For data protection practitioners
  For marketers
  Archive
  For data protection practitioners
White paper | Step by step

Free white paper | Data Loss Identification and Prevention

An organisation’s database is a valuable asset and should be treated as such, with specific attention paid to the risk of data being stolen or lost. In addition to normal data protection and information security practices, you should be aware of the many threats to data security, and the implications of data loss and how to prevent it.

Download our white paper to read about why your data is so valuable, how internal training on data value and reviewing suppliers can help, and our top 12 tips on what you can do to protect your data.

Download now

White paper | Step by step

Free guide | The Ultimate Guide to the New DPDI Bill

Written by in-house data protection Louise Brooks, this guide explains all you need to know about the new data protection bill currently in parliament. It is the second version of the Bill, introduced in March 2023.

Download to find out:

  • What is the DPDI bill?
  • How does a bill become law in the UK?
  • Where is it in the parliamentary process?
  • A summary of the changes most likely to affect our customers and what affect they will have
  • Our opinion on the bill

Download now

Free PDF download | Cookie Compliance Checklist

Free Brochure | Supporting Large Businesses with Data Protection

Aim higher than compliance. Build customer trust.

After more than 20 years in data protection, we understand the challenges our large-business customers face. We develop our services to support you through those challenges.

Read our brochure to find out how we can best support your business to not only maintain data protection compliance but also build customer trust through best-practice data protection.

Depending on your cookie preferences, our forms may not display properly. If you have any issues downloading our resources, please email sales@dqmgrc.com and we will gladly send you a copy.

Download now

Green paper | Privacy by Design – Step by step

Green paper | Privacy by Design – Step by step

This paper discusses:

  • What privacy by design is;
  • The seven foundational principles of privacy by design; and
  • An eight-step approach to implementing privacy by design.

Download now

Green paper | Privacy by Design – Step by step

Free PDF download | Embedding Privacy by Design in your Organisation’s Culture

Discover the requirements for privacy by design in UK law, and how to implement privacy by design while overcoming its challenges.

Download now

Free guide | How to Conduct a DPIA

Free guide | How to Conduct a DPIA

In this guide, we explain when you need to conduct a DPIA (data protection impact assessment), why they are necessary and take you through a step-by-step guide to conducting one.

Download now

Green paper | Reviewing Data Protection Policies and Procedures – Guidance for practitioners

Green paper | Reviewing Data Protection Policies and Procedures – Guidance for practitioners

Organisations of all sizes rely on data protection policies and procedures to conduct data processing operations in a consistent and effective manner. All too often, however, these critical documents do not evolve with the business, eventually becoming a source of risk.

Read this paper to understand:

  • Why it is important to periodically review data protection policies and procedures;
  • How to conduct effective reviews; and
  • How to effectively plan changes.

Download now

Free PDF download | A Quick Guide on How to Prevent Data Theft

Free PDF download | A Quick Guide on How to Prevent Data Theft

An organisation’s database is a valuable asset and protecting it from theft is essential. Our “A Quick Guide on How to Prevent Data Theft” is a succinct explanation of how data seeding can help prevent data theft and track the data’s use should it be stolen.

Download now

Flash briefing | 20 minutes on how to handle a data breach

Flash briefing | 20 minutes on how to handle a data breach

Delivered by:

  • John Potts, Operations Director, GRCI Law
  • Cliff Martin, Cyber Incident Responder, IT Governance
  • Martin Fletcher, Consultant, DQM GRC

According to Mimecast’s State of Email Security 2020 since the pandemic began, phishing attacks have increased in 63% of organisations. In addition, Verizon's 2021 Data Breach Investigations Report found that 36% of data breaches involved phishing, and 85% of breaches involved a human element.

With organisations at risk now more than ever, this flash briefing outlines the steps to take following a data breach in order to minimise losses and protect your organisation’s reputation, as well as comply with relevant data protection legislation such as the GDPR.

Our privacy and cyber incident response experts discuss:

  • Examples of what constitutes a data breach regarding UK and EU residents’ data under the GDPR;
  • What steps you should take following the discovery of a data breach, including engaging our cyber incident response team; and
  • What help is available and how you can mitigate the effects of a future breach if you act now.

Download now

What you need to know about cookies

Free download | What you need to know about cookies

Cookies are small files that collect information about you when you visit a website. There are certain laws around the use of cookies, such as requiring consent to drop certain types of cookies. Our free infographic gives you a basic overview of the different types of cookies, helping you better understand how using or accepting cookies may affect you.

Does your website use cookies? Our GDPR Cookie Compliance Service can help ensure your organisation’s use of cookies complies with the law.

Find out more about the GDPR Cookie Compliance Service

Download now

Free PDF download | Cookie Compliance Checklist

Free PDF download | Cookie Compliance Checklist

The way UK organisations collect and use cookies is regulated by the GDPR (General Data Protection Regulation) and the PECR (Privacy and Electronic Communications Regulations). You can make sure your organisation meets its data protection and privacy requirements with respect to cookies by following our checklist.

It provides guidance on:

  • Which laws apply;
  • Assessing what cookies you have in place;
  • Cookie banners;
  • What should be in your cookie policy; and
  • What to do if you need more help.

Download now

White paper | Step by step

White paper | Step by step

In this paper, we cover:

  • An introduction to the GDPR, how it stands post-Brexit, and a summary of its impact on UK business;
  • The nine pillar plan – DQM GRC’s way of examining an organisation’s GDPR compliance position and creating a plan to improve it; and
  • How creating a GDPR ‘readiness pack’ could improve your likelihood of winning future business.

Download now

Free PDF download | What you need to know about supply chain assessments

Free PDF download | What you need to know about supply chain assessments

Organisations often suffer because of vulnerabilities in their supply chains.

In this infographic, we take a look at:

  • Why you need to manage supply chains;
  • How to assess your supply chain;
  • The state of supply chain attacks; and
  • How you can get guidance on your supply chain audit.

Download now

  For marketers
White paper | Step by step

Free white paper | Data Loss Identification and Prevention

An organisation’s database is a valuable asset and should be treated as such, with specific attention paid to the risk of data being stolen or lost. In addition to normal data protection and information security practices, you should be aware of the many threats to data security, and the implications of data loss and how to prevent it.

Download our white paper to read about why your data is so valuable, how internal training on data value and reviewing suppliers can help, and our top 12 tips on what you can do to protect your data.

Download now

Free guide | GDPR and PECR – A guide for marketers

Free guide | GDPR and PECR – A guide for marketers

When it comes to data privacy in the UK, marketers should be vigilant about the requirements of key legislation – notably the GDPR (General Data Protection Regulation), DPA (Data Protection Act) 2018 and PECR (Privacy and Electronic Communications Regulations). This free paper explains what you need to do to ensure your marketing activities are lawful.

Discover:

  • The key requirements of privacy laws in relation to marketing;
  • How to determine whether you are permitted to rely on the soft opt-in, or whether you must obtain consent; and
  • Best practice for using cookies and other tracking technologies.

Download now

Free download | What you need to know about cookies

Free download | What you need to know about cookies

Cookies are small files that collect information about you when you visit a website. There are certain laws around the use of cookies, such as requiring consent to drop certain types of cookies. Our free infographic gives you a basic overview of the different types of cookies, helping you better understand how using or accepting cookies may affect you.

Does your website use cookies? Our GDPR Cookie Compliance Service can help ensure your organisation’s use of cookies complies with the law.

Find out more about the GDPR Cookie Compliance Service

Download now

Free PDF download | Cookie Compliance Checklist

Free PDF download | Cookie Compliance Checklist

The way UK organisations collect and use cookies is regulated by the GDPR (General Data Protection Regulation) and the PECR (Privacy and Electronic Communications Regulations). You can make sure your organisation meets its data protection and privacy requirements with respect to cookies by following our checklist.

It provides guidance on:

  • Which laws apply;
  • Assessing what cookies you have in place;
  • Cookie banners;
  • What should be in your cookie policy; and
  • What to do if you need more help.

Download now

Free PDF download | A Quick Guide on How to Prevent Data Theft

Free PDF download | A Quick Guide on How to Prevent Data Theft

An organisation’s database is a valuable asset and protecting it from theft is essential. Our “A Quick Guide on How to Prevent Data Theft” is a succinct explanation of how data seeding can help prevent data theft and track the data’s use should it be stolen.

Download now

  Archive
Free PDF download | ICO review into data broking practices | Summary for data brokers

Free PDF download | ICO review into data broking practices | Summary for data brokers

In October 2020, the ICO (Information Commissioner’s Office) released a report detailing multiple GDPR (General Data Protection Regulation) failings by CRAs (credit reference agencies).

In this guide, we explain the ICO’s key findings and detail the practical implications for organisations in the data broking industry, many of which source data from the CRAs.

The guide covers the following:

  • An overview of the investigation.
  • Our interpretation, and the potential impact on data brokers, of the ICO’s six key findings:
    • Transparency
    • Article 14
    • Purpose limitation
    • Consent
    • Legitimate interests
    • Legal basis
  • A summary and advice for data brokers.

Download now

Green paper | Schrems II and the EU–US Privacy Shield – Understanding the impact on UK organisations

Green paper | Schrems II and the EU–US Privacy Shield – Understanding the impact on UK organisations

The Schrems II ruling in July 2020 had a significant impact on transfers of EU personal data to the US and other third countries. Organisations that make such transfers should review them to ensure that they are still lawful, and to implement any changes necessary to remain compliant.

Read this paper to discover:

  • What the Schrems II ruling is, and how it affects international transfers of personal data under the GDPR (General Data Protection Regulation);
  • The impact of the ruling on UK organisations;
  • How to evaluate data transfers to ensure compliance with the GDPR; and
  • Practical alternatives for affected transfers.

Download now

Brexit and Schrems II: practical implications for UK-EU data transfers

Webinar | Brexit and Schrems II: practical implications for UK-EU data transfers

Presenters:

  • Camilla Winlo, Director of Consulting Services, DQM GRC
  • John Potts, Head of DPO DSAR and Breach Support, GRCI Law Limited

This webinar was recorded before the UK was awarded an adequacy decision by the EU, allowing data to flow freely from the EU to the UK.

The Schrems II ruling and Brexit mean that UK organisations are required to reconsider the legal basis for the transfer of personal data to and from Europe.

Join our experts on this webinar to learn about the practical implications for UK–EU data transfers in the light of Schrems II and Brexit that your organisation must consider.

Download now

Webinar | EU-US data transfers: the Practical Implications of Schrems II

Presenters:

  • Camilla Winlo, Director of Consulting Services, DQM GRC
  • Preston Bukaty, GDPR Consultant, IT Governance USA

In the wake of complaints from the Austrian privacy activist Max Schrems, who argued that the US government’s mass surveillance practices contradict the protections that the EU–US Privacy Shield was supposed to provide for organisations that make transatlantic personal data transfers, the ECJ (European Court of Justice) ruled that the Privacy Shield is no longer valid.

It also ruled that EU SCCs (standard contractual clauses), also known as model clauses, are valid in principle but not always in practice, depending on the circumstances of those data transfers. This also causes problems for EU-based organisations that intend to transfer personal data to and from the US.

Download now