As data protection practitioners we might be accused of not paying enough attention to information assets. Our role is to protect personal data and in doing so we tend to focus only on personal data activities and non-personal data becomes the realm of the wider data governance function. Consider this; our record of processing activities […]

Data protection by design and by default is a concept that should now be widely adopted across Europe, but I wonder if it is.  The problem with data protection by design and by default is that in many cases in means that the organisation operating model has to change, and when an operating model changes, […]

Compliance with data protection regulations in the EU is framed around a number of guiding principles which lead an organisation to take accountability for the data that is the custodian of.  Accountability requires an organisation to be able to demonstrate how it meets the data protection principles and demonstration invariably means building a body of […]

A data subject access request (DSAR) is one of a number of data subjects rights which allow individuals to obtain a copy of their personal data processed by an organisation. In this article we explore some of the ways that DSAR disrupt business and their normal operations, using real-life examples. We will also provide some […]