Fox Red Risk
The Cyber Security and Data Protection Consultancy
Tag: GDPR
Tag: GDPR
Application Security – Zoom is a Knife Crime!
The news ebbs and flows and so too do people’s attitudes to the world around them. We are all influenced by the media. Take knife crime. In 2019, knife crime was a significant problem in London. So we should ban knives! Knives are dangerous! Knives should not be used under any circumstances. Why are you
Read More
Asset Discovery for Cybersecurity & Data Protection – You can’t protect it if you don’t know it exists!
There is an old management adage that what isn’t measured isn’t managed. It’s so true. Something similar applies to cybersecurity. If you don’t know an asset exists, how on earth can you protect that asset from a cyber-attack or data breach?! Asset Discovery is the number one exercise a new CISO (or Virtual CISO) should
Read More
Processor Contract – How Data Processors can inadvertently become Controllers…and why it matters!
For those of you who deal with the wonderful document that is a data processor contract. Whether you’re on the Controller side or the Processor side, you will know there are quite a few hoops to jump through. This is because GDPR strengthened the requirements of a Controller-Processor relationship, outlined in Article 28. That said,
Read More
GDPR Subject Access – why verifying ID can be dangerous!
I wrote a few weeks ago discussing how DSAR volumes may have gone up in your organisation and that it’s probably not simply down to the GDPR Subject Access hurdles being lowered for Data Subjects. Since GDPR came into force in May 2018, Data Subjects now don’t have to pay a fee (in most cases).
Read More
DSAR – Help I can’t cope!!! Our Subject Access Request volumes have gone through the roof!!!!
I had an online interaction with a vendor who sells Data Subject Access Request (DSAR) automation software recently. During the ‘pitch’ they highlighted that organisations across London, UK have seen a staggering increase in DSARs since GDPR went live. An article in the Yorkshire Evening Post confirms this is not just a London-centric issue. “In
Read More
Data Retention – A €14.5million fine awaits for Real Estate Data Archive non-compliant with GDPR?
Data retention is always a challenge for organisations. Organisation just love retaining data and well, storage is pretty cheap these days. Whilst the costs of getting retention wrong (e.g. not being able to recover from a ransomware attack) are always high; a recent GDPR fine decision in Germany highlights the data retention problem could get
Read More
Public Information & GDPR – I can do what I like with it…wrong!
There seems to be this idea floating around that if the data is collected from publicly available sites then it is fair game for marketers. If someone has created a profile on LinkedIn for example and their email address can be harvested (say by a recruiter or data miner connecting with you) then this public
Read More
Climate Change Solved: GDPR mitigates climate change risk!
Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours
Read More
Technical Debt: A Cautionary Tale!
Once an organisation understands the technical debt borrowed by its project managers the more likely projects will deliver the expected outcomes.
Read MoreInfoSec CPE: If you pay for your infosec specialists’ membership fees why aren’t you reviewing their annual CPE transcripts?
I would strongly recommend periodically asking your staff for their current qualifications’ CPE transcripts. Not just your InfoSec or Risk specialists but all your specialists.
Read More- 1
- 2