Subject Access Requests and Internal Conflicts of Interest: Navigating the Grey Areas When it comes to Subject Access Requests (SARs), few are more complex, or more sensitive, than those submitted by employees and ex-employees. Unlike customer SARs, which are often straightforward, staff-related requests are frequently wrapped up in wider disputes, grievances, or pending legal claims….
-
-
More Delays, More Questions – What’s Really Happening with the UK Data Bill? In a significant turn of events for the UK’s data governance landscape, the House of Lords has delivered a powerful rebuke to the government’s ongoing attempts to relax rules for artificial intelligence companies. Peers backed an amendment to the Data Use and…
-
When Your “John Hancock” Becomes Sensitive Data: Exploring Signatures as Biometrics Ever looked at your signature and thought, “It’s just a fancy way I write my name”? Think again. In our increasingly digital world, that casual scribble at the bottom of forms is gaining new significance, particularly in places like Jamaica, where the Jamaican Data…
-
Organisations have varying degrees of responsibility when it comes to processing personal data. Depending on your involvement, you may be either a data controller, processor, joint controller or sub-processor. So, which category does your business fall into? In this article, we’ll cover the responsibilities of a data controller and processor, and determine which role applies…
-
Subject Access Requests: Prepare Now for the Summer Spike Amid Data Breach Fears Recent cyber incidents involving major UK retailers and service providers have reignited public concern about how personal information is stored and used. As data breaches dominate the headlines, individuals are becoming more proactive about protecting their privacy and one of the most…
-
Will Proof-of-Age and Social Media Curfews Under the Online Safety Act Actually Work? The UK’s Online Safety Act introduces one of the most comprehensive frameworks for regulating online content to date. Among its more debated proposals are two high-impact, child-focused measures: mandatory proof-of-age verification and a potential legally enforced social media curfew for under-18s. While…
-
If you handle compliance in-house, you might have noticed increasing strains on your resources and team’s workload. Recognising when it’s time for external support is crucial if you want to avoid these pressures turning into costly mistakes. Below, we list the five telltale signs that outsourcing your DPO might be the most strategic move for…
-
Appointing a data protection officer (DPO) is only required if your organisation’s operations meet specific criteria. Without knowing this, businesses may either overlook their legal obligations or appoint a DPO when it isn’t necessary. So, what does this mean for your business? In this blog, we’ll uncover the criteria required to appoint a DPO and…
-
Understanding PCI DSS is crucial for businesses that process, store or transmit cardholder data. This guide breaks down the essentials, covering everything from compliance levels and requirements to the latest v4.0.1 changes. Keep reading to find out more about this security standard and how you can demonstrate PCI compliance. What Is PCI DSS? The Payment…
-
Data Breaches in Education: A Practical Guide for Schools to Prevent and Respond Schools handle large amounts of sensitive data every day. This includes student records, safeguarding information, payroll, and health data. Cybercriminals target this information because of its value. Data breaches in education can cause major disruption. It can lead to financial penalties, reputational…
Join our community
Our mission is to make data protection easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.