Small businesses and GDPR

Small businesses processing personal data need to review their existing processes and frameworks to incorporate into their practices the new set of GDPR rules.

A Sample Addendum Addressing Article 28 GDPR and Incorporating Standard Contractual Clauses for Controller to Processor Transfers of Personal Data

The International Regulatory Strategy Group, in conjunction with Clifford Chance and DLA Piper, has produced a document to help inform organisations of the requirements arising from the implementation of the EU General Data Protection Regulation (GDPR) in relation to data governance and compliance controls in the supply chain. You can download the document here :   

A useful GDPR resource

Intersoft Consulting has compiled a listing of hyperlinks with various expert contributions and opinions of data protection authorities regarding GDPR “Key issues”. Under the various keywords, you also find a quick link to the Articles of the GDPR as well as to the Recitals which are applicable to the topic.

What is personal data?

The GDPR’s definition of personal data is now much broader than under the DPA 1998. Article 4 GDPR states that “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’)”. It states: “an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to …

What is personal data? Read More »

Rights of the data subject

It is essential for organisations to be aware of the individual’s rights under the GDPR. The controller owns a responsibility to make individuals aware of their rights and ensure that sufficient mechanisms are in place to act on these.

Nymity’s GDPR Toolkit

Nymity offers organisations an excellent approach to Privacy Management with their GDPR compliance toolkit[1]. A set of Privacy Management Activities[2] – technical and organisational measures – were compiled into the Nymity Framework™.  By following the 55 technical and organisational measures here identified, one may be able to produce appropriate evidence to demonstrate GDPR compliance.