I'm a longstanding GDPR/data protection/privacy specialist with huge experience of both in-house and private practice, gained working across a range of sectors including hi-tech science, media, publishing, higher education and IT. Here I'm sharing my thoughts on GDPR.
30 Nov 2023 6 minute read 0 comments EmilyGDPR
Creating and maintaining a ROPA is necessary for several reasons, including compliance with the ISO 27001 requirements and the GDPR principles. ISO 27001 is an internationally recognized standard for information security management systems. By deve...
28 Nov 2023 8 minute read 0 comments EmilyGDPR
Chatbots – the ultimate disruptor? The topic of chatbots and artificial intelligence (AI) has been widely discussed on social media, the Internet, broadcasting platforms, and in traditional print media, particularly in relation to the GDPR principl...
23 Nov 2023 3 minute read 0 comments EmilyGDPR
Creating and maintaining a Record of Processing Activities (ROPA) is a crucial requirement under the UK GDPR for most organizations processing personal data. Even though organizations with less than 250 employees have some flexibility in creating a R...
15 Nov 2023 3 minute read 0 comments EmilyGDPR
The Information Commissioner's Office (ICO) presented alterations regarding limited international transfers of personal data to Parliament on 2 February 2022, in accordance with GDPR principles. The international data transfer agreement (IDTA) and th...
10 Nov 2023 3 minute read 0 comments EmilyGDPR
A data protection impact assessment (DPIA) is indeed mandatory in certain circumstances under the UK General Data Protection Regulation (GDPR compliance). It is an essential tool that helps organizations fulfill their data protection obligations by i...
7 Nov 2023 8 minute read 1 comment EmilyGDPR
Myth 1: GDPR Compliance Only Applies to European Organizations Reality: One common misconception is that the GDPR only applies to organizations based in the European Union (EU). However, the regulation has extraterritorial reach, meaning it applies t...
31 Oct 2023 14 minute read 1 comment EmilyGDPR
Despite the compelling reasons such as potential hefty fines and personal liability for non-compliance, gaining traction on a GDPR compliance project can still be challenging. Several factors contribute to this difficulty, even years after the GDPR'...
17 Oct 2023 3 minute read 0 comments EmilyGDPR
BS 10012 is a British management system standard that facilitates the implementation of a personal information management system (PIMS). Its purpose is to support organizations in achieving GDPR compliance with data protection laws and implementing g...
6 Oct 2023 3 minute read 2 comments EmilyGDPR
There is some uncertainty regarding the distinction between personal data and sensitive personal data, and there are even doubts about the existence of sensitive personal data as a defined term. Let's try to bring clarity to the matter by considering...
3 Oct 2023 1 minute read 0 comments EmilyGDPR
Certification body (CB) assessors conducting ISO 27001 audits have increasingly emphasized compliance with the General Data Protection Regulation GDPR principles. Previously, assessments primarily focused on whether organizations were registered with...
