I would strongly suggest reading this: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/exemptions/
As a follow up to the above also look at the new shortly to become available UK international Data Transfer Agreement and Guidance ... https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidanceRead more
As a follow up to the above also look at the new shortly to become available UK international Data Transfer Agreement and Guidance …
“On 2 February 2022, the Secretary of State laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (Addendum) and a document setting out transitional provisions. This final step follows the consultation the ICO ran in 2021. The documents are issued under Section 119A of the Data Protection Act 2018.
If no objections are raised, they come into force on 21 March 2022. Exporters will be able to use the IDTA or the Addendum as a transfer tool to comply with Article 46 of the UK GDPR when making restricted transfers.”
The time line should be at least as long as it would be required of the controller to be able to undertake and interact with the processor about the new sub-processor of the controller; like reviewing the VDD they have done and any or all of the DPIA's / LIA's etc as part of that exercise so they caRead more
The time line should be at least as long as it would be required of the controller to be able to undertake and interact with the processor about the new sub-processor of the controller; like reviewing the VDD they have done and any or all of the DPIA’s / LIA’s etc as part of that exercise so they can amend their own records and make the decision if they are happy with the risk change.
I have seen time periods in Controller to Processor agreements that vary from a minimum of 30 days to 90 day for changes in processing supply chain scope within the DSA (Data Sharing Agreements)
It also depends how much the Processor (Controller in their own right) has their own house in order with respect to Vendor due diligence and notification to parties that they process on behalf of .. but as you mention they should be taking a risk based approach to the activities of the new processor … more lead time for more risk and sensitive personal data sets .. that are in scope.
I would suggest pitching this question at Tim Turner of 2040training who is very knowledgeable on all aspects of FOI. Sadly i am not much of an expert in this area. Sorry.
I would suggest pitching this question at Tim Turner of 2040training who is very knowledgeable on all aspects of FOI.
Sadly i am not much of an expert in this area. Sorry.
.. And definitely don't consider GA and classify as essential cookies .... like a lot of people seem to do ... As i always say to clients... it is not what you as a business think is essential ... :)
.. And definitely don’t consider GA and classify as essential cookies …. like a lot of people seem to do …
As i always say to clients… it is not what you as a business think is essential … 🙂
Definitely you have to do the info gathering yourself from whatever public facing materials you can find. Definitely more of a generic legal positioned response rather than an understanding trust interaction and addressing your concerns around your VDD. The only way that you do get the info and an eRead more
Definitely you have to do the info gathering yourself from whatever public facing materials you can find. Definitely more of a generic legal positioned response rather than an understanding trust interaction and addressing your concerns around your VDD.
The only way that you do get the info and an ear to the ground is if you have the size and might and financial concern to them as the requesting entity, and have an account manager that can push for you on the inside to get specific questions or concerns answered.
If anyone has any questions around the best way to configure DPOrganizer and complex relationships scenarios, then definitely speak to Chris Roberts @chrrob on here as he has done some amazing things in this regard recently.
If anyone has any questions around the best way to configure DPOrganizer and complex relationships scenarios, then definitely speak to Chris Roberts Chris Roberts on here as he has done some amazing things in this regard recently.
Cold Prospecting
Dave_Wylie
I would strongly suggest reading this: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/exemptions/
I would strongly suggest reading this:
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/exemptions/
See lessGDPR Compliance
Dave_Wylie
As a follow up to the above also look at the new shortly to become available UK international Data Transfer Agreement and Guidance ... https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidanceRead more
As a follow up to the above also look at the new shortly to become available UK international Data Transfer Agreement and Guidance …
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/
“On 2 February 2022, the Secretary of State laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (Addendum) and a document setting out transitional provisions. This final step follows the consultation the ICO ran in 2021. The documents are issued under Section 119A of the Data Protection Act 2018.
If no objections are raised, they come into force on 21 March 2022. Exporters will be able to use the IDTA or the Addendum as a transfer tool to comply with Article 46 of the UK GDPR when making restricted transfers.”
See lessGDPR Compliance
Dave_Wylie
Pretty much most of what you need to demonstrate EU GDPR compliance; with a few exceptions !
Pretty much most of what you need to demonstrate EU GDPR compliance; with a few exceptions !
See lessNature of Relationship
Dave_Wylie
This is definitely an area of expertise of @chrrob who specialises in the GDPR implications of sporting institutions and their supply chains !
This is definitely an area of expertise of Chris Roberts who specialises in the GDPR implications of sporting institutions and their supply chains !
See lessNotification of changes to data processors
Dave_Wylie
The time line should be at least as long as it would be required of the controller to be able to undertake and interact with the processor about the new sub-processor of the controller; like reviewing the VDD they have done and any or all of the DPIA's / LIA's etc as part of that exercise so they caRead more
The time line should be at least as long as it would be required of the controller to be able to undertake and interact with the processor about the new sub-processor of the controller; like reviewing the VDD they have done and any or all of the DPIA’s / LIA’s etc as part of that exercise so they can amend their own records and make the decision if they are happy with the risk change.
I have seen time periods in Controller to Processor agreements that vary from a minimum of 30 days to 90 day for changes in processing supply chain scope within the DSA (Data Sharing Agreements)
It also depends how much the Processor (Controller in their own right) has their own house in order with respect to Vendor due diligence and notification to parties that they process on behalf of .. but as you mention they should be taking a risk based approach to the activities of the new processor … more lead time for more risk and sensitive personal data sets .. that are in scope.
Hope that helps.
See lessUnder a FOI request? Please can someone show me in the legislation where the “less than 5” rule applies?
Dave_Wylie
I would suggest pitching this question at Tim Turner of 2040training who is very knowledgeable on all aspects of FOI. Sadly i am not much of an expert in this area. Sorry.
I would suggest pitching this question at Tim Turner of 2040training who is very knowledgeable on all aspects of FOI.
Sadly i am not much of an expert in this area. Sorry.
See lessCan MS Teams Chat be included within a SAR?
Dave_Wylie
Absolutely
Absolutely
See lessGoogle Analytics
Dave_Wylie
.. And definitely don't consider GA and classify as essential cookies .... like a lot of people seem to do ... As i always say to clients... it is not what you as a business think is essential ... :)
.. And definitely don’t consider GA and classify as essential cookies …. like a lot of people seem to do …
As i always say to clients… it is not what you as a business think is essential … 🙂
See lessUS big providers and due dilligence
Dave_Wylie
Definitely you have to do the info gathering yourself from whatever public facing materials you can find. Definitely more of a generic legal positioned response rather than an understanding trust interaction and addressing your concerns around your VDD. The only way that you do get the info and an eRead more
Definitely you have to do the info gathering yourself from whatever public facing materials you can find. Definitely more of a generic legal positioned response rather than an understanding trust interaction and addressing your concerns around your VDD.
The only way that you do get the info and an ear to the ground is if you have the size and might and financial concern to them as the requesting entity, and have an account manager that can push for you on the inside to get specific questions or concerns answered.
See lessHotels and employee personal data
Dave_Wylie
If anyone has any questions around the best way to configure DPOrganizer and complex relationships scenarios, then definitely speak to Chris Roberts @chrrob on here as he has done some amazing things in this regard recently.
If anyone has any questions around the best way to configure DPOrganizer and complex relationships scenarios, then definitely speak to Chris Roberts Chris Roberts on here as he has done some amazing things in this regard recently.
See less