agreement in place. Those contractual addendums are often referred to as Data Processing Agreements …

DPA Contracts for GDPR Controllers and Processor – UK GDPR Article 28 Read More »

The UK Data Protection Act We believe the following to be accurate transcription of the legislation, but provide no guarantee about its accuracy or completeness. Links to particularly useful parts: DPA Schedule 1 Data Protection Act2018CHAPTER 12Explanatory Notes have been produced to assist in the understanding of this Act and are available separatelyData Protection Act …

Read The Full UK DPA Legislation Read More »

Privacy and Electronic Communications Regulation (PECR) We believe the following to be accurate transcription of the legislation, but provide no guarantee about its accuracy or completeness. Statutory Instruments 2003 No. 2426 ELECTRONIC COMMUNICATIONS The Privacy and Electronic Communications (EC Directive) Regulations 2003. Made 18th September 2003. Laid before Parliament 18th September 2003. Coming into force …

Read the full PECR Legislation Read More »