Stuart Skelly

Senior Consultant at URM

Stuart is a highly experienced and knowledgeable GRC consultant at URM who has specialised in data protection law for 25 years.  Having previously been a solicitor in private practice including in both England and Scotland (where he qualified), Stuart specialises in GDPR compliance and has worked with a wide range of both public and private sector organisations to help them meet the requirements of the Regulation. His in-house experience has included working as the Data Protection Officer for the Birmingham 2022 Commonwealth Games Organising Committee, where he created the first record of processing activities (ROPA) ever prepared for a Commonwealth Games.  In addition to his in-house data protection roles, Stuart has nearly 5 years of DP consultancy experience to call upon.

Talk DP
Season
1
, Episode
16

Who Needs a ROPA and Why?

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, explains records of processing activities (ROPAs), a key document that almost every organisation must create and maintain in order to comply with the General Data Protection Regulation (GDPR).  Stuart leverages his 25+ years of specialisation in data protection law to discuss:

  • What a ROPA is, which organisations need to have one
  • The advantages of having a ROPA in place and how this can benefit your GDPR compliance efforts
  • Who within an organisation needs to create the ROPA
  • The challenges associated with producing a ROPA and how these can be overcome
  • Whether you should first produce a data flow map before embarking on the ROPA
  • The next steps after the ROPA has been built.
Learn more about this topic
Talk DP
Season
1
, Episode
10

Top Tips for GDPR Compliance

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, Senior Data Protection Consultant at URM, provides some hints and tips on how to achieve and maintain compliance with the General Data Protection Regulation (GDPR), with a particular focus on the key documentation organisations need to have in place to comply.  Stuart leverages over 25 years of experience to discuss:

  • The importance of maintaining documented evidence of your GDPR compliance under the ‘accountability’ principle
  • Some of the key compliance documentation you need to produce, including records of processing activities (RoPAs) data protection impact assessments (DPIAs), privacy notices and personal data retention policies  
  • What information you will need to include in these documents  
  • When these documents are mandatory and whether any organisations are exempt from producing them.
Learn more about this topic
Talk DP
Season
1
, Episode
6

Fines Imposed by the ICO in 2023

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, provides a break down and analysis of the enforcement actions delivered since the beginning of 2023 by the Information Commissioner’s Office (ICO), the UK’s privacy regulator, to highlight emerging trends and lessons that can be learned from how the ICO enforces data protection legislation such as the UK General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR).  Stuart leverages his 25+ years of specialisation in data protection law to discuss:

  • The differences between the enforcement actions that are available to the ICO, i.e., Enforcement Notices, Reprimands, and Monetary Penalties
  • The ICO’s enforcement activities in 2023 – the amount of fines compared to reprimands, and the sums of money involved
  • The ICO’s enforcement activities in the first half of 2024 and how they compare to the same period in 2023
  • Trends that can be observed in the ICO’s enforcement activities and the ICO’s approach to issuing fines vs. reprimands  
  • How the ICO’s use of monetary penalties compares to its European counterparts.

Learn more about this topic
Talk DP
Season
1
, Episode
2

GDPR Back to Basics

In this episode of InfoSec Insider – Talk DP, Stuart Skelly, a Senior GRC Consultant at URM, takes us ‘back to basics’ with the General Data Protection Regulation (GDPR), breaking down the key data protection concepts and terminology you will need to understand if you want to achieve and maintain compliance with the GDPR.

Learn more about this topic