Gydeline

Month: October 2017

Standard Banner for GDPR Further Information Articles

Technical Measures

Context: In some cases the GDPR refers to explicit technical measures that need to be implemented such as data encryption and psuedonymisation. In other instances the regulation is vague on what constitutes appropriate security. Therefore there is no definitive list of exactly which technical measures need to be implemented. The measures an organisation chooses should …

Technical MeasuresRead More »

Standard Banner for GDPR Further Information Articles

Data Protection Impact Assessment (DPIA)

Context: The data protection impact assessment is the key documentary requirement which arises in the GDPR. It’s purpose is to ensure that risks to the personal information of individuals have been considered and, where risks are identified, mitigated. It is a mandatory requirement in some instances but is advised across all processing of personal information. …

Data Protection Impact Assessment (DPIA)Read More »

Standard Banner for GDPR Further Information Articles

Organisation Responsibilities to the DPO

Context: Where the GDPR mandates that a DPO is required it also stipulates that the organisation provides an appropriate level of support to the DPO to enable them to carry out their duties: The controller and processor shall support the data protection officer in performing the tasks referred to in Article 39 by providing resources …

Organisation Responsibilities to the DPORead More »