dcsimg

The GDPR has arrived: What happens now?

So, the EU General Data Protection Regulation (GDPR) is here and the sky hasn’t fallen. Some have reacted with an eye roll and a muttered “what did you think was going to happen?” Others will think it’s Y2K all over again: a big build up for nothing. Of course, the world post-25 May 2018 looks very much the same as it did before, but it’s much too early to pass judgement. The effects of the GDPR … [Read more...]

GDPR Likely to Hit Mid-Market Organizations the Hardest

We’ve all heard by now that the GDPR will bring in a revised set of data protection legislation that aims to modernize the way organizations store and process the data of EU citizens. Countless articles will tell you that non-compliance with the GDPR will likely result in crippling fines. However, much of this is fear-mongering, as the vast majority of people (even experts) simply cannot predict … [Read more...]

Snapchat releases details of its GDPR compliance measures

Snapchat has announced changes to its privacy policy and user settings as it prepares for the EU General Data Protection Regulation (GDPR), which takes effect on 25 May 2018. Many organisations have downplayed the requisite changes as ‘tweaks’ to their policies, but Snapchat has made a point of emphasising its widespread alterations. The most significant revelation is that, unlike rival messaging … [Read more...]

Reporting a Breach Under the GDPR

Even though GDPR is almost upon us, there still seems to be a bit of confusion as to the rules of breach notifications. How long do I have to report a breach? Who do I report a breach to? Do all data breaches need to be reported? It’s natural to have questions, and it’s natural not to want to read that outrageously long book of chapters and articles to find … Read more … [Read more...]

20 EU member states haven’t implemented the NIS Directive

EU regulators have been concerned about the growing threat to our essential services, particularly in view of the number of successful cyber attacks targeting critical infrastructure. As part of their response, they introduced a law in 2016 dedicated to help protect essential services: the Directive on security of network and information systems (NIS Directive). The NIS Directive applies to two … [Read more...]

14 Mistakes Companies Make in Preparation for GDPR

I think it’s fair to say that most organizations are still struggling to understand exactly what is required of them when it comes to GDPR preparations. There is a lot of misinformation out there surrounding this topic and it can be easy to just ignore the mandate and keep your fingers crossed that it will all be OK. Obviously, this is not the way to go about it. We’ve had … Read more … [Read more...]

The GDPR: How the right to be forgotten affects backups

The EU General Data Protection Regulation (GDPR) is a big, complex law, and, as is only natural, some elements appear to contradict each other. One of those contradictions involves arguably the most notorious aspect of the GDPR: the right to erasure (also known as the ‘right to be forgotten’). This right – one of eight enshrined in the GDPR – allows individuals to request that organisations remove … [Read more...]

Time’s Almost Up – Are You Ready For GDPR?

So, a bit of housekeeping first. The GDPR is the brand-new regulation that everyone has been talking about, but what actually is it? You’ve probably received numerous emails from organizations asking you for permission to continue storing your personal data, and that’s what’s it’s essentially all about. Companies interacting with people in the European Union will all have to pay attention to what … [Read more...]

9 steps to implementing ISO 27001

There are many reasons to adopt ISO 27001, the international standard that describes best practice for an information security management system (ISMS). It helps organisations improve their security, comply with cyber security regulations, and protect and enhance their reputation. But implementing the Standard takes a lot of time and effort. That should be obvious, at least if you believe the … [Read more...]

The GDPR: What you need to know about DPIAs

Article 35 of the EU General Data Protection Regulation (GDPR) introduces the concept of data protection impact assessments (DPIAs). DPIAs help organisations identify and minimise privacy risks in data processing activities. They are essential if you process any high-risk data, but they are also relevant when you are introducing a new data collection process, system or technology. An effective … [Read more...]