Five Tips to keep abreast with GDPR

Five Tips to keep abreast with GDPR

Five Tips to keep abreast with GDPR

blog thumbnail
blog thumbnail
blog thumbnail

Here are 5 key points to consider when thinking about GDPR compliance:

  1. Personal Data – Don’t assume you know what personal data is. We all know that names and contact details are personal data, but keep in mind that combination of sets of data may also be considered personal data. Always go back to the definition to ensure you include all relevant information.


  2. Vendor risk assessment – Do you conduct a supplier risk assessment? You need to understand how your supplier processes personal data. Make sure you grasp the extent of security controls your vendor has in place and find out when these were last tested, updated or even implemented. Understand what access your supplier will have to your systems and personal data. Make sure these are controlled. Remember the Solarwinds attack (December 2021) and more recently the NHS data breach (June 2024), and keep your supply chain under close supervision.


  3. Data Protection Impact Assessment (DPIA) – The DPIA tells the story of a company’s attitude to data protection and privacy. You will need to delve into the details and expand on your understanding of what personal data is processed and how, understand whether there are controls in place for each processing activity and what the risks are in practice. Ask the difficult questions no one wants to address and be sure to complete a DPIA for any kind of automated decision making, use of AI algorithm and facial recognition data processing activity. 


  4. Records of Processing Activities (ROPA) – Completing ROPAs are not particularly illuminating but the reality is that they are mandatory. The upside is if you analyse all the processing activities listed and which teams use each type of data, with a bit of data analytics (subject to your lawful basis of processing) you start to identify ways to monetise the data being processed. 


  5. GDPR Audit -  when was the last time you had your data protection compliance audited, if at all. It’s time to check whether all the effort you put into GDPR compliance is paying off. Conduct a GDPR audit and prioritise your key areas of improvement. You may not be 100% compliant but make the effort to keep up with regulatory requirements.



If you would like further information on the above or wish to discuss other data privacy matters, you can contact us at inform@taceo.co.uk 

Here are 5 key points to consider when thinking about GDPR compliance:

  1. Personal Data – Don’t assume you know what personal data is. We all know that names and contact details are personal data, but keep in mind that combination of sets of data may also be considered personal data. Always go back to the definition to ensure you include all relevant information.


  2. Vendor risk assessment – Do you conduct a supplier risk assessment? You need to understand how your supplier processes personal data. Make sure you grasp the extent of security controls your vendor has in place and find out when these were last tested, updated or even implemented. Understand what access your supplier will have to your systems and personal data. Make sure these are controlled. Remember the Solarwinds attack (December 2021) and more recently the NHS data breach (June 2024), and keep your supply chain under close supervision.


  3. Data Protection Impact Assessment (DPIA) – The DPIA tells the story of a company’s attitude to data protection and privacy. You will need to delve into the details and expand on your understanding of what personal data is processed and how, understand whether there are controls in place for each processing activity and what the risks are in practice. Ask the difficult questions no one wants to address and be sure to complete a DPIA for any kind of automated decision making, use of AI algorithm and facial recognition data processing activity. 


  4. Records of Processing Activities (ROPA) – Completing ROPAs are not particularly illuminating but the reality is that they are mandatory. The upside is if you analyse all the processing activities listed and which teams use each type of data, with a bit of data analytics (subject to your lawful basis of processing) you start to identify ways to monetise the data being processed. 


  5. GDPR Audit -  when was the last time you had your data protection compliance audited, if at all. It’s time to check whether all the effort you put into GDPR compliance is paying off. Conduct a GDPR audit and prioritise your key areas of improvement. You may not be 100% compliant but make the effort to keep up with regulatory requirements.



If you would like further information on the above or wish to discuss other data privacy matters, you can contact us at inform@taceo.co.uk 

Here are 5 key points to consider when thinking about GDPR compliance:

  1. Personal Data – Don’t assume you know what personal data is. We all know that names and contact details are personal data, but keep in mind that combination of sets of data may also be considered personal data. Always go back to the definition to ensure you include all relevant information.


  2. Vendor risk assessment – Do you conduct a supplier risk assessment? You need to understand how your supplier processes personal data. Make sure you grasp the extent of security controls your vendor has in place and find out when these were last tested, updated or even implemented. Understand what access your supplier will have to your systems and personal data. Make sure these are controlled. Remember the Solarwinds attack (December 2021) and more recently the NHS data breach (June 2024), and keep your supply chain under close supervision.


  3. Data Protection Impact Assessment (DPIA) – The DPIA tells the story of a company’s attitude to data protection and privacy. You will need to delve into the details and expand on your understanding of what personal data is processed and how, understand whether there are controls in place for each processing activity and what the risks are in practice. Ask the difficult questions no one wants to address and be sure to complete a DPIA for any kind of automated decision making, use of AI algorithm and facial recognition data processing activity. 


  4. Records of Processing Activities (ROPA) – Completing ROPAs are not particularly illuminating but the reality is that they are mandatory. The upside is if you analyse all the processing activities listed and which teams use each type of data, with a bit of data analytics (subject to your lawful basis of processing) you start to identify ways to monetise the data being processed. 


  5. GDPR Audit -  when was the last time you had your data protection compliance audited, if at all. It’s time to check whether all the effort you put into GDPR compliance is paying off. Conduct a GDPR audit and prioritise your key areas of improvement. You may not be 100% compliant but make the effort to keep up with regulatory requirements.



If you would like further information on the above or wish to discuss other data privacy matters, you can contact us at inform@taceo.co.uk 

© 2024 Taceo Limited, Riverbank House, 2 Swan Lane, London EC4R 3TT.

Company registration No. 11059214. All rights reserved.

© 2024 Taceo Limited, Riverbank House, 2 Swan Lane, London EC4R 3TT. Company registration No. 11059214. All rights reserved.

© 2024 Taceo Limited, Riverbank House, 2 Swan Lane, London EC4R 3TT.

Company registration No. 11059214. All rights reserved.