Risk assessment is a fundamental health and safety requirement in any type of organisation. When it comes to the manufacturing and engineering industries though, the value of task-based risk assessment goes beyond meeting legal requirements and keeping workers safe. Here are five reasons to include task-based risk assessment in your organisation’s core training programme. 1. It’s good practice Task-based risk…
Read more
ISO 27001 is an internationally recognised standard designed to help businesses protect and manage their information assets. The standard’s framework supports you to implement and maintain a robust information management system (ISMS) that complies with regulations. Business benefits of Implementing ISO 27001 1. Effective risk management ISO 27001 requires that you: Assess threats to your information security and identify…
Read more
The rules for making a subject access request (SAR) under the GDPR will be similar to the Data Protection Act 1998. However, there are key differences. With less than six months until the GDPR comes into force, it’s time to make sure you can meet new requirements to be legally compliant. What is a subject access request (SAR)? A SAR…
Read more
Under the current Data Protection Act 1998 (DPA) any organisation that processes personal data and sensitive personal data must have a legal basis for doing so. The GDPR, which comes into force in May 2018, is more rigorous in maintaining this position. Changes affected by the GDPR will have clear, practical implications in a way that the current DPA does…
Read more
For the most part, individuals’ data protection rights will be the same as they are under the current Data Protection Act but with significant enhancements. The GDPR will also introduce new rights. There will be the ‘right to erasure’; individuals can have their data deleted upon request. The GDPR will also introduce the ‘right to data portability’ which allows data…
Read more
At the moment, when your organisation collects people’s personal data your privacy notice needs to tell them who you are and how you plan to use their data. Under the GDPR your privacy notice must contain some additional information. You need to communicate your legal basis for processing data, your data retention periods and you must inform people that they…
Read more
The GDPR EU regulation requires you to maintain records of all your personal data processing activities. In order to do this you need to identify what types of personal data you hold, where it came from, who you share it with, the reason you need it, how you maintain accuracy and how you keep the information secure. Here are the…
Read more
It’s vital to make everybody in your organisation aware of the new data protection requirements that the GDPR will bring. The majority of data breaches that occur are due to human error – sending information to the wrong email address, failing to encrypt data, and losing memory sticks or mobile devices. Under the GDPR, penalties for such errors could be…
Read more
The European Union’s General Data Protection Regulation (GDPR) comes into force on 25th May 2018, regardless of Brexit. The legislation gives new rights and greater protection to data subjects. Given that health, social care and voluntary sector organisations utilise vast amounts of sensitive data, GDPR is an important development. Serious failures to comply with legislation can result in huge fines…
Read more
If your company already complies with the Data Protection Act (DPA) then you have a firm foundation for meeting the new EU General Data Protection Regulation (GDPR). In order to adapt your practice to meet regulatory changes and to gain support from managers in your organisation, it’s a good idea to start preparing now. These twelve steps draw upon ICO’s…
Read more
