What you should include in a Subject Access Request

What you should include in a Subject Access Request

Information to Include in a Subject Access Request You have 30 days to respond to a subject access request and you must also log details for all subject access requests. Don't forget to validate the requestor! Include the following in subject access responses; Identity and contact details of the data controller (and/or the controller’s representative); Contact details of the Data Protection Officer (person with responsibility for data protection matters within your organization); Purpose(s) of the processing and the lawful basis for the processing; Where processing is based on the legitimate interests of the controller or a third party, the legitimate interests of the controller. Any other recipient(s) of the personal data; Where applicable, details of any intended transfers to a third country (non-EU member state) or international organization and details of adequacy decisions and safeguards; The retention period (how long your organization holds onto data) or, if that is not possible, the criteria used to determine the retention period; Their rights; Right of access ...
Read More
Are you ready for a Data Audit?

Are you ready for a Data Audit?

How do you prove that you are compliant with the GDPR? This is a list of probable questions that you will have to answer if your company is audited under the GDPR. If you can answer the following questions with a Yes then you can be reasonably sure that you are compliant in the stated area, where you answer  No then you need to start addressing this area. Fair Obtaining At the time we collect information about individuals are they made aware of the uses of that information? Are people made aware of any disclosures of their data to third parties Have we gained peoples consent for any secondary uses of their personal data, which may not be obvious to them? Can we describe our data collection processes as open, transparent and up-front? Purpose Specification Are we clear about the purpose (or purposes) for which we keep personal information? Are the individuals in our database also clear about this purpose? If we are...
Read More
GDPR Certified! Fraudulent claims of GDPR certification on the rise

GDPR Certified! Fraudulent claims of GDPR certification on the rise

GDPR Certified! Fraudulent claims of GDPR certification on the rise. As the Data Protection Commissioner of Ireland has not currently stated what the criteria for Certification and Accreditation are any Company or Individual claiming to be GDPR certified are making Fraudulent Claims. There is currently no certifications available for the GDPR or accredited certification bodies.   Would you hire a self-proclaimed fraud to guide your business? Would you knowingly hire a Fraud to guide your business? Not only the online courses but the Talks being given around the country by people that claim to be Certified should be taken with a grain of salt. GDPR is not an IT or Legal problem, it is a business problem and should be treated as such. While they may have valid knowledge and be of help the fact that they claim False Credentials really should be taken into account. Government bodies in particular, should pay attention and not set up series of Talks around...
Read More

What is SHH?

SHH (Secure Helping Hand) is a GDPR data management system for SME's and Sole Traders. We walk you through your GDPR project, educating you along the way. Document your data assets. Log and manage your Subject Access Requests Log your Data Breach's Log your DIPA assesments Implement IT security best practice All in a secure dedicated environment....
Read More