Completing a ROPA

Compliance with data protection regulations in the EU is framed around a number of guiding principles which lead an organisation to take accountability for the data that is the custodian of.  Accountability requires an organisation to be able to demonstrate how it meets the data protection principles and demonstration invariably means building a body of […]

Implementing a Personal Data Management System

Data protection by design and by default is a concept that should now be widely adopted across Europe, but I wonder if it is.  The problem with data protection by design and by default is that in many cases in means that the organisation operating model has to change, and when an operating model changes, […]

What has changed in the data protection world?

In the run up to May 2018 the data protection world predicted a shift with statements such as ‘personal must be respected or the fines will come’.  So, what has actually changed since pre-May 2018?  In terms of regulation you might be hard pressed to spot any real tangible and practical impacts of the new […]