GDPR Archives » Fox Red Risk

Tag: GDPR

ICO News

News, Blogs and Speeches from the Information Commissioners Office (ICO)

Blog: Data ethics and the digital economy

We’ve just appointed our first data ethics adviser, Ellis Parry, to consider data protection and ethics challenges over the next year.
Why special category personal data needs to be handled even more carefully

Imagine if your medical records, information about your sex life or your political opinions were put into the public domain so anyone could see them. When personal data is shared by mistake the […]
Bond Lecture 2019: ‘Access to Information in Turbulent Times’

Gill Bull, ICO’s Director of Freedom of Information Complaints and Compliance, speech at the British Records Association in London, 13 November 2019.
Information Commissioner reminds political parties they must comply with the law ahead of General Election

The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning
Live facial recognition technology – police forces need to slow down and justify its use

As far back as Sir Robert Peel, the powers of the police have always been seen as dependent on public support of their actions. It’s an ideal starting point as we consider uses of technology […]

Data Retention – A €14.5million fine awaits for Real Estate Data Archive non-compliant with GDPR?

Data retention is always a challenge for organisations. Organisation just love retaining data and well, storage is pretty cheap these days. Whilst the costs of getting retention wrong (e.g. not being able to recover from a ransomware attack) are always high; a recent GDPR fine decision in Germany highlights the data retention problem could get

Public Information & GDPR – I can do what I like with it…wrong!

There seems to be this idea floating around that if the data is collected from publicly available sites then it is fair game for marketers. If someone has created a profile on LinkedIn for example and their email address can be harvested (say by a recruiter or data miner connecting with you) then this public

Climate Change Solved: GDPR mitigates climate change risk!

01/10/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours

Technical Debt: A Cautionary Tale!

19/09/2019 CISO Blog, DPO Blog admin

Once an organisation understands the technical debt borrowed by its project managers the more likely projects will deliver the expected outcomes.

InfoSec CPE: If you pay for your infosec specialists’ membership fees why aren’t you reviewing their annual CPE transcripts?

28/07/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

I would strongly recommend periodically asking your staff for their current qualifications’ CPE transcripts. Not just your InfoSec or Risk specialists but all your specialists.

Risk Management: Stop – you’re too controlling!!!

22/07/2019 CISO Blog, DPO Blog, Security Advisory Blog admin

What appears to be a well-intended improvement to reduce risk being completely unused because it was poorly envisaged, poorly implemented, with the original control measure still to be decommissioned and so that control is still being used whilst the new control is to all intents and purposes gathering dust.

GDPR & CCPA: Two Nations Divided by a Common Language

CCPA & GDPR: Two Nations Divided by a Common Language

15/07/2019 DPO Blog admin

With six months to go before the California Consumer Privacy Act CCPA goes live in California, it seems we are progressively moving towards common ground when it comes to international privacy law…or are we…?

Are the big GDPR fines finally coming into land – and does it matter?

08/07/2019 CISO Blog, DPO Blog admin

So what was my prediction? Well, based on previous major data breaches (such as the TalkTalk breach) I hypothesised that, it seems to take the ICO around 12-18 months from a major incident occurring, to the ICO carrying out an investigation and subsequently issuing a fine…and then of course the inevitable appeal wrangling for reduction of the original fine amount. Therefore, if there were to be an in-scope breach on the 26th May 2018 it would likely be between May and November 2019 before a large fine would be finally agreed.

GDPR Process Inventory – 7 items to record

12/04/2018 DPO Blog admin

As a Controller, it is pretty challenging to meet the requirements of GDPR without great records detailing where, what and how personal data is processed. If you’re an organisation with more than 250 employees, there is a requirement to document your processing activities (See Article 30) but if you’re one of those organisations with less than 250 people, then you have a [partial] get-out-of-jail card. The thing is, even if it’s not mandatory, it’s still incredibly useful to document processing activities. This will help you comply with all the other aspects of GDPR you are still ‘on-the-hook’ for. In this brief article, we will look at 7 items which all organisations – small or big – should (or in certain cases must) include in an inventory of their processing activities.