Corporate groups usually share data, including personal data. The sharing of personal data is regulated under UK and EU data protection law (ie the GDPR and the Data Protection Act 2018), and in many cases sharing will not be lawful without an appropriate framework in place. For SMEs, that framework will usually take the form of an intra-group data sharing agreement.
For this post, I interviewed cyber security expert Emma Osborn of OCSRC Ltd. Emma has recently produced a range of template cyber security documents in collaboration with SEQ Legal (available on Docular and Website Contracts), and in this post we explore the function of these documents in the SME context.
You've quit your job to set up as a consultant; you've got yourself an office, a new laptop and a new suit; best of all, you've shaken hands on your first project. The client asks for your T&Cs, but you have none. What are the options?
Due to popular demand, we have recently introduced a large number of new legal document packs on Website Contracts. The packs are particularly useful if you need lots of documents, or if you need different elements from different documents, if you're not sure exactly which documents you need, or if you just want to save on licence fees.
I’ve been negotiating the legal aspects cloud service contracts for over 15 years. In most negotiations, I represent an SME vendor selling to a corporate customer. In this post, I highlight the principles that inform my approach these negotiations.
The sharing of personal data by businesses and other organisations is, within Europe and to an extent outside Europe, subject to the General Data Protection Regulation (GDPR). If your organisation is sharing personal data with another organisation, you should be thinking about the legal implications of the sharing.
One of the first steps in any effective GDPR compliance program is to establish the extent to which the subject organisation is a data controller with respect to personal data, and the extent to which it is a data processor. This distinction is fundamental.
On 20 February 2018, the UK government published changes to the funding of the ICO. The Information Commissioner’s Office (ICO) is an independent body which oversees compliance with data protection legislation in the UK.
Businesses and other institutions collect and generate vast amounts of data about the individuals with whom they come into contact. Many organisations hold records relating to millions of individuals. Some of this data is highly confidential; and the theft or unauthorised disclosure of even non-confidential this data can cause real damage. Security incidents involving personal data are reported in the media every day.