On 8th February we were extremely pleased to receive a lovely review on Google:

“Wonderful service. I had quite a complex set of privacy policy and terms of use documents. Rob not only kept me up to date but also was able to take me step-by-step through what to put where – which was no mean feat!! Thank you.”



Quote | Posted on by | Tagged

European Commission GDPR guidance

The European Commission has published guidance on the EU data protection rules under the General Data Protection Regulation (GDPR).

The guidance outlines what the European Commission, national data protection authorities and national administrations still need to do to bring preparations for the GDPR to a successful conclusion.

The Commission has also launched a new online tool to raise awareness of the GDPR and help citizens, businesses, in particular SMEs, and other organisations to comply with and benefit from the new data protection rules. European GDPR webpages.

Posted in Crab Insight, Data Protection, Information Risks, Reputation Matters | Tagged ,

Office for Product Safety and Standards

The government has accepted the recommendations of the Working Group on Product Recalls and Safety and set out its plans for implementing them, including the establishment of a new Office for Product Safety and Standards (OPSS).

Priorities for the OPSS will include setting up an incident management capability to respond to national product safety issues and making the government’s product recall web pages more accessible.

The government has also announced that a detailed Code of Practice on product corrective actions (including recalls) will be published in early 2018.

These developments will be of interest to manufacturers and retailers of relevant consumer products, such as white goods, electrical goods, toys, clothes and cosmetics. OPSS webpages.

Posted in Crab Insight, Protecting Reputation, Sales Risks | Tagged

Late payments

The government has launched the Small Business Commissioner (SBC) complaints scheme, giving small businesses (essentially, those with a staff headcount of less than 50) an extra means of holding larger businesses to account if there are problems about getting paid. Typically, a complaint must be brought within 12 months of the issue but this may be extended. Make a complaint.

Posted in Crab Alert, Crab Insight, Protecting Reputation, Reputation Matters | Tagged , ,

Free GDPR guide for charities. 

The Charity Finance Group (CFG) has launched a new free guide for charities on the General Data Protection Regulation ((EU) 2016/679) (GDPR) . The guide aims to help charity trustees, staff and volunteers understand the practical impact that the GDPR will have on their charity and its work. Read the guide.

Posted in Data Protection, Information Risks, Reputation Matters | Tagged , , ,

Charities and safeguarding

The Charity Commission has published a new strategy for dealing with safeguarding issues in charities. It stresses the duty of charity trustees to proactively safeguard and promote the welfare of their charity’s beneficiaries. Get a copy.

Posted in Protecting Reputation, Reputation Matters | Tagged ,

Data Protection Prosecution

The High Court said that Wm Morrisons Supermarkets PLC, was vicariously liable for the deliberate and criminal disclosure by a rogue employee of personal data belonging to co-workers.

(Various claimants v Wm Morrisons Supermarket PLC [2017] EWHC3113 (QB))

Posted in Data Protection, Information Risks, Protecting Reputation | Tagged , , ,

BBC News: UK regulator has ‘huge concerns’ over Uber breach

The UK regulator, the ICO, has ‘huge concerns’ over Uber breach –

Posted in Data Protection, Information Risks, Reputation Matters | Tagged , ,

How long does personal data have to be stored under the data protection law?

The short answer is no longer than necessary.

Personal data will need to be retained for longer in some cases than in others. How long you retain different categories of personal data should be based on individual business needs. A judgement must be made about:

  • the current and future value of the information;
  • the costs, risks and liabilities associated with retaining the information; and
  • the ease or difficulty of making sure it remains accurate and up to date.

There are various legal requirements and professional guidelines about keeping certain kinds of records – such as information needed for income tax and audit purposes, or information on aspects of health and safety. If an organisation keeps personal data to comply with a requirement like this, it will not be considered to have kept the information for longer than necessary.

The CIPD have a great resource regarding HR records which can be found here.

Posted in Crab Insight, Data Protection, Information Risks, What we are being asked about | Tagged , ,

The Data Protection Bill

The UK’s third generation of data protection law has entered Parliament.

The Data Protection Bill was published on 14 September 2017 and aims to modernise data protection laws to ensure they are effective in the years to come. 

The Information Commissioner’s (ICO) website has been updated to include new section about the Data Protection Bill.

This explains the relationship between the Bill and the GDPR, detailing the additional areas the proposed new legislation covers. It also includes links to the ICO’s GDPR and Law Enforcement pages and to a Data Protection Bill fact sheet.

Posted in Crab Alert, Crimson Crab, Data Protection, Information Risks | Tagged , ,