Here, we present a series of ‘Focus on…’ guides, that expand upon topics introduced in the main guides and provide additional detail, examples and practical instructions. Developed in a way that reflects the order of tasks to be addressed, the first in this series focuses on the specifics relating to data protection impact assessments. This section will be regularly maintained.
The GDPR promotes a risk-based approach to data protection. The Data Protection Impact Assessment (DPIA) is a key process in the identification and mitigation of risks to data subjects in processing operations. The DPIA will be a legal requirement, under the GDPR, in respect of certain types of data processing. However, assessing risks is an …
This is a fundamental concept that underlies the GDPR and requirements within it; this approach should be embedded throughout the whole organisation. This guide expands on the requirements and presents ways of achieving compliance.
Under the GDPR, public authorities are required to appoint a Data Protection Officer (DPO), to provide advice, support and guidance to the data controller and others in respect of all aspects of processing personal data and complying with the GDPR. This guide explains the role and the points to consider when appointing and working with a …
The GDPR confirms the need for a contractual relationship between these two key roles in data processing. Suggestions about the practical issues involved are included in this guide.
A fundamental requirement, to be established prior to any processing, is that it is lawful. There are several different legal foundations under the GDPR but not all are suitable or relevant for data processing activities within the OPCC. This guide sets out the reasoning behind this, and how to ensure compliance in this respect.
The strengthening of individuals’ rights is a key element of the GDPR, as well as the obligations of the data controller. this requirement combines both. This guide sets out what information should be provided and examines practical ways of doing this. Guidance on privacy notices is included.
Flowing from and linked to several other obligations and principles, transparency is emphasised in the GDPR. This guide explains what is incorporated in this key principle.
Demonstrating compliance with the GDPR as well as making and maintaining records relating to every aspect of data processing is an important element of the principle of accountability. This guide explains the layers of compliance and what they entail.
In the event of a data breach, the GDPR sets out strict requirements in relation to reporting and response. Other important considerations should be incorporated; the guide sets those out clearly, with suggestions for practical measures to be carried out.