This guidance will help you to understand the importance of encryption as an appropriate technical measure to protect the personal data you hold. Whether you are a controller or a processor, encryption is a technique that you can use to protect personal data. The guidance outlines the concept of encryption in the context of the […]
A key principle of the GDPR is that you process personal data securely by means of ‘appropriate technical and organisational measures’ – this is the ‘security principle’. Doing this requires you to consider things like risk analysis, organisational policies, and physical and technical measures. You also have to take into account additional requirements about the security of […]
The EU General Data Protection is finally here, and things like data mapping, data protection impact assessment, consent management, and data subject rights have been on everyone’s minds leading up to its arrival. While these operational requirements are obvious for many companies, some others have flown under the radar.
This code provides good practice advice for those involved in operating CCTV and other surveillance camera devices that view or record individuals, and covers other information that relates to individuals, for example vehicle registration marks captured by ANPR equipment. This code uses the terms ‘surveillance system(s)’, ‘CCTV’ and ‘information’ throughout for ease of reference. Information […]
This code explains how the Data Protection Act 1998 (the DPA) applies to the collection and use of personal data online. It also provides good practice advice for organisations that do business online and are therefore subject to the DPA. The code covers the collection and use of personal data online, whether it is collected […]