Webinar recording now available – click here! In this webinar, we will look at the latest data protection enforcement action and case law emerging in the UK and across Europe, the issues arising and how to avoid similar problems. It will include: HMRC and Voice ID – the ICO’s first major enforcement action under GDPR in …
Back in April 2018 we published an insight piece on the lawful basis for using Facebook’s Custom Audiences tool, in which we concluded that relying on legitimate interests as a lawful basis for the use of this feature was unlikely to be suitable, and that consent was a more appropriate basis. Well, it seemed we …
March saw the latest meeting of the Information and Records Management Society (IRMS) Third Sector Group. The session started with Bev Adams-Reynolds, Data Protection Officer at Crisis, providing practical, current advice on what she is learning as she works to bring records management principles and practice into Crisis. First, Bev took the group through her …
Making records management a reality – practical steps to take Read More »
With the GDPR, a DPIA, or ‘Data Protection Impact Assessment’ has moved from being a good practice recommendation to being a mandatory activity for some kinds of personal data processing. The purpose of a DPIA is to identify potential risks to data subjects’ rights and freedoms before the processing begins, so that appropriate measures can …
“Staff are our greatest asset” “We couldn’t do it without our volunteers” One way of demonstrating the value that you place on your workforce – volunteers as well as staff – is by keeping the personal information that they share with you safe, secure and confidential. If you’re not fully convinced by that argument, this …
DP and HR – Getting data protection right for employees Read More »
This article is not a guide about how to handle a notifiable breach. By now, you’re all familiar with the ICO Guidance on that. This piece is about the day to day handling of incidents based on over a decade of first-hand experience about what works, and what doesn’t. Keep it simple. If the breach/incident …
At the Protecture seminar on e-Privacy at the end of November, Rowenna Fielding reminded us that PECR is about more than just consent for electronic direct marketing. I don’t think that Rowenna meant to alarm anyone, just a gentle poke in the ribs to get your online house in order before the new ePrivacy Regulation …
The Information and Records Management Society (IRMS) and Protecture were delighted to formally launch the IRMS Third Sector Retention and Disposal Toolkit and Schedule at an event in Central London last week. Attendees from a number of charities, not-for-profits and companies heard Scott Sammons, Chair of the IRMS, argued passionately for the benefits of record …
Launch of the IRMS Third Sector Retention and Disposal Toolkit Read More »
As the Data Protection Act 1998 (DPA98) comes to an end, we have a first! The first maximum fine under the old law was issued in September to Equifax Ltd. If you’ve heard any of the Data Protection Leads here at Protecture speak about basic security issues facing organisations, you will have heard us talk …
Charities rely on personal data more than ever before, whether they are processing a donation, running a fundraising event, or providing services. Supporters and service users must give their personal data to you; in some cases, such as prospect research, you will gather the data indirectly, form publicly-available sources. In all cases, trust is key. Two …
