news
Leading up to May 2018 there was a lot of coverage of the incoming GDPR Data Protection (DP) legislation. Organisations of all sorts knew that something needed to be done but weren’t always sure what it was. Consequently, as a …
NHS Foundation Trust leaks patient email addresses
Categories: Consent, Data Protection Act 2018, Data Sharing, GDPR, ICOOn the 6th September the Tavistock and Portman Clinic sent out an email inviting just under 2,000 patients to participate in an art competition. Unfortunately for the clinic, all the email addresses were visible to all the recipients. An initial …
ICO amends guidance on time limits for data subject requests
Categories: Data Sharing, GDPR, Guidance, ICOSome slightly strange events at the Information Commissioner’s Office (ICO) recently as they quietly updated their guidance around the GDPR’s time limit of “one month” for responding to data subject requests, which had been in place since before May 2018. …
Protecture Gains New Investment and Additions to the Board
Categories: Protecture NewsProtecture are happy to announce its new investment and additions to the board. We are pleased to welcome a new majority shareholder, CEO, and CFO. Tom Sykes joins the board as Chief Executive Officer and Grant Thomas as Chief Financial …
Business Altering: what the BA fine means for you
Categories: Breach, Fines, GDPR, Security£183m for BA – under the GDPR. £0.5m for Facebook – under the old DPA 1998. The difference between the previous maximum fine and the headlines on BA’s GDPR fine are startling. The first point: BA has only been issued …
GDPR 1 year on, how has case law evolved?
Categories: Consent, Fines, GDPR, TransparencyWebinar recording now available – click here! In this webinar, we will look at the latest data protection enforcement action and case law emerging in the UK and across Europe, the issues arising and how to avoid similar problems. It …
Facebook CA – Controversy Alert!
Categories: Breach, Consent, GDPR, GuidanceBack in April 2018 we published an insight piece on the lawful basis for using Facebook’s Custom Audiences tool, in which we concluded that relying on legitimate interests as a lawful basis for the use of this feature was unlikely …
Making records management a reality – practical steps to take
Categories: Accuracy, GuidanceMarch saw the latest meeting of the Information and Records Management Society (IRMS) Third Sector Group. The session started with Bev Adams-Reynolds, Data Protection Officer at Crisis, providing practical, current advice on what she is learning as she works to …
5 common mistakes made with DPIAs
Categories: Breach, Consent, Data Protection Act 2018, Data Sharing, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorizedWith the GDPR, a DPIA, or ‘Data Protection Impact Assessment’ has moved from being a good practice recommendation to being a mandatory activity for some kinds of personal data processing. The purpose of a DPIA is to identify potential risks …
DP and HR – Getting data protection right for employees
Categories: Uncategorized“Staff are our greatest asset” “We couldn’t do it without our volunteers” One way of demonstrating the value that you place on your workforce – volunteers as well as staff – is by keeping the personal information that they share …