I am receiving more and more requests from practitioners for help with specialist services: R&D relief, capital allowances, CGT, IHT planning, insolvency and so on. Accordingly, when I launch a new website for Landmark next month, one of the new features will be a partners’ page where firms offering specialist services to other practitioners will… Continue reading Do you offer specialist services?
Comments made recently by the ICO seem to suggest a light touch approach to enforcement of the GDPR following the 25th May deadline. Speculation that is not that helpful, as legally we need to get the work done. Hopefully, being in-process – heading towards compliance – is better than a head-in-the-sand approach. And I am… Continue reading Life after the 25th
For me, this is the most daunting part of the compliance process. Definitely outside my comfort zone. Still work to do here I have to confess that I am unlikely to have this completed for the 25th deadline. I am in conversation with IT support contractors I use and everyone seems to have a different… Continue reading STEP 12 – the Technical and Organisation Security Measures (TOSM)
From a GDPR perspective, data breaches are our worst nightmare. By accessing our systems, hackers and the like gain access to personal data placed in our care; and the consequences can be dire. Read the support notes The two pages in your workbook, 11a and 11b, provide the means to log these breaches, if they… Continue reading STEP 11a and 11b record of data breaches
Action is only required here when you receive a formal request from a data subject for details of the personal data you hold. The Workbook log includes statutory deadlines and maps the way you have dealt with requests. For background on your responsibilities in this area read the Step 10 support notes. Pleased to say… Continue reading STEP 10 – requests from data subjects
This section of the Workbook deals with issues arising from the placement of personal data under your control with 3rd parties. For example, subcontractors and software vendors where your data is held in the cloud. No short cuts here Without confirmation that these 3rd parties are GDPR compliant it would appear that lapses in their… Continue reading STEP 9 – 3rd party contracts
I submitted details of our GDPR workbook, guides and other documentation to the ACCA earlier in the year and I am pleased to report that they have formally agreed to promote the service to ACCA members in practice. Members discount now available If you are an ACCA member, and have not yet registered to use… Continue reading ACCA to promote our GDPR workbook
Step 8 of our workbook records that your staff have read and acknowledged their responsibilities under the GDPR by reading your practice Information Security Policy. What is an Information Security Policy? We have published a guide “Information Security Policy” on our support portal, the Supporting Documents section. The introduction to this document says: This Information… Continue reading STEP 8 – Security Awareness Log
Seems appropriate to post a reminder to my lists today. For those practitioners who have not yet bitten the bullet, and frankly are not sure what they need to do, take a look at the GDPR Workbook and online guides that I have created with GDPR Auditing Ltd. I have prepopulated much of the detail… Continue reading One month to go, are you compliant?
Sheet 7 of the GDPR Workbook covers the gritty subject of consent. It is a checklist recording that you have considered, acted on and reviewed your obligation to seek, obtain and record consent where this is required by the GDPR. For each item listed on the checklist you need to change the status of the… Continue reading STEP 7: Marketing Consent