Tag: Data Protection

Tag: Data Protection

Processor Contract – How Data Processors can inadvertently become Controllers…and why it matters!
27/01/2020 DPO Blog, Operational Resilience Blog, Security Advisory Blog EditoratLarge

For those of you who deal with the wonderful document that is a data processor contract. Whether you’re on the Controller side or the Processor side, you will know there are quite a few hoops to jump through. This is because GDPR strengthened the requirements of a Controller-Processor relationship, outlined in Article 28. That said,

Read More
DSAR – Help I can’t cope!!! Our Subject Access Request volumes have gone through the roof!!!!
29/11/2019 DPO Blog, Security Advisory Blog EditoratLarge

I had an online interaction with a vendor who sells Data Subject Access Request (DSAR) automation software recently. During the ‘pitch’ they highlighted that organisations across London, UK have seen a staggering increase in DSARs since GDPR went live. An article in the Yorkshire Evening Post confirms this is not just a London-centric issue. “In

Read More
Data Retention – A €14.5million fine awaits for Real Estate Data Archive non-compliant with GDPR?
05/11/2019 DPO Blog, Security Advisory Blog EditoratLarge

Data retention is always a challenge for organisations. Organisation just love retaining data and well, storage is pretty cheap these days. Whilst the costs of getting retention wrong (e.g. not being able to recover from a ransomware attack) are always high; a recent GDPR fine decision in Germany highlights the data retention problem could get

Read More
Public Information & GDPR – I can do what I like with it…wrong!
28/10/2019 DPO Blog, Security Advisory Blog EditoratLarge

There seems to be this idea floating around that if the data is collected from publicly available sites then it is fair game for marketers. If someone has created a profile on LinkedIn for example and their email address can be harvested (say by a recruiter or data miner connecting with you) then this public

Read More
Cookie consent after C-673/17 – To Consent or not to Consent…
02/10/2019 DPO Blog, Security Advisory Blog EditoratLarge

Firstly, this is legal information about cookie consent, not legal advice… The judgement of the CJEU case C-673/17 is now doing the rounds and as one has come to expect when it comes to Data Protection recently, there is a lot of hot air and bluster about what the ruling means. Is this some form of paradigm shift in

Read More
Climate Change Solved: GDPR mitigates climate change risk!
01/10/2019 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours

Read More
Technical Debt: A Cautionary Tale!
19/09/2019 CISO Blog, DPO Blog EditoratLarge

Once an organisation understands the technical debt borrowed by its project managers the more likely projects will deliver the expected outcomes.

Read More
Risk Management: Stop – you’re too controlling!!!
22/07/2019 CISO Blog, DPO Blog, Security Advisory Blog EditoratLarge

What appears to be a well-intended improvement to reduce risk being completely unused because it was poorly envisaged, poorly implemented, with the original control measure still to be decommissioned and so that control is still being used whilst the new control is to all intents and purposes gathering dust.

Read More
CCPA & GDPR: Two Nations Divided by a Common Language
15/07/2019 DPO Blog, Security Advisory Blog EditoratLarge

With six months to go before the California Consumer Privacy Act CCPA goes live in California, it seems we are progressively moving towards common ground when it comes to international privacy law…or are we…?

Read More
Are the big GDPR fines finally coming into land – and does it matter?
08/07/2019 CISO Blog, DPO Blog EditoratLarge

So what was my prediction? Well, based on previous major data breaches (such as the TalkTalk breach) I hypothesised that, it seems to take the ICO around 12-18 months from a major incident occurring, to the ICO carrying out an investigation and subsequently issuing a fine…and then of course the inevitable appeal wrangling for reduction of the original fine amount. Therefore, if there were to be an in-scope breach on the 26th May 2018 it would likely be between May and November 2019 before a large fine would be finally agreed.

Read More