Pembroke Privacy offers an invaluable data protection support resource for your Data Protection Officer (DPO) or your internal go-to data protection expert. We provide a full suite of data protection services to support your organisation’s data protection strategy, including building a privacy framework, data protection impact assessments, breach management support, advice on managing data subject rights and guidance on compliant direct marketing approaches.
Aenean sollicitudin, lorem quis biben dum auctor nisi consequat aliquet. Aenean sollicitudin.Proin gravida nibh vel velit auctor aliquet. Aenean sollici tudin, lorem quis bibendum auctor.
Aenean sollici tudin, lorem quis bibendum auctor.
Norem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna the aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupid atat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
Norem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna the aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Norem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna the aliqua.
The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. It sets out rules for how organisations process personal data and requires us all to be able to demonstrate compliance with data protection law. Many organisations have undertaken a “GDPR gap assessment” which helps them identify areas that need improvement. They can then use this assessment to create a GDPR project plan and identify what technical and organisational measures to put in place.
The GDPR applies to the processing of personal data by automated means as well as to manual processing if the personal data are contained in a filing system. As most businesses and organisations process personal data, it is likely that the GDPR will apply to you.
The first step on the road to compliance is to carry out a data protection assessment of your organisation to identify any gaps in compliance and corresponding risks. A detailed project plan with clear tasks, responsibilities and timelines will assist you on your compliance journey.
In certain cases, organisations will have a statutory obligation to appoint a DPO. For example, where there is regular and systematic monitoring of individuals on a large scale. It is up to each organisation to assess whether it is required and if so, the organisation must register the DPO with the Data Protection Commission.
A Data Protection Impact Assessment (DPIA) is an assessment which is carried out on a new project, product, service or processing activity to determine whether the proposed new data processing poses any risks to the rights of the individuals whose personal data is being processed. The aim is to identify risk and implement measures to reduce or eliminate the risk. In certain cases, there is a statutory requirement to carry out a DPIA.
While is it important that you protect personal data from accidental loss, destruction or damage and against unauthorised or unlawful processing, security is just one of the principles of the GDPR. You must also make sure you are compliant with the other data protection principles.
Consent is just one of the lawful bases for data processing and not always the most appropriate one to rely on. You should review the lawful basis for each of your data processing activities and decide which one applies.