Last year I built a cookie check tool that implements a very simple check on whether a website is likely to be compliant with the guidance provided by the Data Protection Commission. (introduced in this blog post). Since then over 500 sites have been added to the survey set and you can see from the trend chart above three has been some improvement in the grades as sites are improved. Some improvement, but still the majority of the sites achieve only a C grade.

As a small business you may not expect many data subject access requests. Your may not collect large amounts of personal data from your customers and only process contact information to supply your products or service. How complex can it be to respond to the (perhaps very rare) data subject access request? The Ask You and a customer have worked on a project with for a period of six months. During this time you collected personal data and correspondence through email, minuted meetings and project documents.

A data controller or data processor is responsible for implementing appropriate technical and operation measures to secure the data for which they are accountable. When these data are stored or processed in a third country (one that is outside the EU/EEA) an international data transfer occurs. The GDPR has specific requirements for international data transfers set out in Chapter V (Articles 44 - 50). In this blog post, I will discuss when an international data transfer occurs, why it might occur in your company and the GDPR controls required to ensure that these transfers are legitimate.

Perhaps you have a “brochure site” and want to upgrade it or are developing your first website and want avail of the online trading voucher grant. The data protection risks of a brochure site are minimal. A brochure site is like a flyer with some details and contact information that you leave in a public place hoping that someone interested in what you have to offer happens by, picks up the flyer and domain you.