by Michelle | 29 08 23 | GDPR, Rights of data subjects
Let’s make your website GDPR-ready.
Are you a small business consultancy looking to gain GDPR compliance for your website? Look no further than our new £9 offer, designed to help you navigate the complex world of GDPR requirements and make your website GDPR-ready.
Section 1: Website walkthrough
At the heart of GDPR compliance is the need to protect user data. This includes collecting user consent for data collection and providing clear and concise privacy policies. In Lesson 1, “What to look for on a website to make GDPR compliant,” we break down the key elements contributing to your website’s compliance.
We’ll start by helping you understand what personal data is and what it isn’t. From there, we’ll explore the different data collection practices, including cookies, analytics, and user input forms. We’ll also cover the importance of privacy policies and how to ensure that they meet GDPR requirements.
Lesson 2: Website checklist
Now that you have an understanding of what GDPR compliance entails, it’s time to put that knowledge into practice. In Lesson 2, “Website Checklist,” we provide a handy checklist that acts as your trusty companion throughout the compliance journey.
Our step-by-step guide will help you identify gaps in your website’s GDPR readiness, ensuring you have all the necessary measures. From updating your privacy policy to providing user consent for data collection, we’ll help you cover all the bases.
Let’s make your website GDPR-ready.
By the end of this short introductory course, you’ll be equipped with the knowledge and practical tools to make your website GDPR-ready confidently. Our “Let’s Make Your Website GDPR Ready” course is designed to be accessible and easy to follow, ensuring you don’t miss any critical steps.
Join us now and take the first steps towards compliance. Secure your website’s future and build trust with your users today!
If you want to know about our services, check out our page here, or why not book a discovery call here?
by Michelle | 16 01 23 | Data Protection Act, Data Security and Protection Toolkit, GDPR, GDPR Principles, Rights of data subjects
If GDPR and compliance are a concern for you or your organisation, don’t worry. Taking all the different aspects in at once can (and probably has) caused everyone to feel a little overwhelmed at some point. But it doesn’t need to. Here are the five tips to know about and why they matter.
Transparency
When it comes to GDPR, transparency is a fundamental principle. The reason why that’s the case is simple. It gives individuals as much control over their data as possible and facilitates their rights.
Control and rights are both fundamental underpinning principles of GDPR.
How does a company demonstrate transparency? The content of privacy notices is a good start. Good, compliant examples include
- the contact details of the company;
- if required, the Data Protection Officer,
- the purpose and lawful bases for processing the data
- and the categories of personal data you hold to name a few.
Mapping your data
Data mapping confuses some, but its principle is relatively easy. Mapping your data means establishing what information you hold and exactly how it flows through your company. This type of audit (also known as a mapping exercise) should be performed regularly by assigned individuals.
Doing so ensures it is maintained and amended as needed by a person or persons who are aware of their responsibilities.
Reporting breaches
Breaches can unfortunately happen, and on a long enough timescale, something similar to the list below probably will.
Data breaches can take many forms, such as:
- Device loss or theft
- Phishing scams
- Hacking
- Lost or stolen external USB drives
Breaches can also result from carelessness or lack of awareness, such as unattended computers and, especially recently, working from home on unauthorised personal devices and unprotected networks.
Reporting breaches of personal data have been mandatory since before the GDPR came into force. It just became more visible,, and the assessment for reporting changed. The Information Commissioner’s Office has a dedicated section for more information about breach reporting.
Knowing your subject’s rights
Data subjects have a wide range of rights relating to the data you hold about them, making it essential to know why you are processing the information you hold about them.
Data subjects have some or all of the following rights:
The right to be informed (Including why you are processing their data, how long you intend to retain it and who you might share it with.)
A right of access (Typically referred to as a Subject Access Request or SAR which must be dealt with in a timely way.)
The right to rectification (If the subject feels their data is incomplete or inaccurate.)
A right to erasure (Also known as the right to be forgotten, sometimes for legal reasons this may not always apply)
The right to restrict processing (In certain circumstances, an individual as the right to store their data but to stop you using it.)
A right to portability (The right to obtain their data and reuse it for another purpose or service.)
Being accountable
For both controllers and processors, demonstrating compliance and putting measures in place to meet the requirements for accountability will mitigate the risk of enforcement action. Still, it will also build trust in your business and its services and raise you above the competition.
For help and advice around transparency, avoiding breaches, mapping the data you use, subject’s rights and accountability, get in touch today; I’d love to offer you help and advice in the field I specialise in.
