GDPRprocess

23 May 2017 at 9:59am

GDPR: Portability Right Guidance

Andrew Cormack
Data Protection Regulation
GDPRprocess
The Article 29 Working Party's final guidance on implementing the right to portability is a significant improvement on the previous draft.
Read more
23 May 2017 at 11:51am

GDPR: notices and processes

Andrew Cormack
Data Protection Regulation
GDPRprocess
Some of the General Data Protection Regulation's requirements on data controllers apply no matter which legal basis for processing is being used.
Read more
23 October 2019 at 10:27am

GDPR: What's your justification?

Andrew Cormack
Data Protection Regulation
GDPRprocess
[Updated Oct.19 to add EDPB on Necessary for Contract and ICO on Consent] [Updated Sep.18 to repair links broken by the demise of the Article 29 WP website] [Updated Oct.17 to include an example where multiple justifications are appropriate]
Read more
19 April 2017 at 9:40am

GDPR: A new kind of consent

Andrew Cormack
Data Protection Regulation
Consent
GDPRdevelopment
GDPRprocess
While some have viewed the General Data Protection Regulation's approach to consent as merely adjusting the existing regime, the Information Commissioner's draft guidance suggests a more fundamental change: "a more dynamic idea of consent: consent as an organic, ongoing and actively managed choice, and not simply a one-off compliance box to tick and file away".
Read more
25 April 2017 at 2:30pm

GDPR: moving to Information Lifecycle Registers?

Andrew Cormack
Data Protection Regulation
GDPRprocess
[UPDATE: the Irish GDPR coalition have a nice infographic on information lifecycles under the GDPR] Anyone who has looked at an information security standard is likely to be familiar with the idea of an Information Asset Register. These cover the What and Where of information that an organisation relies on: what information do we hold, and where is it kept.
Read more
19 April 2017 at 9:46am

GDPR: Twelve Steps, Sorted

Andrew Cormack
Data Protection Regulation
GDPRprocess
Although the Information Commissioner's "Twelve Steps to Prepare" is an excellent guide to what organisations need to do in the eighteen months before the General Data Protection RegulationĀ  becomes UK law in May 2018, following them in order from 1 to 12 may n
Read more

Jisc Security Conference 2016

Andrew Cormack
19 April 2017 at 9:47am
#Jiscsec
Data Protection Regulation
GDPRprocess
I'll be talking on Tuesday about how the General Data Protection Regulation will create some more reasons for organisations to practise good information security.
Read more
19 April 2017 at 9:49am

Referendum: has the GDPR gone away?

Andrew Cormack
Data Protection Regulation
GDPRprocess
A few hours after the result of Thursday's referendum on membership of the European Union, I gave a presentation on the significance of the EU's General Data Protection Regulation, due to come into force in May 2018. That might seem a waste of time, but my suggestion was that the referendum result might in fact make the GDPR more important to us.
Read more
Subscribe to GDPRprocess