The Digital Information and Smart Data Bill
The new Digital Information and Smart Data Bill suggests granting increased powers to the ICO and modernising its regulatory structure by appointing a CEO, board, and chair. The DPDI Bill suggested a similar shift in the ICO’s powers and model and proposed additional powers to the Secretary of State in regulating the ICO’s board and […]
5 Personal Data Breaches You Might Not Know About
You may know that a personal data breach is considered to be ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’. Your organisation likely has a data breach policy or procedure to follow. You may even have experienced a data breach at some […]
Received a DSAR Request? Here are some potential exemptions
With Data Subject Access Requests (DSARs) on a steep rise, one of the most important questions to consider as an organisation is when can DSAR requests be refused? The average individual DSAR is said to cost a SME around £20,000, with many requests far exceeding this due to the labour and resource intensive nature of […]
The Labour government has dropped many of the previously proposed UK data protection law changes.
If you have been following the potential changes to UK data protection law, you will have seen that the new bill recently published by the Labour government has dropped many of the previously proposed changes. The most significant of which was the creation of the new Senior Responsible Individual. This person would have needed to […]
The future of charitable fundraising has taken a new twist – and it’s good news.
There is a significant upcoming change to the future of fundraising and marketing for charities. Currently, if commercial organisations wish to electronically market to individuals, they can rely on what’s known as Soft Opt-in, making an assumption that if someone spends some money with them or expresses an interest, they automatically would like to hear […]
DPIAs – when do we need to complete one?
What is a Data Protection Impact Assessment (DPIA)? When working on any project, before you implement something new or introduce a new way of working, there are steps you naturally take. You would create a plan, define your purpose and goals, consult the relevant people and consider any risks. For new projects or plans where […]
Cardholder information and Data Protection
When a cardholder’s data is collected to process a transaction, this amounts to processing of personal data as defined under the UK GDPR, and storing or transmitting such information would also amount to processing of such data. The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard administered by the Payment […]