I regularly deal with DBS data in our client base. My view is that the organisation only needs to hold the DBS Pass or Fail status of the prospective/current staff member. There a number of very good services in the UK that helps HR teams gain the information they need without having to process signRead more
I regularly deal with DBS data in our client base. My view is that the organisation only needs to hold the DBS Pass or Fail status of the prospective/current staff member. There a number of very good services in the UK that helps HR teams gain the information they need without having to process significant personal data. If I were a HR team I’d want to reduce my risk – what’s really behind their wanting to keep all this detail is perhaps the key to understanding the situation and resolving it appropriately?
Agree with Ian's response. Nothing would prevent this but the practicalities of being able to actively understand the processing of each entity is paramount.
Agree with Ian’s response. Nothing would prevent this but the practicalities of being able to actively understand the processing of each entity is paramount.
I have researched a range of eLearning tools for many of Cybata's clients. I have learnt that there are so many factors that will impact the right platform for your organisation. Here are some thoughts; - Some of the largest providers are US based and my clients real from the obvious language differRead more
I have researched a range of eLearning tools for many of Cybata’s clients. I have learnt that there are so many factors that will impact the right platform for your organisation. Here are some thoughts;
– Some of the largest providers are US based and my clients real from the obvious language differences.
– Some clients absolutely need SCORM to allow support of existing/additional material from that provided.
– Others absolutely want integration with their HR system.
Some clients need the tool but also need a wider program of supporting materials such as email/social/posters.
– Having the content that chimes with the culture of the business is for me also a critical consideration.
Picking up on the great points made by my fellow contributors. 1. Documenting your decisions is vital. Never put yourself in the position of trying to remember. You might get the decision wrong at the time, or case law may in time make your the wrong one. 2. Improvement. Errors happen, What complianRead more
Picking up on the great points made by my fellow contributors.
1. Documenting your decisions is vital. Never put yourself in the position of trying to remember. You might get the decision wrong at the time, or case law may in time make your the wrong one.
2. Improvement. Errors happen, What compliance systems and regulators want to see is evidence of improvement. Don’t have the same mistake twice or more, that’s a recipe for sever action.
3. Technology – Systems – People. People remain a significant weakness in organisations. Training training and more training is required as only Knowledge makes people better.
Dominga, Like you until I am convinced any system for sharing the data is suitable for the data being shared then I will always defer to the system I know is secure. Great list.
Dominga, Like you until I am convinced any system for sharing the data is suitable for the data being shared then I will always defer to the system I know is secure.
@Ian I prefer your approach. I work on the assumption that GDPR is a long journey. As with any new social change there are early adopters and laggards and everyone else on a spectrum in-between! What this means for me is continuous development of knowledge so people begin to move along the spectrumRead more
Christian Fahey I prefer your approach. I work on the assumption that GDPR is a long journey. As with any new social change there are early adopters and laggards and everyone else on a spectrum in-between! What this means for me is continuous development of knowledge so people begin to move along the spectrum to where we want them to be. The materials you have created sound great. Keep up the good work.
I too have heard of Smartbox, but have never used them so as with BLueBottles response due diligence the watch word because so many solutions promise so much and under deliver!
I too have heard of Smartbox, but have never used them so as with BLueBottles response due diligence the watch word because so many solutions promise so much and under deliver!
For sending and information that is either commercially sensitive or includes PII I use https://appriver.com/product/email-encryption . All data held in the UK.
Any software tool (not just GDPR), if implemented without team buy in, a great implementation service and quality training, will always be blamed when "it" (the project) does not deliver what was hoped at the outset. A tool is only an 'aid' to doing the job. I recommend/provide DPOrganizer for manyRead more
Any software tool (not just GDPR), if implemented without team buy in, a great implementation service and quality training, will always be blamed when “it” (the project) does not deliver what was hoped at the outset. A tool is only an ‘aid’ to doing the job.
I recommend/provide DPOrganizer for many of my clients because of the ease of use. Most of these clients are SME in size and don’t have big privacy teams to manage OneTrust and other enterprise platforms. I offer a service, with a 6 step model, to take a client with an existing RoPA to having a configured and useable DPOrganizer instance which I then train the users on. I believe a similar process is needed whichever vendors platform is being implemented.
DBS scenario with HR retaining excessive information for longer than necessary
Chris Roberts
I regularly deal with DBS data in our client base. My view is that the organisation only needs to hold the DBS Pass or Fail status of the prospective/current staff member. There a number of very good services in the UK that helps HR teams gain the information they need without having to process signRead more
I regularly deal with DBS data in our client base. My view is that the organisation only needs to hold the DBS Pass or Fail status of the prospective/current staff member. There a number of very good services in the UK that helps HR teams gain the information they need without having to process significant personal data. If I were a HR team I’d want to reduce my risk – what’s really behind their wanting to keep all this detail is perhaps the key to understanding the situation and resolving it appropriately?
See lessDPO in EU and UK
Chris Roberts
Agree with Ian's response. Nothing would prevent this but the practicalities of being able to actively understand the processing of each entity is paramount.
Agree with Ian’s response. Nothing would prevent this but the practicalities of being able to actively understand the processing of each entity is paramount.
See lessUK company providing GDPR training for employees?
Chris Roberts
I have researched a range of eLearning tools for many of Cybata's clients. I have learnt that there are so many factors that will impact the right platform for your organisation. Here are some thoughts; - Some of the largest providers are US based and my clients real from the obvious language differRead more
I have researched a range of eLearning tools for many of Cybata’s clients. I have learnt that there are so many factors that will impact the right platform for your organisation. Here are some thoughts;
– Some of the largest providers are US based and my clients real from the obvious language differences.
– Some clients absolutely need SCORM to allow support of existing/additional material from that provided.
– Others absolutely want integration with their HR system.
Some clients need the tool but also need a wider program of supporting materials such as email/social/posters.
– Having the content that chimes with the culture of the business is for me also a critical consideration.
Happy to have a conversation if desired – chris@cybata.co.uk
See lessDSAR disaster!
Chris Roberts
Picking up on the great points made by my fellow contributors. 1. Documenting your decisions is vital. Never put yourself in the position of trying to remember. You might get the decision wrong at the time, or case law may in time make your the wrong one. 2. Improvement. Errors happen, What complianRead more
Picking up on the great points made by my fellow contributors.
1. Documenting your decisions is vital. Never put yourself in the position of trying to remember. You might get the decision wrong at the time, or case law may in time make your the wrong one.
2. Improvement. Errors happen, What compliance systems and regulators want to see is evidence of improvement. Don’t have the same mistake twice or more, that’s a recipe for sever action.
3. Technology – Systems – People. People remain a significant weakness in organisations. Training training and more training is required as only Knowledge makes people better.
Good luck.
See lessRightly.co.uk
Chris Roberts
Dominga, Like you until I am convinced any system for sharing the data is suitable for the data being shared then I will always defer to the system I know is secure. Great list.
Dominga, Like you until I am convinced any system for sharing the data is suitable for the data being shared then I will always defer to the system I know is secure.
Great list.
See lessGDPR 3rd year anniversary messages
Chris Roberts
@Ian I prefer your approach. I work on the assumption that GDPR is a long journey. As with any new social change there are early adopters and laggards and everyone else on a spectrum in-between! What this means for me is continuous development of knowledge so people begin to move along the spectrumRead more
Christian Fahey I prefer your approach. I work on the assumption that GDPR is a long journey. As with any new social change there are early adopters and laggards and everyone else on a spectrum in-between! What this means for me is continuous development of knowledge so people begin to move along the spectrum to where we want them to be. The materials you have created sound great. Keep up the good work.
See lessExtracting emails and duplication of data in SARs
Chris Roberts
I too have heard of Smartbox, but have never used them so as with BLueBottles response due diligence the watch word because so many solutions promise so much and under deliver!
I too have heard of Smartbox, but have never used them so as with BLueBottles response due diligence the watch word because so many solutions promise so much and under deliver!
See lessClient wanting to solicit to our contact database
Chris Roberts
I would follow Hellen's advice.
I would follow Hellen’s advice.
See lessSending Information in an Access Request
Chris Roberts
For sending and information that is either commercially sensitive or includes PII I use https://appriver.com/product/email-encryption . All data held in the UK.
For sending and information that is either commercially sensitive or includes PII I use https://appriver.com/product/email-encryption . All data held in the UK.
See lessGDPR Managment Tools
Chris Roberts
Any software tool (not just GDPR), if implemented without team buy in, a great implementation service and quality training, will always be blamed when "it" (the project) does not deliver what was hoped at the outset. A tool is only an 'aid' to doing the job. I recommend/provide DPOrganizer for manyRead more
Any software tool (not just GDPR), if implemented without team buy in, a great implementation service and quality training, will always be blamed when “it” (the project) does not deliver what was hoped at the outset. A tool is only an ‘aid’ to doing the job.
I recommend/provide DPOrganizer for many of my clients because of the ease of use. Most of these clients are SME in size and don’t have big privacy teams to manage OneTrust and other enterprise platforms. I offer a service, with a 6 step model, to take a client with an existing RoPA to having a configured and useable DPOrganizer instance which I then train the users on. I believe a similar process is needed whichever vendors platform is being implemented.
See less