Download as PDF
Blog Article
Some of the General Data Protection Regulation's requirements on data controllers apply no matter which legal basis for processing is being used.
Blog Article
The Article 29 Working Party's final guidance on implementing the right to portability is a significant improvement on the previous draft.
Blog Article
The Digital Economy Act 2017 contains sections relating to content filtering by "Internet Service Providers" (ISPs) and "Internet Access Providers" (IAPs). However both terms are derived from (and subsets of) the European definition of Public Electronic Communications Services, so will not apply to Janet or customer networks that are not available to members of the public.
Blog Article
The Department for Culture, Media and Sport has called for views on how the UK should use the "derogations" (i.e. opportunities and requirements for national legislation) contained within the General Data Protection Regulation. The main area where derogations, or the lack of them, could affect the Jisc community is in the application of the GDPR to research data. We have therefore recommended that the UK Government should:
Blog Article
[I've updated this 2015 post to refer to the section numbers in the Investigatory Powers Act 2016. As far as I can see, the powers contained in the Act are the same as those proposed in the draft Bill]
Blog Article
Most universities maintain databases of alumni, for purposes including keeping them informed about the organisation, offering services and seeking donations. These activities have a lot in common with other charities, so the Information Commissioner's guidance is relevant.
Blog Article
Blog Article
[UPDATE: the Irish GDPR coalition have a nice infographic on information lifecycles under the GDPR]
Anyone who has looked at an information security standard is likely to be familiar with the idea of an Information Asset Register. These cover the What and Where of information that an organisation relies on: what information do we hold, and where is it kept.
Blog Article
[this article is based on the draft text published by the European Council on 28th January 2016. Recital and article numbers, at least, will change before the final text]
Blog Article
The Commission's original draft Regulation included explicit support for the work of computer security and incident response teams, recognising that such activities were a legitimate interest that involved processing of personal data.
