Free resources

With the threat of security and privacy incidents growing each year, it is essential that organisations identify and manage their data protection risks.

But that isn’t limited to risks within their own systems.

It is equally important to address vulnerabilities within supply chains, because damage to a third party can have significant knock-on effects. You can do that by performing a supply chain audit.

We have created a checklist of activities that a supply chain audit should cover.

Download now

In October 2020, the ICO (Information Commissioner’s Office) released a report detailing multiple GDPR (General Data Protection Regulation) failings by CRAs (credit reference agencies).

In this guide, we explain the ICO’s key findings and detail the practical implications for organisations in the data broking industry, many of which source data from the CRAs.

 Read more

Download now

Delivered by:

• John Potts, Operations Director, GRCI Law
• Cliff Martin, Cyber Incident Responder, IT Governance
• Martin Fletcher, Consultant, DQM GRC

According to Mimecast’s State of Email Security 2020 since the pandemic began, phishing attacks have increased in 63% of organisations. In addition, Verizon’s 2021 Data Breach Investigations Report found that 36% of data breaches involved phishing, and 85% of breaches involved a human element.

 Read more

Download now

Organisations of all sizes rely on data protection policies and procedures to conduct data processing operations in a consistent and effective manner. All too often, however, these critical documents do not evolve with the business, eventually becoming a source of risk.

Read this paper to understand:

• Why it is important to periodically review data protection policies and procedures;
• How to conduct effective reviews; and
• How to effectively plan changes.

Download now

Cookies are small files that collect information about you when you visit a website. There are certain laws around the use of cookies, such as requiring consent to drop certain types of cookies. Our free infographic gives you a basic overview of the different types of cookies, helping you better understand how using or accepting cookies may affect you.

Click the link on the right to download the infographic.

Does your website use cookies? Our GDPR Cookie Compliance Service can help ensure your organisation’s use of cookies complies with the law.

 Find out more about the GDPR Cookie Compliance Service

Download now

The Schrems II ruling in July 2020 had a significant impact on transfers of EU personal data to the US and other third countries. Organisations that make such transfers should review them to ensure that they are still lawful, and to implement any changes necessary to remain compliant.

Read this paper to discover:

• What the Schrems II ruling is, and how it affects international transfers of personal data under the GDPR (General Data Protection Regulation);
• The impact of the ruling on UK organisations;
• How to evaluate data transfers to ensure compliance with the GDPR; and
• Practical alternatives for affected transfers.

Download now

Securing the data supply chain can be a challenge. Under the General Data Protection Regulation (GDPR), data controllers are liable not just for their own compliance, but also for that of third-party processors.

Contracts and questionnaires, while useful components of any due diligence process, are necessarily limited. Auditing third-party processors is the most effective way to ensure ongoing compliance.

Download this paper in order to meet the GDPR’s requirements for third-party risk management and:

• Find out why contracts and questionnaires offer limited assurance.
• Understand the auditing process; and
• Learn what to look for in a third-party audit provider.

Download now

This paper discusses: 

• What privacy by design is; 
• The seven foundational principles of privacy by design; and 
• An eight-step approach to implementing privacy by design. 

Download now

 Presenters:

• Camilla Winlo, Director of Consulting Services, DQM GRC
• John Potts, Head of DPO DSAR and Breach Support, GRCI Law Limited

This webinar was recorded before the UK was awarded an adequacy decision by the EU, allowing data to flow freely from the EU to the UK.

The Schrems II ruling and Brexit mean that UK organisations are required to reconsider the legal basis for the transfer of personal data to and from Europe.

Join our experts on this webinar to learn about the practical implications for UK–EU data transfers in the light of Schrems II and Brexit that your organisation must consider.

 Read more

Download now

 Presenters:

• Camilla Winlo, Director of Consulting Services, DQM GRC
• Preston Bukaty, GDPR Consultant, IT Governance USA

In the wake of complaints from the Austrian privacy activist Max Schrems, who argued that the US government’s mass surveillance practices contradict the protections that the EU–US Privacy Shield was supposed to provide for organisations that make transatlantic personal data transfers, the ECJ (European Court of Justice) ruled that the Privacy Shield is no longer valid.

It also ruled that EU SCCs (standard contractual clauses), also known as model clauses, are valid in principle but not always in practice, depending on the circumstances of those data transfers. This also causes problems for EU-based organisations that intend to transfer personal data to and from the US.

 Read more

Download now