Cyber Security - Resilience - Data Protection
There is an old management adage that what isn’t measured isn’t managed. It’s so true. Something similar applies to cybersecurity. If you don’t know an asset exists, how on earth can you protect that asset from a cyber-attack or data breach?! Asset Discovery is the number one exercise a new CISO (or Virtual CISO) should…
Read more
For those of you who deal with the wonderful document that is a processor contract. Whether you’re on the Controller side or the Processor side, you will know there are quite a few hoops to jump through. This is because GDPR strengthened the requirements of a Controller-Processor relationship, outlined in Article 28. That said, a…
Read more
I wrote a few weeks ago discussing how DSAR volumes may have gone up in your organisation and that it’s probably not simply down to the GDPR Subject Access hurdles being lowered for Data Subjects. Since GDPR came into force in May 2018, Data Subjects now don’t have to pay a fee (in most cases).…
Read more
Is your supply chain resilience programme reminiscent of the article image? Aged, poorly maintained, complex, hard-to-untangle. Do you carry out due diligence at the beginning of your engagements? More importantly, do you carry out ongoing governance and oversight? Even more importantly, does supply chain resilience form part of your wider operational resilience strategy or business…
Read more
I had an online interaction with a vendor who sells Data Subject Access Request (DSAR) automation software recently. During the ‘pitch’ they highlighted that organisations across London, UK have seen a staggering increase in DSARs since GDPR went live. An article in the Yorkshire Evening Post confirms this is not just a London-centric issue. “In…
Read more
Are you a Quiddler? No, this is not some fanboi reference to Harry Potter (I’ll be honest I haven’t read one of the series, I’m a proper muggle!). Quiddling, however, is a very real problem in the world of Security Audit. If you want to know more, keep on reading. You could be one of…
Read more
Data retention is always a challenge for organisations. Organisation just love retaining data and well, storage is pretty cheap these days. Whilst the costs of getting retention wrong (e.g. not being able to recover from a ransomware attack) are always high; a recent GDPR fine decision in Germany highlights the data retention problem could get…
Read more
There seems to be this idea floating around that if the data is collected from publicly available sites then it is fair game for marketers. If someone has created a profile on LinkedIn for example and their email address can be harvested (say by a recruiter or data miner connecting with you) then this public…
Read more
I know there is a rush to get things out the door and I am very grateful for those who report on data breach stats but this article from Dark Reading piqued my interest: 10% of Small Businesses Breached Shut Down in 2019. Whenever I see a statistic like this I am always a little…
Read more
Firstly, this is legal information about cookie consent, not legal advice… The judgement of the CJEU case C-673/17 is now doing the rounds and as one has come to expect when it comes to Data Protection recently, there is a lot of hot air and bluster about what the ruling means. Is this some form of paradigm shift in…
Read more
