I'm a longstanding GDPR/data protection/privacy specialist with huge experience of both in-house and private practice, gained working across a range of sectors including hi-tech science, media, publishing, higher education and IT. Here I'm sharing my thoughts on GDPR.
25 Sep 2023 2 minute read 1 comment EmilyGDPR
If there were an easy solution available, organizations could opt for certification under an approved UK GDPR certification scheme. The Data Protection Act 2018 empowered the Information Commissioner's Office (ICO), the privacy regulator in the UK, t...
20 Sep 2023 3 minute read 0 comments EmilyGDPR
This blog focuses on an aspect of the GDPR compliance which can be particularly challenging for a number of organisations, namely, how do you ensure your supply chain complies with the Regulation when processing personal data? The obligations for da...
8 Sep 2023 1 minute read 0 comments EmilyGDPR
More and more frequently, we encounter the question of whether there exists a universal international standard that can definitively demonstrate external verification of data protection compliance. While it would be ideal to provide a straightforwar...
29 Aug 2023 2 minute read 0 comments EmilyGDPR
This blog explores the requirement outlined in both the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR) regarding the verification of an individual's identity before taking any action or disclosing information...
16 Aug 2023 9 minute read 0 comments EmilyGDPR
When considering the resourcing of a Data Protection Officer (DPO), organizations have two main options: the in-house route or the outsourcing route. Each option has its pros and cons, and the choice depends on various factors specific to the orga...
4 Aug 2023 3 minute read 0 comments EmilyGDPR
The GDPR principles and the DPA set out the legal requirements for data protection and privacy, but they do not provide detailed guidance on specific measures organizations should take to safeguard personal data. ISO/IEC 27701:2019 (ISO 27701) fills...
25 Jul 2023 5 minute read 0 comments EmilyGDPR
The demand for guidance on privacy protection and personal information management is increasingly crucial, especially in light of the GDPR principles. Fortunately, there is a valuable resource in the form of ISO/IEC 27701:2019 (ISO 27701), an Inter...
17 Jul 2023 3 minute read 0 comments EmilyGDPR
The Information Commissioner's Office (ICO) presented alterations regarding limited international transfers of personal data to Parliament on 2 February 2022, in accordance with GDPR principles. The international data transfer agreement (IDTA) and...
7 Jul 2023 2 minute read 0 comments EmilyGDPR
The blog focuses on Article 28 of the GDPR, which outlines requirements for data processors in the context of data transfers outside the European Economic Area (EEA) in accordance with the GDPR principles. One of the methods to legitimize such tran...
28 Jun 2023 7 minute read 0 comments EmilyGDPR
What are the Implications and Next Steps for Your Organisation? On 16 July 2020, the Court of Justice of the European Union (CJEU) made a significant ruling concerning the adequacy of the EU-US Privacy Shield and standard contractual clauses (SCCs),...
