Data retention is always a challenge for organisations. Organisation just love retaining data and well, storage is pretty cheap these days. Whilst the costs of getting retention wrong (e.g. not being able to recover from a ransomware attack) are always high; a recent GDPR fine decision in Germany highlights the data retention problem could get…
Read more
Whether you believe climate change is a real thing or not there is no arguing 16-year-old Greta Thunberg is making headlines. Her efforts to raise awareness about this key issue of our time are pretty impressive. Whilst some people don’t think climate change is real, as a person who believes in evidence-based decision-making, I am going to pin my colours…
Read more
So what was my prediction? Well, based on previous major data breaches (such as the TalkTalk breach) I hypothesised that, it seems to take the ICO around 12-18 months from a major incident occurring, to the ICO carrying out an investigation and subsequently issuing a fine…and then of course the inevitable appeal wrangling for reduction of the original fine amount. Therefore, if there were to be an in-scope breach on the 26th May 2018 it would likely be between May and November 2019 before a large fine would be finally agreed.
This article looks at the different approaches organisations can take when assessing the competence of potential DPO candidates.
As a Controller, it is pretty challenging to meet the requirements of GDPR without great records detailing where, what and how personal data is processed. If you’re an organisation with more than 250 employees, there is a requirement to document your processing activities (See Article 30) but if you’re one of those organisations with less than 250 people, then you have a [partial] get-out-of-jail card. The thing is, even if it’s not mandatory, it’s still incredibly useful to document processing activities. This will help you comply with all the other aspects of GDPR you are still ‘on-the-hook’ for. In this brief article, we will look at 7 items which all organisations – small or big – should (or in certain cases must) include in an inventory of their processing activities.
There are lots of reasons to use encryption and other cryptographic techniques when it comes to mitigating the risks associated with protecting the rights and freedoms of Data Subjects under GDPR. There are however a lot of things that encryption won’t solve too. In this brief article, we will look at 7 of those things encryption is just never going to solve.
