9ine Consulting Blog

The ICO DPIA Guidance

The ICO DPIA Guidance

The Information Commissioner's Office (the UK data protection supervisory authority) has this week published guidance on the completion of data protection impact assessments (DPIAs). The guidance is nothing new, it summarises the Article 29 Working ...
The ICO Regulatory Action Policy

The ICO Regulatory Action Policy

The Information Commissioner's Office (the UK data protection supervisory authority) last week published its Regulatory Action Policy. The policy has been created to provide direction and focus for those they regulate, specifically the action that ...
The outsourcing of your DPO in full: A scandal in the making

The outsourcing of your DPO in full: A scandal in the making

The GDPR makes it a requirement for all public authorities (state funded schools) to have a designated Data Protection Officer (DPO). All other types of school need to document and undertake an internal analysis to determine whether or not a DPO is ...
Breach notification under the GDPR

Breach notification under the GDPR

The recent revised and adopted guidelines on Personal data breach notification under the GDPR have been published. These guidelines set out examples of what a personal data breach is and the actions that are expected of data controllers and ...
The DPO and managing your Data Protection obligations

The DPO and managing your Data Protection obligations

There is confusion in regard to the appoint of a Data Protection Officer (DPO), their responsibilities, the Data Controller's responsibility to the DPO, and also whether those obligations dissipate if a DPO isn't legally required. This article ...
GDPR in Education: In depth guidance & support for compliance

GDPR in Education: In depth guidance & support for compliance

In preparation for the GDPR, organisations need to take certain steps to demonstrate they are taking the regulation seriously. In supporting education organisations, we have taken the guidance from the UK Supervisory Authority* and adapted it for ...
Cyber Security Governance – Central to the GDPR

Cyber Security Governance – Central to the GDPR

When a data breach occurs, organisations must demonstrate to its supervisory authority the mechanisms they have in place to manage the GDPR. In the UK, the authority is the ICO. 
GDPR in schools and your data protection officer (DPO)

GDPR in schools and your data protection officer (DPO)

The majority of schools will need to appoint or reaffirm the appointment of a data protection officer (DPO) to comply with the General Data Protection Regulation (GDPR). In this blog - the fifth in our comprehensive GDPR series – we explore the role ...
GDPR in Schools: Five practical suggestions for compliance [Guide]

GDPR in Schools: Five practical suggestions for compliance [Guide]

The GDPR is a complex subject. Not only does it contain 99 interlinked articles. To understand just one of your obligations, you often have to read multiple articles and review guidance on the ICO website.
Getting ready for the GDPR - Where should schools start?

Getting ready for the GDPR - Where should schools start?

As followers of our GDPR series will already be aware, compliance with GDPR is mandatory. (For an introductory overview, read our first GDPR article.) However, preparation takes time and is likely to be disruptive.

Subscribe to email updates

TWEET US @9ineConsulting

Awards & Accreditations