If you are buying-in data to use in your marketing campaigns then you need to be very careful. GDPR and PECR mean that for marketing companies consent is probably your only totally safe lawful basis to process a persons data, if you are buying in data then you are going to be relying on legitimate interest as your lawful basis.

GDPR applies to pretty much any processing of personal data, but don’t forget that if you use any sort of electronic communication then additional rules called the Privacy of Electronic Communications Regulations (PECR) also apply. These apply to email, text, phone calls and fax marketing and apply in all cases. The ICO provide lots of information but very little help.

Have you received a Subject Access Request? If so you need to take action to avoid enforcement action from the ICO and even worse legal action from the person submitting the SAR. The problem is that SARs are not always obvious. GDPR says that’s SAR can be issued to you in pretty much any way.

nderstanding your role in relation to the personal data you are processing is crucial in ensuring compliance with the GDPR and the fair treatment of individuals. Your obligations under the GDPR will vary depending on whether you are a controller, joint controller or processor.

The NHS Security and Protection Toolkit has over 70 different questions relating to data protection and data security. Many of these relate to GDPR principles although they don’t specifically refer to GDPR. Your GDPR packs will help you meet all these requirements and we will of course help you understand how these apply to you.

>According to the NHS Data Security and Protection Toolkit website, over 27,000 organisations have published the self-assessment toolkit. If you have not completed yours you need to do it now!

Understanding your Lawful Basis for collecting data is an absolutely fundamental part of GDPR. The regulations include specific reasons and situations under which it is reasonable to collect data. These 6 categories are defined in the regulations and it is your responsibility to ensure that you only collect, store, or process data where you have one of these lawful reasons.

For many companies GDPR has had little effect, many companies have still not completed any sort of GDPR preparation and those that did complete their documents have probably not experienced any sort of issue or complaint. However, things are about to change! The ICO is promising to keep up the pressure on companies to comply and is shifting the focus from GDPR being a tick-box exercise to one where the companies are accountable for their actions.

As part of your GDPR preparations you need to ensure that you have a lawful basis to collect, store, or process data. The lawful basis depends on the nature of your organisation you’re your relationship with the data subject. Many companies believe that Legitimate Interest is the easiest lawful basis and opt for this as the basis of their GDPR preparations.

GDPR is complicated enough but as soon as you start using AI and processing biometric data the GDPR world gets even more complicated.

Any sort of data breach is likely to be stressful and should definitely be avoided. If you collect, store, or process about any NHS patient you now have additional responsibilities. As part of the new NHS data protection toolkit a new incident reporting tool has been launched, this forms part of the Data Security and Protection Toolkit.

All organisations that have access to NHS patient data and systems – including NHS Trusts, primary care and social care providers and commercial third parties – must complete the new NHS Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

Anyone that handles data about NHS patients should read this. Care homes, rest homes, nursing homes, and any care providers that have access to patient data now have to complete a complicated self-assessment toolkit.

We have analysed the Amazon [AMS] web service requirements and produced a table showing where our Optindigo documentation pack can help you meet the administrative requirements. If you wish to have a copy of this document sent to you, let us know and we will email you a copy.

Do you sell on Amazon Marketplace? Have you been asked to complete a huge pile of compliance activities? Don’t panic, we can help! In summary, Amazon have defined a set of technical, administrative and physical security requirements that all vendors may need to abide by.