dcsimg

Norwegian study finds Google and Facebook manipulate users to share data despite GDPR

A recent study by the Norwegian government has found that Facebook and Google push users to share private information by using “invasive” and limited default options. The Norwegian Consumer Council’s Deceived By Design report suggests that the tech giants’ privacy updates clash with the new GDPR (General Data Protection Regulation). In a statement, the council’s director of digital services, … [Read more...]

Swedish Data Inspectorate begins first reviews under the GDPR

  The Data Inspectorate of Sweden has begun its first reviews under the GDPR (General Data Protection Regulation) to ascertain whether authorities and companies that are obliged to appoint a DPO (data protection officer) have done so. Those being examined operate in the private healthcare, insurance and financial sectors. Jonas Agnvall, a lawyer at the Data Inspectorate who is heading the … [Read more...]

Top tips for writing a GDPR-compliant privacy policy

After this past week, in which your inboxes were no doubt overloaded with emails about updated privacy policies, you might want a long break from those two words. But if your organisation didn’t contribute to the plethora of privacy policy epistles, you’re going to be stuck thinking about them a little longer. Organisations are required to update their privacy policy and share it with data … [Read more...]

1 in 8 cyber attacks successful in Denmark

A recent survey by the Danish Society of Engineers’ IT subsidiary, IDA-it, concluded that two thirds of businesses had experienced a cyber attack, and that up to one in eight cyber attacks carried out against Danish organisations are successful. IDA-it surveyed people working in IT or personal data related roles in the public and private sector. Kåre Løvgren, IDA-it’s chairperson, said that … [Read more...]

Danish rail network DSB hit by cyber attack

DSB, the Danish state rail operator, was hit by a distributed denial-of-service (DDoS) cyber attack on Sunday, April 13. A DDoS attack attempts to disrupt a host or network from connecting to the Internet in order to render a network or machines unavailable. It meant that passengers were unable to buy tickets on Sunday, and purchases through DSB’s ticket machines, app, website and retail stores … [Read more...]

Big data organisations have given us a “crisis of confidence”

People are being manipulated by organisations that collect vast amounts of personal data, according to a report by the European Data Protection Supervisor (EDPS). Giovanni Butarelli, who heads the independent institution, acknowledged the benefits of being able to store and analyse huge volumes of data, but warned that current data collection practices have led to a “crisis of confidence”, with … [Read more...]

How the GDPR will affect spam

Lawmakers and journalists have made bold claims about the EU General Data Protection Regulation (GDPR) over the past few years. ‘It will mitigate the threat of cyber attacks’. ‘It will give individuals more control over their personal data’. ‘It will lead to strict punishment for poor data protection practices’. These are all true, or at least there’s ample evidence to suggest as much. But some … [Read more...]

Pseudonymisation is the GDPR’s “escape hatch”

If you’ve been reading about the EU General Data Protection Regulation (GDPR), you probably know that massive changes to the way organisations collect personal data will soon be made. The days of stashing away as much data as possible and using it as and when the need arises are gone, as the Regulation mandates that information can only be collected if it meets certain lawful bases. But this … [Read more...]

The GDPR and the future of location-based advertising

Not so long ago, marketers believed programmatic advertising (the use of someone’s personal data to create targeted ads) was “the next big thing”, but many people now claim that the EU General Data Protection Regulation (GPDR) is the “death knell” for this practice. One of the most common forms of programmatic advertising uses geo-tracking to target adverts based on someone’s location. It’s the … [Read more...]

Are your employees aware of their PCI DSS obligations?

If your organisation collects cardholder data, you need to comply with the Payment Card Industry Data Security Standard (PCI DSS). The Standard was designed to help organisations manage card payments securely, and is regulated by major card brands (Visa, Mastercard, American Express, JCB and Discover). Failure to comply with the PCI DSS will lead to disciplinary action and reputational damage, but … [Read more...]