Recent News

click to close
click to close
click to close
click to close
click to close

Supplementary Materials

Here, we present a series of ‘Focus on…’ guides, that expand upon topics introduced in the main guides and provide additional detail, examples and practical instructions. Developed in a way that reflects the order of tasks to be addressed, the first in this series focuses on the specifics relating to data protection impact assessments. This section will be regularly maintained.

book cover

Focus on: Data Protection Impact Assessments

The GDPR promotes a risk-based approach to data protection. The Data Protection Impact Assessment (DPIA) is a key process in the identification and mitigation of risks to data subjects in processing operations. The DPIA will be a legal requirement, under the GDPR, in respect of certain types of data processing.  However, assessing risks is an …

book cover

Data Protection by Design and by Default

This is a fundamental concept that underlies the GDPR and requirements within it; this approach should be embedded throughout the whole organisation. This guide expands on the requirements and presents ways of achieving compliance.

book cover

Data Protection Officers

Under the GDPR, public authorities are required to appoint a Data Protection Officer (DPO), to provide advice, support and guidance to the data controller and others in respect of all aspects of processing personal data and complying with the GDPR. This guide explains the role and the points to consider when appointing and working with a …

book cover

Controller and Processor Relationships

The GDPR confirms the need for a contractual relationship between these two key roles in data processing. Suggestions about the practical issues involved are included in this guide.

book cover

Legal Foundations

A fundamental requirement, to be established prior to any processing, is that it is lawful. There are several different legal foundations under the GDPR but not all are suitable or relevant for data processing activities within the OPCC. This guide sets out the reasoning behind this, and how to ensure compliance in this respect.

book cover

Providing Information to Data Subjects

The strengthening of individuals’ rights is a key element of the GDPR, as well as the obligations of the data controller. this requirement combines both. This guide sets out what information should be provided and examines practical ways of doing this. Guidance on privacy notices is included.

book cover

Transparency

Flowing from and linked to several other obligations and principles, transparency is emphasised in the GDPR. This guide explains what is incorporated in this key principle.

book cover

Accountability

Demonstrating compliance with the GDPR as well as making and maintaining records relating to every aspect of data processing is an important element of the principle of accountability. This guide explains the layers of compliance and what they entail.

book cover

Breach Notifications

In the event of a data breach, the GDPR sets out strict requirements in relation to reporting and response. Other important considerations should be incorporated; the guide sets those out clearly, with suggestions for practical measures to be carried out.

Upcoming