Data Protection Regulation

25 July 2017 at 10:48am

GDPR: Service Categories

Andrew Cormack
Data Protection Regulation
GDPRprocess
Jisc provides a lot of different services: too many for us to look at each one from scratch before the General Data Protection Regulation comes into force next May. Instead, we've identified four different patterns that seem to cover the majority of services. We hope that having a common set of expectations for each pattern will simplify discussions with service managers, customers and users.
Read more
11 July 2017 at 10:46am

GDPR: Web forms and consent

Andrew Cormack
Data Protection Regulation
GDPRtopics
Looking at yet another of those web registration forms that seems to collect more data than required, it occurred to me that there might be quite a neat way to meet the General Data Protection Regulation's requirements for positive, recorded consent.
Read more
5 July 2017 at 9:59am

Article 29 WP on Workplace Monitoring

Andrew Cormack
Data Protection Regulation
GDPRtopics
GDPRprocess
Monitoring
The Article 29 Working Party has produced new guidance on data processing in the workplace, to account for the very significant changes that have occurred since their previous guidance in 2001. Although the focus is on "employee monitoring", it is likely to be relevant to other situations where an organisation has significant power over those who use its premises and equipment. The guidance considers the requirements under both the Data Protection Directive and, from next year, the GDPR.
Read more
14 June 2017 at 11:30am

GDPR: Attendance Monitoring

Andrew Cormack
Data Protection Regulation
GDPRtopics
A question recently arose about monitoring students' attendance at lectures and tutorials, and how this fitted into data protection law. Since the main purpose of such monitoring seems to be to identify and assist students who don't attend, and whose presence is therefore not recorded or processed, there seem to be a number of both practical and legal issues to think about.
Read more
2 June 2017 at 2:37pm

GDPR: How to Prepare

Andrew Cormack
Data Protection Regulation
GDPRprocess
To mark one year to go till the General Data Protection Regulation comes into force, we've published an article on "How Universities and Colleges Should be Preparing for New Data Regulations" on the Jisc website.
Read more
12 June 2017 at 10:19am

GDPR: Public Authorities and Legitimate Interests

Andrew Cormack
Data Protection Regulation
GDPRdevelopment
I was interested to spot that the Article 29 Working Party visited the question of "public authorities" back in 2014, on page 23 of their Opinion on Legitimate Interests.
Read more
5 June 2018 at 11:28am

GDPR: 12 Steps Illustrated

Andrew Cormack
Data Protection Regulation
GDPRprocess
I've been trying to produce a visual image to capture the twelve steps to GDPR compliance. For details of the individual steps see:
Read more
23 May 2017 at 9:59am

GDPR: Portability Right Guidance

Andrew Cormack
Data Protection Regulation
GDPRprocess
The Article 29 Working Party's final guidance on implementing the right to portability is a significant improvement on the previous draft.
Read more
Subscribe to Data Protection Regulation