GDPR Explained

What is GDPR exactly?
The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive​. Previous UK law was based upon this directive.
The EU’s GDPR website says the legislation is designed to “harmonise​” data privacy laws across Europe as well as give greater protection and rights to individuals. Within the GDP​R there are large changes for the public as well as businesses and bodies that handle personal information, which we’ll explain in more detail later.
After more than four years of discussion and negotiation, GDPR was adopted by both the European Parliament and the European Council in April 2016. The underpinning regulation and directive were published at the end of that month.
After publication of GDPR in the EU Official Journal in May 2016, it will come into force on May 25, 2018. The two year preparation period has given businesses and public bodies covered by the regulation to prepare for the changes.
What did GDPR replace?
GDPR applies across the entirety of Europe but each individual country has the ability to make its own small changes. In the UK, the government has created a new Data Protection Act (2018) which replaces the 1998 Data Protection Act.
The new UK Data Protection Act was passed just before GDPR came into force, after spending several months in draft formats and passing its way through the House of Commons and House of Lords. The Data Protection Act 2018 can be found here​.
As the law was passed there were some controversies. It was amended to protect cybersecurity researchers who work to uncover abuses of personal data, after critics said the law could see their research be criminalised. Politicians also attempted to say there should be a second Leveson inquiry into press standards in the UK but this was dropped at the last minute.
Is your company going to be impacted?
In short, yes. Individuals, organisations, and companies that are either ‘controllers’ or ‘processors’​ of personal data will be covered by the GDPR. “If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR,” the ICO says on its website.
Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address… you name it. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.
The definitions are largely the same as those that were previously included in data protection laws. Where GDPR differentiates from current data protection laws is that pseudonymised personal data can fall under the law – if it’s possible that a person could be identified by a pseudonym.​
So, what’s different?
In the full text of GDPR there are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the regulation.
There are eight rights for individuals. These include allowing people to have easier access to the data companies hold about them, a new fines regime and a clear responsibility for organisations to obtain the consent of people they collect information about.
Helen Dixon, the data protection commissioner for Ireland, who has major technology company offices under her jurisdiction, says the new regulation was needed and is a positive move. In the build-up to GDPR, she said startups need to have more awareness of the rules.
“One of the issues with startups is that when they’re going through all the formalities new businesses go through, there’s no data protection hook at that stage,” Dixon said.
Accountability and compliance
Companies covered by the GDPR are accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed.
In recent years, there have been a score of massive data breaches, including millions of Yahoo, LinkedIn, and MySpace account details. Under GDPR, the “destruction, loss, alteration, unauthorised disclosure of, or access to” people’s data has to be reported to a country’s data protection regulator where it could have a detrimental impact on those who it is about. This can include, but isn’t limited to, financial loss, confidentiality breaches, damage to reputation and more. The ICO has to be told about a breach 72 hours after an organisation finds out about it and the people it impacts also need to be told.
For companies that have more than 250 employees, there’s a need to have documentation of why people’s information is being collected and processed, descriptions of the information that’s held, how long it’s being kept for and descriptions of technical security measures in place.
Additionally, companies that have “regular and systematic monitoring” of individuals at a large scale or process a lot of sensitive personal data have to employ a data protection officer (DPO). For many organisations covered by GDPR, this may mean having to hire a new member of staff – although larger businesses and public authorities may already have people in this role. In this job, the person has to report to senior members of staff, monitor compliance with GDPR and be a point of contact for employees and customers. “It means the data protection will be a boardroom issue in a way it hasn’t in the past combined,” Denham says.
There’s also a requirement for businesses to obtain consent to process data in some situations. When an organisation is relying on consent to lawfully use a person’s information they have to clearly explain that consent is being given and there has to be a “positive opt-in”. A blog post from Denham explains there are multiple ways for organisations to process people’s data that doesn’t rely upon consent.
Access to your data
As well putting new obligations on the companies and organisations collecting personal data, the GDPR also gives individuals a lot more power to access the information that’s held about them.
A Subject Access Request (SAR) allows an individual the ability to ask a company or organisation to provide data about them. Previously, these requests cost £10 but GDPR scraps the cost and makes it free to ask for your information. When someone makes a SAR businesses must stump up the information within one month. Everyone will have the right to get confirmation that an organisation has information about them, access to this information and any other supplementary information. As Dixon points out, big technology companies, as well as smaller startups, will have to give users more control over their data.
As well as this the GDPR bolst​ers a person’s rights around automated processing of data. The ICO says individuals “have the right not to be subject to a decision” if it is automatic and it produces a significant effect on a person. Ther​e are certain exceptions but generally people must be provided with an explanation of a decision made about them.
The regulation also gives individuals the power to get their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there’s no legitimate interest, and if it was unlawfully processed.
GDPR fines
One of the biggest, and most talked about, elements of the GDPR has been the ability for regulators to fine businesses that don’t comply with it. If an organisation doesn’t process an individual’s data in the correct way, it can be fined. If it requires and doesn’t have a data protection officer, it can be fined. If there’s a security breach, it can be fined.
In the UK, these monetary penalties will be decided upon by Denham’s office and the GDPR states smaller offences could result in fines of up to €10 million or two per cent of a firm’s global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million or four per cent of a firm’s global turnover (whichever is greater). These are larger than the £500,000 penalty the ICO could previously issue.
Denham says speculation that her office will try to make examples of companies by issuing large business-crippling fines isn’t correct. “We will have the possibility of using larger fines when we are unsuccessful in getting compliance in other ways,” she says. “But we’ve always preferred the carrot to the stick”.
Denham says there is “no intention” for overhauling how her office hands out fines and regulates data protection across the UK. She adds that the ICO prefers to work with organisations to improve their practices and sometimes a “stern letter” can be enough for this to happen.
“Having larger fines is useful but I think fundamentally what I’m saying is it’s scaremongering to suggest that we’re going to be making early examples of organisations that breach the law or that fining a top whack is going to become the norm.” She adds that her office will be more lenient on companies that have shown awareness of the GDPR and tried to implement it, when compared to those that haven’t made any effort.​
What should we do to comply?
The enforcement date for GDPR may have already passed but data protection is an evolving beast. It will never be completely possible for businesses to be fully “GDPR compliant”.
Keeping on top of data can be a tricky thing – especially when businesses are evolving the services that are offered to customers. The ICO’s guide to GDPR sets out all of the different rights and principles of GDPR.
It also has a starter guide, which is available here, that includes advice on steps such as making senior business leaders aware of the regulation, determining which info is held, updating procedures around subject access requests, and what should happen in the event of a data breach. In Ireland, the regulator has also setup a separate website explaining what should change​ within companies.
What if we don’t comply from day one?
Businesses and organisations impacted by GDPR have had two years to get their systems ready. But things don’t always go to plan. It’s likely that many firms wer​e not ready for GDPR. The UK information commissioner has stated she won’t be looking to make examples of companies by issuing large fines when they’re not deserved.
The ICO largely takes a collaborative approach to enforcement. Denham has said her office will look to engage with companies rather than issue them with punishments straight away. Companies who have shown awareness and taken steps to comply with GDPR are likely to be treated better than those who haven’t done any work around it.
Looking for more?
We don’t claim to have all the answers. In between a lot of GDPR hype there has also been some incredibly useful resources that have been published on the regulation. Here’s where to go if you’re looking for more in-depth reading:
– The full regulation. It’s 88 pages long and has 99 articles.
– The ICO’s guide to GDPR is essential for both consumers and those working within businesses.
EU GDPR is full with information on the regulation. It details all you need to know and has a handy countdown clock for when GDPR will come into force.
– The EU’s Article 29 data protection​ group is publishing guidelines on data breach notifications, transparency, and subject access requests.


A little while back we posted on the AvePoint Cloud Backup offering, found here. I just wanted to provide a little update to show how the solution has come along since then. AvePoint now offer the backups for the following Office 365 products at the time of this article;


So in the last few months, Project Online and Public Folders have been added. The expectancy is Microsoft Teams will be added around March 2018. There are some small features that have been added as well, such as backup scheduling and an improved navigation quick launch.

Dynamics 365 Backup is also currently in Internal Preview mode, I will provide an update on that soon!

Migrate File Share Metadata into MMS

A customer request came in recently; they wanted to get their file share content and associated metadata into the Document Library and the Term Store / Managed Metadata Service (MMS). Below are some very high level steps using the excellent AvePoint DocAve 6 software to achieve this.

The steps demonstrate migrating from a file share to SharePoint Online, but this could be an on premise installation as well.

First of all, a document library needs to be created so file share content can be migrated. In this case the document library is called ‘Migration Library’ and is shown below;


In the term store for the site collection, ensure a term set is available. In this case it is called ‘Migrated Terms’ and sits under the site collection;


Back in the document library, ensure a ‘Managed Metadata’ column is available. In this case the column is called ‘Keywords’ as shown here;


For the column’s term set settings, select the relevant term set – in this case ‘Migrated Terms’ as previously shown;


Within DocAve, select the items in source (file share) for migration, and then the destination area (document library);


Next, create a profile (no exact settings needed here – nice to mention that folder names can be collapsed and the source path can be kept in a column);


Within the save as Plan screen enter a name, select the profile just created;


Important: Select ‘Configure the metadata file myself’ as shown below;


Important: Enter the managed metadata column name added to the document library, in this case ‘Keywords’ (ensure correct type is selected);


You can select to use the ; sign to allow multiple values;


Select to ‘Save and Generate Excel’ in the bottom right area;


This will create an excel file in the file share location;


Opening the Excel file, you can edit the Keywords column. Save this when done and ensure the Excel .xls file is copied back to server, if it was copied from the server for editing – just replace existing file;

Example below of multiple values per cell using ; separation on cell U22


From the Plan Manager screen, select ‘Edit’ for the plan created earlier (as its associated to the generated / edited Excel file);


Select ‘Settings’ and from the Metadata Source section in the ribbon, and select ‘Use the existing metadata file’ (this uses the excel file that has been edited);


Select ‘Save and Run Now’ as shown below;


Go for the default options on the pop up;


Wait for the migration to complete;


The list now contains the content and metadata as shown here;


The term set is now populated as well;


AvePoint Cloud Backup

AvePoint have released their new SaaS based Cloud Backup solution, which really builds upon and improves the standard Microsoft offering. Here are some key benefits:


  • Near-zero configuration for daily backup plans.
  • Target of protection up to 4 daily backups (or every 6 hours)*.
  • Protection for all Office 365 content including: Exchange Online, SharePoint Online, OneDrive for Business, and Office 365 Groups.
  • Built-in or customizable business rules and filters.
  • Store backups in our zone-redundant Azure storage with minimal configuration.
  • Store backups in your cloud or data center of choice with support for Microsoft Azure, Amazon S3, Dropbox, and any data destination accessible via Secure File Transfer Protocol (SFTP) and File Transfer Protocol (FTP).
  • View and manage the protection status of all Office 365 assets through a single reporting interface.


  • On-demand, granular recovery of all Office 365 content – including mailboxes, conversations, calendars, files, and Groups – to the online or offline storage of your choice while maintaining all metadata and permissions.
  • Restore content and conversations to mailboxes, Groups, or sites – not just its original home.
  • Restore content directly to file systems or export mail conversations as a Personal Storage Table (.pst) file.
  • Recover quickly with time-based restores using a simple and intuitive calendar interface, or search for business-critical files or emails using full-text search for rapid discovery.

The solution is really clear and easy to use, and my experience so far has been fantastic. I love the peace of mind it brings, and the fact I can jump in and use it even if I had never seen the solution before – it’s so descriptive and well set out – I can simply dive straight in and backup / restore all of the Office 365 suite.

Here are some screenshots;

Main Screen – Simple tiles showing the status of each backup. Anything backed up, backing up, not backed up, or with problems is clearly displayed;

Restore Tiles – Very easy, simply select what you want to restore, followed by the backup job;

Activity Reports – Easily access reports to see what actions have been taken out, and who performed them. Any issues are highlighted as well

Settings – Easily configure notifications (finished, finished with exceptions and failed), Backup Settings and Mappings;

For more information and a quick tour, please feel free to contact me.

SP Site Templates – What is what?!

Microsoft SharePoint comes with different site templates to choose from when creating a new site. It can be a little tricky to know what is what.

I would recommend testing each as a learning exercise, however below are some high level descriptions about the templates to help people along.


Team Site (Collaboration Site Template)

Use the Team site to quickly create, organize, and share information for your team or project. The site includes: libraries and lists for:

  • Shared documents
  • Announcements
  • Calendars
  • Links
  • Tasks
  • Discussion Board

The Team site can be used as a single environment to create, organize, and share content. For example, use the Announcements list to broadcast key information, new tools, or resources to team members. Use the Calendar to share scheduling information, like team events, deadlines, or vacations. You might also try the Links list to help your team connect with partner sites or find key information for their jobs.

Blog Site (Collaboration Site Template)

Use the Blog site to quickly announce company announcements, or post ideas, observations, and expertise within your team or organization. The site contains Posts, Comments, and Links. Blog tools help you approve or reject draft posts, and edit or delete old posts. You can even receive alerts when the blog is updated.

To help users locate content that interests them, you can assign posts you create to one or more categories. Blog sites allow you to comment on posts, which is a great way to keep your readers engaged.

Project Site (Collaboration Site Template)

The Project site template provides an easy way to manage projects. The site has similar collaborative features as the Team site, and includes a Projects Summary web part that is connected to the default Task list. Items added to the Task list are automatically displayed in the Project Summary.

Other advantages to using the Project site:Visual timeline of the project’s tasks.

  • Project task schedule.
  • Library for storing relevant project documents.
  • Notebook for quickly capturing and organizing information about the project.
  • Shared calendar for team events.
  • Ability to connect to Project Professional, Project Server 2016, or Project Online.

Community Site (Collaboration Site Template)

Use the Community site as a place where members can discuss topics they have in common.

Community sites offer several benefits over email, instant messaging, or other communication methods, including:

  • Availability of all site content to all members of the community.
  • Full retention of discussion history in compliance with corporate guidelines.
  • Built-in search so members can search all community posts.
  • Categorization of content to improve discoverability and simplify maintenance.
  • Site maintenance using SharePoint lists, which allow you to take advantage of the governance, records management, and workflow integration features of SharePoint.

Document Center Site (Enterprise Site Template)

Use the Document Center site template to manage large numbers of documents. You can use a Document Center site as an authoring environment or a content archive.

In an authoring environment, users frequently check files in and out and create folder structures for those files. You can use versioning to keep ten or more earlier versions of each document. You can also use workflows to control document life cycles.

There is no authoring of documents in a content archive. Users only view or upload documents. In a Document Center site you can create a type of archive called knowledge base archives. Typically, knowledge bases contain single versions of documents, and a site can potentially contain up to 10 million files.

Records Center Site (Enterprise Site Template)

Use the Records Center site to organize, store, and manage records such as legal or financial documents. The Records Center supports the entire records management process, from records collection through records management to records disposition.

Versioning, auditing, metadata management, eDiscovery, and customizable record routing are built-in features that can help you manage records more effectively.

Business Intelligence (BI) Center Site (Enterprise Site Template)

Use a BI site to store, manage, share, and view business reports, scorecards, and dashboards. A BI Center site has certain characteristics that set it apart from other kinds of sites that include pre-built lists and libraries designed specifically for BI content, access to PerformancePoint Services content (for on premises customers), sample files, and links to helpful information about BI tools.

Search Center (Enterprise or Basic) Site (Enterprise Site Template)

Use the Search Center site to provide a way for users to search the site and view search results. A Search Center site is the top-level site of a site collection that a farm administrator creates by using the Enterprise Search Center template.

When you create a Search Center site a default search home page and default search results page are created. Also, pages known as search verticals are created that can be customized for searching specific content, such as people, conversations, and videos. These pages display search results that are filtered and formatted for a specific content type or class.

Publishing Site (Publishing Site Template)

Use Publishing site to create enterprise intranets, communication portals, and, in SharePoint Server, public websites. In SharePoint Server, they can also be used to expand your website and quickly publish web pages. Contributors can work on draft versions of pages and publish them to make them visible to readers.

Publishing sites have unique features that simplify webpage authoring, approving, and publishing processes. These features are enabled automatically when you create a publishing site and include:

  • Page layouts
  • Column types
  • Web parts
  • Lists
  • Document and image libraries for storing web publishing assets.

Publishing Site with Workflow (Publishing Site Template)

Use the Publishing site with workflow to publish web pages on a schedule by using approval workflows. It includes document and image libraries for storing web publishing assets. By default, only sites with this template can be created under this site.

A publishing approval workflow automates the routing of content for review and approval. Publishing of new and updated web pages is tightly controlled. No new content can be published until it has been approved by every approver in the workflow.

Enterprise Wiki (Publishing Site Template)

An Enterprise wiki is a publishing site for sharing and updating large volumes of information across an enterprise. If your organization needs a large, centralized knowledge repository that is designed to both store and share information on an enterprise-wide scale, consider using an Enterprise wiki.

An Enterprise wiki is often a repository for an organization’s knowledge, which otherwise might not be saved for future use. You can use an Enterprise wiki to promote informal learning and share tips with other users, which can reduce the need for formal training or continuous IT support.

Getting Started with Microsoft Teams

Microsoft Teams has been around a short while now, and there still seems to be a lot of confusion as to what it is, and where to start. As with all things, it is worth trying out in a testing tenant if available, but ultimately it is very easy to get started from scratch. This short blog post covers what you might discover when first exploring Microsoft Teams, and some key points.

Bring your team together
Create a collaborative workspace for your team and let anybody join, or keep it private. Use channels to organise activity by topic, area, or anything else.

Chat 1:1 and with groups
Outside of open team conversations, chat privately and share files and notes with anyone in your organisation.

Connect with online meetings
Schedule meetings with your team or start something impromptu. Built-in video and screen sharing bring everybody closer together.

Files, notes, apps, and more, all in one place
All your team’s tools are organised and integrated together. Get the best of Office 365 and other services via custom tabs, connectors, and bots.

Here are some steps to get started;

  1. Navigate to and use your Office 365 credentials to log in
  2. On your first visit, you should be presented with a prompt to create your team as shown here. If you are an owner of an existing Office 365 Group, you can join your new team to it (not shown below)


Be aware that if you create a team without joining it to a group, but a group exists with a similar name, you run the risk of a double group scenario (e.g. In this case we are creating an IT Team without joining to a group, but if a IT group exists, we will end up with 2 similar groups, so some manual deletion of the new team and group maybe required, followed by recreating and joining to the existing group as it may have data in it)

  1. Next you will want to decide who should be in your team. You do not have to enter data here just yet, just click skip if you are not sure


  1. Congratulations you already have your first team setup. In this case, it is called ‘IT’ and under it sits a channel called ‘General’


  1. Selecting the team name ellipses will present the following options
    • View team – This will display team members in the team
    • Add channel – Channels are key to organizing team collaboration. Name them by discussion topic, project, role, location, or for fun, so conversations and content are easy to find by everyone in the team
    • Add members – Add new members to the team
    • Leave the team – If you not longer want to be part of the team you can leave. If you are the last owner of group, you need to assign another in order to leave
    • Edit team – This is the same as the first page you completed to setup the group. You can adjust the Team name, Description and Privacy (Private or Public)
    • Get link to team – Generates a link so people can access it easily
    • Delete the team – Deletes the team
  2. Other areas of interest will include the short cuts on the left hand side
    • Activity – You will see mentions, replies and other notifications here
    • Chat – Within chat you can have private conversations, or video call with an individual or a group
    • Teams – discussed above
    • Meetings – Meetings will display any entries, such as outlook calendar meetings
    • Files – Easy access to active files from all of your teams including OneDrive

Here is a useful graphic with considerations before rolling out (taken from AvePoint UK);

That concludes this very high level introduction to getting Microsoft Teams setup and some considerations to make. I will provide more articles in the near future.

Actual Hours and Task Types in MS Project

Hi All

Just thought I would put a quick post up showing what impact changing actual hours has against each of the three task types. The three task types available are;

  • Fixed Units (Default)
  • Fixed Duration
  • Fixed Work

Before we continue, learn the formula for task types;

Duration x Units = Work.

One of these types has to be fixed. Depending on which type is fixed, will mean different things happening to your tasks (e.g. duration, dates etc) when actuals are applied.

Here is some examples of what will happen.

Schedule Used
The schedule used for this post has three tasks, each using the different task type available. Other than the task type and resource name applied, they are identical. I have set relevant columns, and colour coded them for easier viewing;

Scenario 1
Below shows 8hrs of actual work performed, across each planned day. The exact planned work, has been carried out;
ActualHoursAndTaskTypes-Img2-8hours each day

As you can see in the plan below, everything lines up in the columns. Planned, Baseline and Actuals, for all three people;
ActualHoursAndTaskTypes-Img3-8hours each day

Scenario 2
Below shows 4hrs actual work per day instead of 8hrs planned, for 4 of the 5 days. (16hrs);

  • Fixed Duration: 4hrs Mon – Thu builds up the work for Friday to 24hrs
  • Fixed Unit: 4hrs Mon – Thu means the following Monday and Tuesday have work
  • Fixed Work: Same as Fixed Unit

ActualHoursAndTaskTypes-Img4-4hours 4 days

ActualHoursAndTaskTypes-Img5-4hours 4 days

Scenario 3
Below shows 4hrs of actual work for all 5 days (20hrs instead of the planned 40hrs);

  • Fixed Duration: 4hrs Mon – Fri means the following Mon – Wed have work. The duration will have to change in this case.
  • Fixed Unit: 4hrs Mon – Fri means the following Mon – Wed have work
  • Fixed Work: Same as Fixed Unit in this case

ActualHoursAndTaskTypes-Img6-4hours each day

ActualHoursAndTaskTypes-Img7-4hours each day

Scenario 4
Below shows 12hrs actual work per day instead of 8hrs planned, for 2 of the 5 days. (24hrs)

  • Fixed Duration: 12hrs Mon – Tue means the work is reduced for each remaining day, but duration remains the same (The finish date does not change)
  • Fixed Unit: 12hrs Mon – Tue means the work is reduced for each remaining day, and the finish date is now sooner as the duration is reduced
  • Fixed Work: Same as Fixed Unit in this case

ActualHoursAndTaskTypes-Img8-12hours 2 days

ActualHoursAndTaskTypes-Img9-12hours 2 days

That shows some examples, and at least gives you some idea about things that may change! There are other scenarios as well, it is worth practising before planning and fully understanding the mechanics of the tool.

« Older Entries