Guidance

5 common mistakes made with DPIAs

With the GDPR, a DPIA, or ‘Data Protection Impact Assessment’ has moved from being a good practice recommendation to being a mandatory activity for some kinds of personal data processing. The purpose of a DPIA is to identify potential risks to data subjects’ rights and freedoms before the processing begins, so that appropriate measures can …

5 common mistakes made with DPIAs Read More »

5 Tips for Incident Management

This article is not a guide about how to handle a notifiable breach. By now, you’re all familiar with the ICO Guidance on that. This piece is about the day to day handling of incidents based on over a decade of first-hand experience about what works, and what doesn’t. Keep it simple. If the breach/incident …

5 Tips for Incident Management Read More »

Launch of the IRMS Third Sector Retention and Disposal Toolkit

The Information and Records Management Society (IRMS) and Protecture were delighted to formally launch the IRMS Third Sector Retention and Disposal Toolkit and Schedule at an event in Central London last week. Attendees from a number of charities, not-for-profits and companies heard Scott Sammons, Chair of the IRMS, argued passionately for the benefits of record …

Launch of the IRMS Third Sector Retention and Disposal Toolkit Read More »

Equifax – 12 lessons to learn

As the Data Protection Act 1998 (DPA98) comes to an end, we have a first! The first maximum fine under the old law was issued in September to Equifax Ltd. If you’ve heard any of the Data Protection Leads here at Protecture speak about basic security issues facing organisations, you will have heard us talk …

Equifax – 12 lessons to learn Read More »

What would you say? 20 questions from the ICO

What would you say? 20 questions from the ICO The findings from the ICO’s latest Information Risk reviews highlight the many and varied areas that data protection risk touches upon. We turned the findings into the 20 key questions you should ask yourself about data protection at your organisations. Do you have a clear Data …

What would you say? 20 questions from the ICO Read More »

Data Protection Act 2018- What Does It Mean To You?

In all the hyperbole and misinformation surrounding the General Data Protection Regulation (GDPR) in recent weeks, it may have been easy to miss the UK passing its own updated data protection legislation – the imaginatively titled Data Protection Act 2018 (the Act), which helpfully also came into force on 25th May. This replaces the Data Protection Act 1998, which has …

Data Protection Act 2018- What Does It Mean To You? Read More »

Changes to the ICO Subject Access Code of Practice

The right of an individual to be told whether an organisation is processing their personal data and be given access to that data (“subject access”) is a significant one in data protection law, and was the most common type of concern reported to the ICO in 2016/17. Following the resolution of the legal cases dealing …

Changes to the ICO Subject Access Code of Practice Read More »

Fundraising Factsheet: Consent, confusion and clarity

Those attending Fundraising Week recently could be forgiven for scratching their heads and leaving none the wiser about the future of fundraising. Rob Wilson MP, the Minister for Civil Society, called on charities to prepare for ‘opt-in’ for fundraising – noting that the focus should be less on the Fundraising Preference Service (FPS) and more …

Fundraising Factsheet: Consent, confusion and clarity Read More »

Do you agree? Getting consent projects right

With new guidance from the Fundraising Regulator and ICO, and the GDPR now almost visible on the horizon, many organisations are feeling the need to take action about consent. This is understandable; if you send campaigning, fundraising or awareness raising materials (i.e. send Direct Marketing) to donors, supporters or volunteers via electronic channels you need …

Do you agree? Getting consent projects right Read More »

Scroll to Top