Tuesday, 29 May 2018

GDPR and naming Data Controllers

Image: four dogs via Creative Commons So we all think that we've done all we need to do to comply with GDPR, gaining consents, allowing withdrawal of consents and breaking down consents to a granular level.

However, it looks like the regulations demand something a little more complex than that.

Monday, 28 May 2018

How-to: Gaining consent under GDPR (Part III)

Best practices for consent forms

Sifting through the mass of materials and example best practices to help you bring your consent forms into compliance with these new regulations, this is what we've come up with in working for clients.

Sunday, 27 May 2018

How-to: Gaining consent under GDPR (Part II)

Five principles of consent in the GDPR

May 25th saw the implementation of General Data Protection Regulation (GDPR) legislation and I don't doubt for a minute that there are many organisations still not compliant. If you still don't get it, then first of all fix your privacy policy and post a privacy notice on your website. Second, gain consent to collect any personal information you need to keep operating.

Saturday, 19 May 2018

How-to: Gaining consent under GDPR (Part I)

Image: GDPR Consents With the imminent introduction of GDPR on May 25th, you may have noticed you're getting a flurry of 'opt-in' emails from your various membership sites, news groups, mailing lists and social media.

Ad per the new rules, they are all trying to gain renewed consents to contact you. The the key question is: what counts as consent under GDPR?

Monday, 14 May 2018

Review: Lenovo V110-AST

Bought on a budget, the new slimline workhorse laptop has a respectable AMD A9 processor, 8GB of memory and 1TB of storage. So far so good.

Otherwise this Lenovo is a letdown; truly terrible battery life from a non-removable battery; a dead keyboard with an irritatingly inconsistent layout, placement and use of keys; a 15.6in display out of the 1950's; and the worst sound ever since sound was installed on a laptop.

Saturday, 12 May 2018

How-to: Consent and the limits of legitimate interest

The incoming General Data Protection Regulation significantly raises the bar on personal data processing for all organisations contacting EU citizens. Not least in the list of considerations is the extent of legitimate interest - contacting existing customers - and the requirement for explicit, opt-in consent.

GDPR compliance does not mandate discarding all of your existing data and gaining fresh consents from users, but it is absolutely necessary to review your current consent management process.

How-to: ICO checklist for gaining consent on opt-in forms

Supporting the rollout of the new General Data Protection Regulations (GDPR), the ICO in the UK has published an at-a-glance checklist for items to consider on the opt-in form and signup process. The checklist includes the following items:

Friday, 11 May 2018

How-to: GDPR - legitimate interests vs. consent

Under the new GDPR regulations, you need to decide your 'basis for processing'; a reason why you are collecting and storing personal data. The GDPR makes a distinction between 'consent' and 'legitimate interests'.

Under the new regulations, there are six lawful basis for processing data:

Thursday, 10 May 2018

How-to: GDPR - turning six privacy principles into compliance

GDPR imposes new rules around data protection for any organisation that collects and uses personal data about EU residents. The new regulation is designed to strengthen existing data protection laws and will impact on all organisations, changing the way that they handle, use and store data about the people they contact.

GDPR is based on six privacy principles. These are:

Wednesday, 9 May 2018

How-to: GDPR gets personal and sensitive

The EU has reformed its laws around data protection for a couple of reasons; one is to help generate business in the EU by simplifying rules for companies in the Digital Single Market; the other is in response to Europeans' concerns about data protection. The GDPR aims to achieve this by having one set of EU-wide rules.

Starting with first principles, if the EU wants to protect personal and sensitive data, then how exactly are we to define 'personal' and 'sensitive'?

Tuesday, 8 May 2018

How-to: GDPR and where to start

GDPR (General DATA Protection Regulation) comes into force on 25th May 2018. It requires:
  • enhanced personal privacy, meaning more rights for your customers and visitors.
  • more defined processes dealing with personal data.
  • more transparency in why and how you use personal data.
  • greater staff awareness of the new regulations.
  • awareness of the greater financial penalties which can be imposed for breaches.

Monday, 7 May 2018

How-to: The GDPR 12-step guide

This is no stroke of original genius, as all the content for this post is lifted from the summary text of the guide Preparing for the General Data Protection Regulations, from the UK Information Commissioners' Office (copyright HM Government of the United Kingdom). It's a concise, clear rendering of the bones of the GDPR, and as such, a good thing.

It is, however, pretty light on practical examples in many areas, so after understanding the twelve pillars of GDPR, you may need to stick with us to get further insight into tools and techniques to achieve compliance...

Sunday, 6 May 2018

How-to: GDPR compliance here and now

This May is data protection month!

If you're operating any kind of organisation with an online presence within the European Union, then you should know that the new General Data Protection Regulations (GDPR) come into force on May 25th, bringing in new requirements and increasing the penalties for breaches.

Non-compliance after that date is not an option.

Saturday, 5 May 2018

How To: Essential skills for running a website

Image: Flat Earth - boat falling over the edge It seems like any idiot can have their own website these days; and most of us do. You no longer need to be a genius-level computer programmer - or indeed any kind of programmer - to do this. In fact, you can get by on almost no knowledge of IT whatsoever.

There are now so many point-and-click, drag-and-drop, site-builder, page-builder, menu-builder, widget-builder platforms on the web, complete with step-by-step wizards, guides, help and tutorials, you could be a medieval peasant with a belief in the Flat Earth and sorcery and still be able to build your own website to talk about it. Perhaps with the help of a wizard.

Wednesday, 2 May 2018

Review: Lenovo G580 - end of the road

It's official; the Lenovo G580 is about done. My great value Core i5 laptop which I got from Lenovo direct in mid-2012, is just about unusable as a result of entirely predictable design flaws and general wear and tear.

During the original unboxing, I noted the track pad built into the surface of the wrist-rest, concluded the resistive pad was glued to the underside and predicted a track pad failure before any other hardware breakdowns. So it has come to pass.