Example One – DPIA Pursuant to Article 35(3)(a) GDPR, a Data Protection Impact Assessment is required for this processing activity as it involves a systematic and extensive evaluation of personal aspects relating to natural persons, based on automated processing. The controller relies on legitimate interests under Article 6(1)(f) as the lawful basis. A legitimate interests…
Read more
Many DPOs lack a law degree and those without may also lack basic legal training. It’s not a fault of the DPO as they may have been given the DPO role as a “side-of-the-desk” task alongside their primary role. But a DPO without some basic legal training could cause issues for a Controller or Processor,…
Read more
In this digital age, the lines between the virtual and the real world are increasingly blurring. We’ve all heard tales of a friend who got hacked. Perhaps, you’ve even been a victim yourself? As educators, navigating this digital world is hard enough without having to manage a cyber attack on top! Multi-Factor Authentication (MFA) is…
Read more
The right to access is a fundamental right contained within many data protection regulations globally. In particular the EU and UK General Data Protection Regulations. The right to access can often cause headaches for business. Tens of thousands of Data Subject Access Requests are made every month and sadly, many are not fulfilled properly. Many…
Read more
DID YOU KNOW: We now have a comprehensive DSAR Course – Check it out here: Click to see Course Landing Page Data Subject Access Requests (DSARs) can be onerous at the best of times but there are some situations which send a shudder down the backs of many a Data Protection Officer. The DSAR could…
Read more
Normally around this time of year, I pick a nice Christmas film and write a themed piece to remind the defenders that whilst they are playing the new Call of Duty, hackers from around the world might be playing on their corporate networks. This year is different, there are many people who are struggling this…
Read more
What’s in a company name. Quite a lot. It’s a key part of an organisation’s brand. It’s how customers identify an organisation. A company’s name is sacrosanct! Organisations want their customers to think positively about their name. They want their customers to tell their friends positive things about their experiences with their brand. What organisations…
Read more
Information Classification (IC) is core to an effective security programme. After Asset Management, it’s probably the most important component of an Information Security Management System. For those already certified to the current version of 27001, your old information classification system is likely to need a revamp. The new 27002:2022 control guidelines have been updated to reflect…
Read more
It’s the beginning of the year and some bright spark in the marketing department has an idea for recycling last year’s lead-generating article. Even though none of last year’s predictions actually came true, how about we make some new predictions about what is going to happen in 2022. We can then show how our suite…
Read more
When pitching for consultancy work, many of our clients are [initially] surprised we at Fox Red Risk do not price any of our services based on a daily rate model. It seems the majority of consulting organisations, small and large, price their jobs based on some form of time-based billing. This billing approach may be…
Read more
