Tag: data protection officer

Tag: data protection officer

GDPR Subject Access – why verifying ID can be dangerous!
20/01/2020 DPO Blog, Security Advisory Blog admin

wrote a few weeks ago discussing how DSAR volumes may have gone up in your organisation and that it’s probably not simply down to the GDPR Subject Access hurdles being lowered for Data Subjects. Since GDPR came into force in May 2018, Data Subjects now don’t have to pay a fee (in most cases). The

Read More
DSAR – Help I can’t cope!!! Our Subject Access Request volumes have gone through the roof!!!!
29/11/2019 DPO Blog, Security Advisory Blog admin

I had an online interaction with a vendor who sells Data Subject Access Request (DSAR) automation software recently. During the ‘pitch’ they highlighted that organisations across London, UK have seen a staggering increase in DSARs since GDPR went live. An article in the Yorkshire Evening Post confirms this is not just a London-centric issue. “In

Read More
Data Retention – A €14.5million fine awaits for Real Estate Data Archive non-compliant with GDPR?
05/11/2019 DPO Blog, Security Advisory Blog admin

Data retention is always a challenge for organisations. Organisation just love retaining data and well, storage is pretty cheap these days. Whilst the costs of getting retention wrong (e.g. not being able to recover from a ransomware attack) are always high; a recent GDPR fine decision in Germany highlights the data retention problem could get

Read More
Public Information & GDPR – I can do what I like with it…wrong!
28/10/2019 DPO Blog, Security Advisory Blog admin

There seems to be this idea floating around that if the data is collected from publicly available sites then it is fair game for marketers. If someone has created a profile on LinkedIn for example and their email address can be harvested (say by a recruiter or data miner connecting with you) then this public

Read More
Cookie consent after C-673/17 – To Consent or not to Consent…
02/10/2019 DPO Blog, Security Advisory Blog admin

Firstly, this is legal information about cookie consent, not legal advice… The judgement of the CJEU case C-673/17 is now doing the rounds and as one has come to expect when it comes to Data Protection recently, there is a lot of hot air and bluster about what the ruling means. Is this some form of paradigm shift in

Read More
CCPA & GDPR: Two Nations Divided by a Common Language
15/07/2019 DPO Blog, Security Advisory Blog admin

With six months to go before the California Consumer Privacy Act CCPA goes live in California, it seems we are progressively moving towards common ground when it comes to international privacy law…or are we…?

Read More
GDPR Process Inventory – 7 items to record
12/04/2018 DPO Blog admin

As a Controller, it is pretty challenging to meet the requirements of GDPR without great records detailing where, what and how personal data is processed. If you’re an organisation with more than 250 employees, there is a requirement to document your processing activities (See Article 30) but if you’re one of those organisations with less than 250 people, then you have a [partial] get-out-of-jail card. The thing is, even if it’s not mandatory, it’s still incredibly useful to document processing activities. This will help you comply with all the other aspects of GDPR you are still ‘on-the-hook’ for. In this brief article, we will look at 7 items which all organisations – small or big – should (or in certain cases must) include in an inventory of their processing activities.

Read More
GDPR – 7 Things encryption won’t solve
10/02/2018 DPO Blog, Security Advisory Blog admin

There are lots of reasons to use encryption and other cryptographic techniques when it comes to mitigating the risks associated with protecting the rights and freedoms of Data Subjects under GDPR. There are however a lot of things that encryption won’t solve too. In this brief article, we will look at 7 of those things encryption is just never going to solve.

Read More