CONTACT US 0845 345 5004

Personal Data Breach Notification Requirements under the GDPR – What, When and How?

The General Data Protection Regulation introduces a requirement for controllers to notify personal data breaches to the relevant supervisory authority. Whilst new to the UK, many member states already have in place a notification obligation for personal data breaches, either limited to particular categories of controllers or, in the Netherlands, for all personal data breaches.  This blog post shall address some of the main queries arising in relation to this obligation as it exists under the GDPR.Do all breaches need to be reported?No. Not all data breaches will need to be reported.  Only those that are likely to result in a...
  1882 Hits
1882 Hits

Social Media and the GDPR

Back in the late nineties when the Data Protection Directive and the UK’s Data Protection Act were enacted, social media was none existent.  Linkedin arrived in 2002, Facebook in 2004, YouTube in 2005, Twitter in 2006, Whatsapp in 2009, Instagram in 2010, Snapchat in 2011 with a thousand and one variations in between and ever since. In stark contrast to a time when having a brick-like mobile phone with its ability to send two short and sweet lines of text to a friend was something of a novelty, less than two decades later our lives are now unavoidably linked by technology–...
  822 Hits
822 Hits

Data Security – use of pseudonymisation under the GDPR

In a world where our lives are increasingly online, keeping our personal details secure is one of the main concerns of both individuals using online services and legislators alike.  This is one of the main reasons why European legislators are working hard to raise the standards for online data protection and the security of personal data.  The General Data Protection Regulation (GDPR) which takes effect on 25th May 2018 consequently imposes a number of obligations on data controllers and processors in order to ensure that personal data is processed in an adequately secure manner. Data controllers and processors have a general...
  887 Hits
887 Hits

Clubs, Societies and the GDPR (part 2)

In this blog post we continue our data protection FAQs for Small Clubs and Member Societies.Can we still send emails to members?You can still send emails to individuals but should be clear about what lawful basis you are using to do this. Note that if you are sending marketing emails, you may also have to comply with the Privacy and Electronic Communication Regulations (PECR). If you are simply communicating with individuals about scheduled club meetings and events, the PECR will not be relevant.As explained above, all processing requires a lawful basis. These include valid consent and legitimate interest. Consent is currently...
  1520 Hits
1520 Hits

Clubs, Societies and the GDPR (part 1)

Whilst many large organisations are busy preparing for the GDPR coming to force on 25th May this year, there are many smaller organisations out there wondering if and how it applies to them. In the next two blog posts we answer some frequently asked questions for those involved in clubs and societies.I am secretary for a small members only club. Will the GDPR apply to us?Yes. The terms of the GDPR will apply to anyone processing personal data except for individuals processing personal data for personal or household activities.For this purpose personal data means any information relating to an identifiable person...
  7314 Hits
7314 Hits

Contact us

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
You must confirm you have read and accept our Website Privacy Policy.
Invalid Input