Category: DPO Blog

Category: DPO Blog

Schrems II – Putting a Privacy Shield cat amongst the Data Protection Pigeons!
17/07/2020 DPO Blog, Security Advisory Blog EditoratLarge

This is general legal information, nothing in this article should be considered advice. The Court of Justice for the European Union has just this week published its decision on Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (C-311/18) or, as many in the data protection world will better know it as, Schrems II. The

Read More
Risk Management – It’s a bit like a hungry baby!
02/07/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

First things first – I am no parenting expert! Up until very recently, I thought that when a baby cries, they need one of four things…cuddles, feeding, nappy change or medical attention. Now it is still true that when a baby cries they most likely need one [or more] of those things. It is also

Read More
Application Security – Zoom is a Knife Crime!
17/04/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

The news ebbs and flows and so too do people’s attitudes to the world around them. We are all influenced by the media. Take knife crime. In 2019, knife crime was a significant problem in London. So we should ban knives! Knives are dangerous! Knives should not be used under any circumstances. Why are you

Read More
Morrisons NOT vicariously liable for employee data protection breach says UK Supreme Court
01/04/2020 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

Firstly – This is legal information of general interest and does not constitute legal advice of any kind. On April 1, 2020, the UK Supreme Court today handed down their judgement in the case of WM Morrisons Supermarkets plc (Appellant) v Various Claimants (Respondent), case UKSC 2018/0213. The Supreme Court unanimously ruled that Morrisons were not

Read More
Calculating Risk – Where’s your Confidence?!
05/03/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

When helping organisations navigate risk management Fox Red Risk is often faced with the task of determining methods for calculating risk. We prefer to use tried and tested methodologies but what we often find is that organisations, very rarely, are calculating risk properly. A key thing missing from the majority of implementation we see is

Read More
Asset Discovery for Cybersecurity & Data Protection – You can’t protect it if you don’t know it exists!
03/02/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

There is an old management adage that what isn’t measured isn’t managed. It’s so true. Something similar applies to cybersecurity. If you don’t know an asset exists, how on earth can you protect that asset from a cyber-attack or data breach?! Asset Discovery is the number one exercise a new CISO (or Virtual CISO) should

Read More
Processor Contract – How Data Processors can inadvertently become Controllers…and why it matters!
27/01/2020 DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

For those of you who deal with the wonderful document that is a data processor contract. Whether you’re on the Controller side or the Processor side, you will know there are quite a few hoops to jump through. This is because GDPR strengthened the requirements of a Controller-Processor relationship, outlined in Article 28. That said,

Read More
GDPR Subject Access – why verifying ID can be dangerous!
20/01/2020 DPO Blog, Security Advisory Blog EditoratLarge

I wrote a few weeks ago discussing how DSAR volumes may have gone up in your organisation and that it’s probably not simply down to the GDPR Subject Access hurdles being lowered for Data Subjects. Since GDPR came into force in May 2018, Data Subjects now don’t have to pay a fee (in most cases).

Read More
Supply Chain Resilience – Who are your Backup Suppliers?
13/01/2020 CISO Blog, DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

Is your supply chain resilience programme reminiscent of the article image? Aged, poorly maintained, complex, hard-to-untangle. Do you carry out due diligence at the beginning of your engagements? More importantly, do you carry out ongoing governance and oversight? Even more importantly, does supply chain resilience form part of your wider operational resilience strategy or business

Read More
DSAR – Help I can’t cope!!! Our Subject Access Request volumes have gone through the roof!!!!
29/11/2019 DPO Blog, Security Advisory Blog EditoratLarge

I had an online interaction with a vendor who sells Data Subject Access Request (DSAR) automation software recently. During the ‘pitch’ they highlighted that organisations across London, UK have seen a staggering increase in DSARs since GDPR went live. An article in the Yorkshire Evening Post confirms this is not just a London-centric issue. “In

Read More