This guidance discusses the right of access in detail. Read it if you have detailed questions not answered in the Guide, or if you need a deeper understanding to help you apply the right of access in practice. It is aimed at data protection officers (DPOs) and those with specific data protection responsibilities in larger […]
UK’s data protection authority – the Information Commissioner’s Office (ICO) published its guidance on the Lawful Basis for Processing Special Category Data, outlining the types of sensitive personal data that are recognised as special category data under Article 9 of the General Data Protection Regulation (GDPR) and how organisations should approach processing special category data, […]
The GDPR gives people the right not to be subject to solely automated decisions, including profiling, which have a legal or similarly significant effect on them. These provisions restrict when you can carry out this type of processing and give individuals specific rights in those cases.
This guidance will help you to understand the importance of encryption as an appropriate technical measure to protect the personal data you hold. Whether you are a controller or a processor, encryption is a technique that you can use to protect personal data. The guidance outlines the concept of encryption in the context of the […]
A key principle of the GDPR is that you process personal data securely by means of ‘appropriate technical and organisational measures’ – this is the ‘security principle’. Doing this requires you to consider things like risk analysis, organisational policies, and physical and technical measures. You also have to take into account additional requirements about the security of […]