The GDPR requires all businesses to implement ‘Data Protection by Design & Default’ but what does that mean in practice and how can businesses practically comply?
The GDPR requires all businesses to implement ‘Data Protection by Design & Default’ but what does that mean in practice and how can businesses practically comply?
The concept of ‘data protection by design’ is not a new one – in the UK the ICO has always advocated an approach that businesses should, as a matter of good-practice, consider data protection implications and implement appropriate protective measures throughout the implementation and lifecycle of business or processing activities.
Under the GDPR, this approach has now been enshrined in law.
Article 25 of the GDPR requires every business to take account of data protection and privacy at all stages in the implementation of new processing activities. Businesses must then ensure that they build appropriate technical and organisational measures to implement the data protection principles and safeguard individual’s rights into that process.
It can however be difficult for many businesses to ensure that this happens in practice. New projects and processes will often by led by teams who won’t have data protection and privacy at the forefront of their minds. Often a data protection question will be asked when a project is already at an advanced stage, technical solutions already agreed on and copy already drafted.
As well as breaching Article 25 obligations, that approach can also cause other challenges for businesses. Compliance can often require technical solutions to be put in place – either to obtain appropriate consents, to give fair processing notices or to change the types of data that are collected. Considering data protection and privacy at a late stage can therefore lead to a requirement for costly changes and delays to project implementation.
How does your organisation therefore ensure that ‘data protection by design’ is implemented across your business? Here are our top tips for businesses to meet these obligations:
This article was first published by Data Protection Magazine.
As well as providing day-to-day support to help you focus on managing your settings, we also provide training and professional development on a range of topics to keep you and your staff up-to-date.
Browne Jacobson’s education team has been named as winner of the ‘Legal Advisors to Education Institutions’ category at the Education Investor Awards 2022 for a record sixth time.
Over 3000 young people from across the UK and Ireland took part in a virtual legal careers insight event, aimed at making the legal profession more diverse.
A deepfake of Bruce Willis is advertising Russian mobile phones. Many great artistic and metaphysical questions are raised by this performance. However, this article is going to look at the intellectual property law implications, from a UK perspective.
The Digital Services Act (the “DSA”) has today (27 October) been given the go-ahead by the EU Council and will enter into force by early 2024.
It is clear that the digital landscape, often termed cyberspace, is a man-made environment, in which human behaviour dominates and where technology both influences and aids our role in it — through the internet, telecoms and networked computer systems, which are often interdependent. The extent to which any organisation is potentially vulnerable to cyber-attack depends on how well these elements are aligned.
Universities and colleges are not immune from deception by unscrupulous bad actors. The extent to which educational institutions can manage and control risk not only depends on financial management and internal controls, but also the robustness of security and processes which can be exploited from outside the organisation.
The new set of Legal 500 directory rankings have been published and we are proud to once again be recognised as one of the country’s leading firms advising the Education sector.
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
In this article we look at local authority companies and whether they are subject to the Freedom of Information Act 2000. And for those that are, what information are they legally obliged to submit.
The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.
The use of social media platforms and applications can have overwhelmingly positive benefits for public bodies. However, regulatory action recently taken by the Information Commissioner, has highlighted various pitfalls that public bodies should seek to avoid if allowing staff to use social media as a communication tool.
In this edition we provide you with the latest in legal updates, news and insight from the higher education sector.
The data protection legislation (namely, the UK GDPR and Data Protection Act 2018) contain various provisions that deal with the processing of personal data for research purposes.
National law firm Browne Jacobson has grown its team behind its dedicated Space + Time executive coaching programme with the addition of two more qualified coaches who will work with clients in the education sector.
Public bodies will be pleased to hear that another significant court decision (Ali v Luton Borough Council [2022] EWHC 132 (QB)) has been made that is favourable to data controllers.
In this edition we provide you with the latest in legal updates, news and insight from the higher education sector.
This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.
The cases summarised give considerable comfort to data controllers seeking to defend themselves against claims that relate to breaches arising as a result of a failure rather than a direct act and/or are based on assertions of damage or distress that are exaggerated, unsubstantiated or bear little relation to the breach itself.
In this edition we provide you with the latest in legal updates, news and insight from the higher education sector.
The Supreme Court has unanimously overturned the Court of Appeal’s 2019 decision in the case Lloyd (Respondent) v Google LLC (Appellant) which allowed the claimant, Mr Lloyd, to serve a representative action on Google on behalf of over four million iPhone users who were seeking damages for ‘loss of control’ of personal data.
Tomorrow, (Wednesday 27th October), national law firm Browne Jacobson will host its second FAIRE: virtual work experience and legal careers insight event, in partnership with Young Professionals.
Cookies and similar technologies are a useful and often necessary tool for online businesses, but their use is governed by both the Privacy and Electronic Communications Regulations (PECR) and the GDPR.
The Confederation of School Trusts (CST), as the sector body for School Trusts, today releases a salary benchmarking service for executive roles in School Trusts, in conjunction with partners XpertHR, Cendex and Browne Jacobson.
Student and staff files will be full of personal data, much of which may be particularly sensitive such as health information (known under the data protection legislation as “special category” data).
In February 2021, the High Court handed down judgment London Borough of Lambeth v AM (No. 2) [2021] EWHC 186 (QB), in which Browne Jacobson LLP acted for the Claimant Council. The judgment is critical reading for public bodies who are required to take action to restrict the use of confidential information in circumstances where that information has been inadvertently disclosed to a third-party.
The Supreme Court’s pending decision could potentially open the floodgates for data privacy litigation going forward.
Watch our on-demand video for our popular Claims Club where we discussed the risk of data sharing, risks in a changing climate, highway claims and what we can see on the horizon.
The Joint Council for Qualifications (JCQ) this week published the appeals guidance for grades awarded this summer.
In this edition of our higher education newsletter, we provide you with the latest in legal updates, news and insight from the higher education sector.
Schools will now be tasked with reading a vast amount of information to get themselves ready to provide teacher-assessed grades (TAGs) for students following the recent publication of the suite of Joint Council Qualifications (JCQ).