Category: DPO Blog

Cyber Security - Resilience - Data Protection

DSAR Documents

DSAR – Dealing with the Contentious Data Subject Access Request

Data Subject Access Requests (DSARs) can be onerous at the best of times but there are some situations which send a shudder down the backs of many a Data Protection Officer. The DSAR could be from a long-standing customer of many years who has been the victim of fraud. It could come from a parent…
Read more

Christmas Hacking Season

Let’s Avoid a Cost-of-Hacking Crisis this Christmas!

Normally around this time of year, I pick a nice Christmas film and write a themed piece to remind the defenders that whilst they are playing the new Call of Duty, hackers from around the world might be playing on their corporate networks. This year is different, there are many people who are struggling this…
Read more


P&O – What’s in a Name: A Case Study in Brand Risk

What’s in a company name. Quite a lot. It’s a key part of an organisation’s brand. It’s how customers identify an organisation. A company’s name is sacrosanct! Organisations want their customers to think positively about their name. They want their customers to tell their friends positive things about their experiences with their brand. What organisations…
Read more

Coloured Card

ISO 27001:2022 – Information Classification – Is it now time for #ABIC

Information Classification (IC) is core to an effective security programme. After Asset Management, it’s probably the most important component of an Information Security Management System. For those already certified to the current version of 27001, your old information classification system is likely to need a revamp. The new 27002:2022 control guidelines have been updated to reflect…
Read more


2022 – Business Leaders don’t need our security predictions, they need these recommendations!

It’s the beginning of the year and some bright spark in the marketing department has an idea for recycling last year’s lead-generating article. Even though none of last year’s predictions actually came true, how about we make some new predictions about what is going to happen in 2022. We can then show how our suite…
Read more

Calling time on time-based billing – use service-based billing if you want to save £££

When pitching for consultancy work, many of our clients are [initially] surprised we at Fox Red Risk do not price any of our services based on a daily rate model. It seems the majority of consulting organisations, small and large, price their jobs based on some form of time-based billing. This billing approach may be…
Read more


Complexity & Data Subject Access Requests

According to the 2020/21 ICO annual report, around half of the [46% of ~40k] complaints the regulator receives are related to subject access. Fulfilling DSARs is clearly an area where Data Controllers are facing challenges with data subject satisfaction. In a previous article, I wrote about coping with DSAR volumes, suggesting methods to bring such high numbers…
Read more

EU/UK GDPR Lawful Bases – Getting accountability right

Working out the lawful bases for your processing activities can be a challenge. Whilst the ICO has guidance and a useful tool to help organisations determine the lawful bases of processing, the final decision will always rest on the Controller organisation to defend. A Controller thus needs to document their lawful bases properly because if…
Read more


EU has drafted its adequacy decision on the UK…and it seems we’re adequate.

As predicted in an article I wrote earlier this year, the EU are on the cusp of finding the UK’s data protection regime adequate. The draft decision has been published and so you don’t have to read the whole 87 page document I took one for the team and have summarised the bits I thought might be of interest,…
Read more

Brexit Deal and GDPR – Adequacy will follow [shortly]

The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any subject matter So…it’s here! Despite many saying it was not possible, a free trade deal has been done. Whether it’s a good deal or a bad deal for the UK is yet to…
Read more