Categories
Tools

Intelligent Campus DPIA Toolkit

I’m pleased to announce the publication of our Intelligent Campus Data Protection Impact Assessment Toolkit. Intelligent Campuses use existing data and new sensors to deliver better places to study, work, live and socialise. But there’s a risk with any use of data or sensors that even the best-intentioned ideas will be misused or misunderstood: as […]

Categories
Tools

GDPR: what’s your justification?

One of the key steps in preparing for the General Data Protection Regulation is to know why you are processing each set of personal data, and which of the six legal justifications applies: consent, contract, legal obligation, vital interest, public interest or legitimate interest. The Regulation significantly tightens the rules on when consent can be […]

Categories
Tools

EDPB on (not) Necessary for Contract

The European Data Protection Board’s (EDPB) latest Guidelines further develop the idea that we should not always expect relationships involving personal data to have a single legal basis. Although the subject of the Guidelines is the legal basis “Necessary for Contract”, much of the text is dedicated to pointing out the other legal bases that […]

Categories
Tools

Revised DPIA cribsheet

Shortly after we did out first Data Protection Impact Assessments, on the Janet Security Operations Centre and the Jisc Learning Analytics Service, the ICO published its DPIA guidance. This contained a few minor additions, which have been added to this new version of our information gathering cribsheet: In section (a) the nature of processing should […]

Categories
Tools

DPIAs: First Attempts

Article 35 of the General Data Protection Regulation introduces a requirement to conduct a formal Data Protection Impact Assessment (DPIA) for any processing that may involve a high risk to individuals. The Article 29 Working Party’s DPIA guidance contains a helpful list of nine factors that may give rise to a high risk. Any activity […]