GDPR: One Year On

With the anniversary of GDPR looming, so too are many GDPR training certificates expiring. Do you need to do more training? Different training? Or are you able to draw a line under the dreaded GDPR and never think about it again? 

Read More
Orlagh Kelly
Ready, Steady.... Brexit!

As if GDPR weren’t complex enough, many sports organisations  are wondering whether impending Brexit will further complicate their GDPR compliance efforts. The short answer appears to be yes. Brexit will certainly add another level of complexity.

Read More
Orlagh Kelly
GDPR- It just got personal!

On the 8th August 2018 the ICO published their findings following an investigation into Lifecycle Marketing (Mother and Baby) Ltd. They were given a £140,000 fine for the illegal collection and selling of personal data of more than 1 million people. Sounds very murky and sinister…wonder how they got all that data?

Read More
Caroline Boyle
Adios Amigos...

GDPR now compels organisations to self-report both to the ICO and to those individuals whose personal data has been compromised on your watch. It’s a risk assessment, a judgement call on whether your breach event is ‘likely to result in a high risk to the rights and freedoms of natural persons’ in which case, time to ‘fess up.

Read More
Caroline Boyle
Who wants to be the DPO??? Anyone??

As organisations work through their GDPR compliance checklist, the thorny issue of who is going to be crowned Data Protection Officer arises. Whilst employees have been happy to contribute their time and skills to a GDPR reference group you may have set up, there’s relative safety in numbers.

Read More
Caroline Boyle
Do Chambers require a Data Protection Officer?

Despite what some may think, the concept of a ‘Data Protection Officer’ is not new. In the UK, many organisations chose to appoint Data Protection Officers as best practice. The relevant change under the GDPR is that such appointments will now be mandatory for organisations who meet the stated criteria. In recent training sessions and client meetings, the question has been posed whether barrister’s chambers should do so.

Read More
Data Controller or Processor – that is the question!

This month, I had the pleasure of delivering GDPR and Data Protection training for the Bar Council in London. Both sessions were fully subscribed and sold out quickly, perhaps indicating the level of interest or concern within the profession. Having conducted my fair share of cross-examinations, it was an interesting experience to be on the receiving end of questions! Despite the roles of data controller and data processor existing prior to GDPR, significant confusion remains about the roles in the context of barristers and chambers.

Read More