Cyber Security and the GDPR

Cyber Security and the GDPR

Keeping your organisation’s IT systems and digital devices safe and secure can be a complex task and does require time, resource and specialist knowledge. If you hold personal data on your IT and digital estate you need to recognise that it may be at risk and take appropriate technical measures to secure it. The measures […]

GDPR national derogations

GDPR national derogations

What are GDPR national derogations? Article 23 enables Member States to introduce a derogation to the GDPR in certain situations. These are similar to the existing exemptions from rights and duties in the DPA. Member States can introduce exemptions from the GDPR’s transparency obligations and personal rights, but only where the restriction respects the individual’s fundamental […]

GDPR and Breach Notifications

GDPR and Breach Notifications

Introduction Breach notifications are an important part of the new regulation. The GDPR will introduce a duty on all organisations to report certain types of data breach to the relevant supervisory authority, and in some cases to the individuals affected What is a personal data breach? A personal data breach means a breach of security […]

GDPR Accountability and Governance

GDPR Accountability and Governance

Introduction The GDPR includes provisions that encourage accountability and governance. These complement the GDPR’s transparency requirements. While the principles of accountability and transparency have previously been implicit requirements of data protection law, the GDPR’s emphasis elevates their significance. You are expected to put into place comprehensive but proportionate governance measures. Good practice tools that the ICO […]

GDPR and the Data Protection Principles

GDPR and the Data Protection Principles

This lesson discusses the data protection principles under the EU General Data Protection Regulation (GDPR). The GDPR sets out the main responsibilities for organisations through six new data protection principles. The principles are similar to those in the UK Data Protection Act 1998, but with added detail at certain points and a new accountability requirement. The […]