Cyber Security - Resilience - Data Protection
Data Subject Access Requests (DSARs) can be onerous at the best of times but there are some situations which send a shudder down the backs of many a Data Protection Officer. The DSAR could be from a long-standing customer of many years who has been the victim of fraud. It could come from a parent…
Read more
Normally around this time of year, I pick a nice Christmas film and write a themed piece to remind the defenders that whilst they are playing the new Call of Duty, hackers from around the world might be playing on their corporate networks. This year is different, there are many people who are struggling this…
Read more
What’s in a company name. Quite a lot. It’s a key part of an organisation’s brand. It’s how customers identify an organisation. A company’s name is sacrosanct! Organisations want their customers to think positively about their name. They want their customers to tell their friends positive things about their experiences with their brand. What organisations…
Read more
Information Classification (IC) is core to an effective security programme. After Asset Management, it’s probably the most important component of an Information Security Management System. For those already certified to the current version of 27001, your old information classification system is likely to need a revamp. The new 27002:2022 control guidelines have been updated to reflect…
Read more
It’s the beginning of the year and some bright spark in the marketing department has an idea for recycling last year’s lead-generating article. Even though none of last year’s predictions actually came true, how about we make some new predictions about what is going to happen in 2022. We can then show how our suite…
Read more
When pitching for consultancy work, many of our clients are [initially] surprised we at Fox Red Risk do not price any of our services based on a daily rate model. It seems the majority of consulting organisations, small and large, price their jobs based on some form of time-based billing. This billing approach may be…
Read more
According to the 2020/21 ICO annual report, around half of the [46% of ~40k] complaints the regulator receives are related to subject access. Fulfilling DSARs is clearly an area where Data Controllers are facing challenges with data subject satisfaction. In a previous article, I wrote about coping with DSAR volumes, suggesting methods to bring such high numbers…
Read more
Working out the lawful bases for your processing activities can be a challenge. Whilst the ICO has guidance and a useful tool to help organisations determine the lawful bases of processing, the final decision will always rest on the Controller organisation to defend. A Controller thus needs to document their lawful bases properly because if…
Read more
As predicted in an article I wrote earlier this year, the EU are on the cusp of finding the UK’s data protection regime adequate. The draft decision has been published and so you don’t have to read the whole 87 page document I took one for the team and have summarised the bits I thought might be of interest,…
Read more
The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any subject matter So…it’s here! Despite many saying it was not possible, a free trade deal has been done. Whether it’s a good deal or a bad deal for the UK is yet to…
Read more
