GDPR Archives » Fox Red Risk

Tag: GDPR

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

ICO statement in response to an announcement made by the Metropolitan Police Service on the use of live facial recognition
In October 2019 we concluded our investigation into how police use live facial recognition technology (LFR) in public places. Our investigation found there was public support for police use of LFR […]
ICO attends the second ICIC FOI case handling workshop
Hosted by the Gibraltar Regulatory Authority, the annual workshop provides an opportunity for different jurisdictions across the globe to share working practices and ideas. ICO colleagues in […]
ICO publishes Code of Practice to protect children’s privacy online
Today the Information Commissioner’s Office has published its final Age Appropriate Design Code – a set of 15 standards that online services should meet to protect children’s […]
ICO yn cyhoeddi Cod Ymarfer i ddiogelu preifatrwydd plant ar-lein
Heddiw, mae Swyddfa'r Comisiynydd Gwybodaeth wedi cyhoeddi ei Chod Dylunio Oed-briodol – sef set o 15 o safonau y dylai gwasanaethau ar-lein eu bodloni i ddiogelu preifatrwydd plant.
Blog: Adtech - the reform of real time bidding has started and will continue
The adtech real time bidding (RTB) industry is complex, involving thousands of companies in the UK alone.

Processor Contract – How Data Processors can inadvertently become Controllers…and why it matters!

For those of you who deal with the wonderful document that is a data processor contract. Whether you’re on the Controller side or the Processor side, you will know there are quite a few hoops to jump through. This is because GDPR strengthened the requirements of a Controller-Processor relationship, outlined in Article 28. That said,

GDPR Subject Access – why verifying ID can be dangerous!

wrote a few weeks ago discussing how DSAR volumes may have gone up in your organisation and that it’s probably not simply down to the GDPR Subject Access hurdles being lowered for Data Subjects. Since GDPR came into force in May 2018, Data Subjects now don’t have to pay a fee (in most cases). The

DSAR – Help I can’t cope!!! Our Subject Access Request volumes have gone through the roof!!!!

29/11/2019 DPO Blog, Security Advisory Blog admin

I had an online interaction with a vendor who sells Data Subject Access Request (DSAR) automation software recently. During the ‘pitch’ they highlighted that organisations across London, UK have seen a staggering increase in DSARs since GDPR went live. An article in the Yorkshire Evening Post confirms this is not just a London-centric issue. “In

Data Retention – A €14.5million fine awaits for Real Estate Data Archive non-compliant with GDPR?

05/11/2019 DPO Blog, Security Advisory Blog admin

Data retention is always a challenge for organisations. Organisation just love retaining data and well, storage is pretty cheap these days. Whilst the costs of getting retention wrong (e.g. not being able to recover from a ransomware attack) are always high; a recent GDPR fine decision in Germany highlights the data retention problem could get

Public Information & GDPR – I can do what I like with it…wrong!

28/10/2019 DPO Blog, Security Advisory Blog admin

There seems to be this idea floating around that if the data is collected from publicly available sites then it is fair game for marketers. If someone has created a profile on LinkedIn for example and their email address can be harvested (say by a recruiter or data miner connecting with you) then this public

Climate Change Solved: GDPR mitigates climate change risk!

01/10/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours

Technical Debt: A Cautionary Tale!

19/09/2019 CISO Blog, DPO Blog admin

Once an organisation understands the technical debt borrowed by its project managers the more likely projects will deliver the expected outcomes.

InfoSec CPE: If you pay for your infosec specialists’ membership fees why aren’t you reviewing their annual CPE transcripts?

28/07/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

I would strongly recommend periodically asking your staff for their current qualifications’ CPE transcripts. Not just your InfoSec or Risk specialists but all your specialists.

Risk Management: Stop – you’re too controlling!!!

22/07/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

What appears to be a well-intended improvement to reduce risk being completely unused because it was poorly envisaged, poorly implemented, with the original control measure still to be decommissioned and so that control is still being used whilst the new control is to all intents and purposes gathering dust.

GDPR & CCPA: Two Nations Divided by a Common Language

CCPA & GDPR: Two Nations Divided by a Common Language

15/07/2019 DPO Blog, Security Advisory Blog admin

With six months to go before the California Consumer Privacy Act CCPA goes live in California, it seems we are progressively moving towards common ground when it comes to international privacy law…or are we…?