data protection

Data protection bits

The territorial scope of the GDPR, as applied by the High Court

- Posted in data protection by
1 This week saw what is, I believe, the first English judgment dealing with the territorial scope of the GDPR. This blogpost is a reminder of the rules on "territorial scope", and weaves in the High Read more

Alternatives to using genuine phone numbers, IP addresses, domain names and email addresses in your training and documentation

- Posted in data protection by
If you are preparing training or guidance, showcasing your product or service, or giving code samples, you'll often want example data, such as a phone number, email address, or National Insurance. (I Read more

ICO: data sharing code of practice

- Posted in data protection by
The ICO has released its Code of Practice on Data Sharing, under the GDPR / Data Protection Act 2018. For ease of reference, here's the draft version of the Code, on which the ICO consulted. The Code Read more

The UK/EU Trade and Cooperation Agreement and data protection: what you should do now

- Posted in data protection by
I know it's Christmas. And I know I'm supposed to be on holiday. But I also know that some of you have been planning for, or even just worrying about, what you need to do to prepare for the end of Read more

Privacy policy or privacy notice?

- Posted in data protection by
1 Occasionally I get asked "should I have a privacy policy or a privacy notice?". And the answer is usually "both". If you're not sure what the difference is, or whether you've got the right things Read more

Targeted social media ads: new guidance on doing it lawfully

- Posted in data protection by
1 The European Data Protection Board has published draft guidelines, for feedback, on targeting of social media users. If you use targeting features offered by social media platforms, it's worth Read more

Your record of processing activity: what it is, and why having one will make your life so much easier

- Posted in data protection by
1 I've written before about the key steps you need to take to get your business in order from a GDPR point of view. One of those steps — the record of processing activty — is a key starting Read more

Four things you need to know about the Age Appropriate Design Code

- Posted in data protection by
1 The Information Commissioner's Office has issued a statement about its Age Appropriate Design Code. The statement says: The Age Appropriate Design Code has completed the Parliamentary process and Read more

What is a data protection impact assessment, and when might I need to do one?

- Posted in data protection by
1 You may have spotted in the news that the government has said that it has not done a data protection impact assessment — a DPIA — for part of it coronavirus contact tracing system, even though Read more

Privacy notices in three simple steps

- Posted in data protection by
What is a privacy notice? The data protection framework requires you to give people some key information about who you are, what you are doing with their data, how long you are going to be doing it, Read more