Just spotted this news item on the ICO website relating to SAR responses. This means you must respond one day earlier than previously specified. Take a look at this blog for more info!

Subject Access Requests are dangerous things! On the one hand you must respond to the SAR promptly and provide all the information necessary. On the other hand they can become completely debilitating for organisations that receive lots of SARs.

If you run a business or organisation in the UK and you operate in the European Economic Area or send personal data outside the UK or receive personal data from the European Economic Area its important that you read the new Information Commissioner's Office guidance in case of no-deal Brexit.

As part of your GDPR compliance you really should check that any company you send data to is also GDPR compliant. You can conduct reasonable due diligence to check and have appropriate terms and conditions in place that protect the data of any third party whose details you share. You are not responsible for their GDPR but you have to be able to demonstrate that your tool reasonable precautions.

The ICO has just fined a telemarketing company £160,000 for failing making calls to people that are registered on the Telephone Preference Service - this is one of a series of fines for companies selling all sorts of products and services about failing to check if the numbers were registered with the TPS before they called them.

Building, construction, renovation and all associated trades are now faced with even more paperwork. If you need to complete your Construction line application you will now need to respond to a set of GDPR and data protection questions. Whether you are a builder, roofer, electrician, plumber or any other trade you will need a full set of documentation in order to complete your online construction line application.

So, you have received a Subject Access Request asking for copies of ALL emails sent to/from a customer/ex-employee/other data subject, what do you have to do. This is a really tricky question and really not as simple as you might think. The first thing to remember is that you really must respond in time - don’t ignore the request and make sure you respond courteously.

Many companies have not yet started their GDPR compliance work or have a partially completed set of policies and procedures. This is not surprising since GDPR is so complicated and understanding how these rules apply to your company is not simple! In our experience some companies only start their GDPR when they absolutely need to.

The ICO has produced a handy-dandy GDPR self-assessment tool for SMEs. This is very useful and will help you understand whether you are compliant or not and also help you understand what you need to do.

If you experience any sort of data breach you need to take immediate action. Your Optindigo Breach Policy will help you understand what you need to do and the online Breach Management tool will help make sure you track your actions. You also need to decide whether you need to report this to the ICO and inform the data subjects that have been affected.

If you are unlucky enough to have to complete the NHS Privacy and Security Toolkit questions we think this might just help you! We’ve created a spreadsheet that shows where your Optindigo documents can be used as evidence in your reply and also attempted to answer the tricky questions for you.

The ICO has issued guidance on confidentiality, integrity, and availability. This includes areas such as Business Continuity and resilience, which are vital considerations for all data controllers. A key part of your responsibility is making sure you can recover personal data should you suffer any sort of technical or other loss. This is where your Business Continuity and resilience processes come in.

"What do I do with my visitors book"? We get asked this question very often. Under GDPR the data you collect will count as personal data and as such visitor books should be kept safe and should not show the current visitor the names of those that have previously visited. This sounds trivial but of course you need to keep a log of all visitors for fire safety and also as part of your building security. So, what do you do?

The ICO has recently fined an estate agent £80K for a serious data breach involving the data of over 18K customers. This is a significant fine and potentially fatal for many small companies. The breach was simply down to a setting on the server which gave access to all the records to anyone that happened to take a look.

No apologies for the focus on cyber this week. Cyber Security is vital to your safety and I am afraid the hackers are pretty tricky! Take a look at this free site test resource. Just enter your website address to receive a high level review of your site. Totally free and might just reveal some issues you need to address.