Webinar: Appointing a data protection officer DPO under the GDPR

The General Data Protection Regulation (GDPR) imposes a significant number of obligations and responsibilities on controllers and processors.  The GDPR significantly reshapes the data protection landscape for organisations worldwide that collect and process the data of EU residents. The Regulation also imposes fines of up to 4% of annual global turnover or €20 million (whichever is greater), … [Read more...]

German court rules Facebook’s data use is illegal

Facebook’s default privacy settings and use of personal data are against German consumer law, according to a Berlin regional court. The court ruled that Facebook collects and uses personal data without providing enough information to its members for them to give meaningful consent. “Facebook hides default settings that are not privacy-friendly in its privacy centre and does not provide sufficient … [Read more...]

Does your CRM meet the GDPR’s compliance requirements?

Organisations that have a customer relationship management (CRM) system in place will be well-versed in handling large volumes of personal data, and – in theory – prepared for the EU General Data Protection Regulation (GDPR). They will be used to keeping names, email addresses and dates of birth secure, and updating information when it’s out of date, which are central to GDPR compliance. However, … [Read more...]

How the PCI DSS can help you meet the requirements of the GDPR

With just 3 months until the General Data Protection Regulation (GDPR) is enforced, organisations across Europe must consider how the far-reaching changes introduced by the Regulation will affect how they handle and protect personal data. While some will be worried about how to comply with the new law, those that are already compliant with the Payment Card Industry Data Security Standard (PCI DSS) … [Read more...]

9 steps to GDPR compliance

On 25 May 2018, the EU General Data Protection Regulation (GDPR) comes into effect, changing the way organisations handle personal data. The Regulation strengthens individuals’ rights concerning the way personal data is used, and requires that organisations take extra steps to make sure data remains secure. The GDPR applies to any organisation that handles EU residents’ personal data. If that … [Read more...]

The GDPR: What is sensitive personal data?

We recently discussed what counts as personal data under the EU General Data Protection Regulation (GDPR); however, we didn’t cover sensitive personal data. Before we get into what that entails, let’s recap the GDPR’s definition of personal data: “‘[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data subject’).” In other words, any information that … [Read more...]

European Commission publishes guidance on the GDPR

The European Commission has published guidance on the upcoming EU General Data Protection Regulation (GDPR). The document: Summarises the purpose and benefits of the GDPR; Evaluates the steps that organisations, national data protection authorities and the Commission have taken to prepare for the GDPR; Outlines what still needs to be done before the Regulation takes effect on 25 May 2018; … [Read more...]

The GDPR: What exactly is personal data?

Personal data is at the heart of the EU General Data Protection Regulation (GDPR), but many people are still unsure exactly what ‘personal data’ refers to. There’s no definitive list of what is or isn’t personal data, so it all comes down to properly interpreting the GDPR’s definition: “‘[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data … [Read more...]

Cryptocurrency app found to contain ransomware

With the rapid growth of cryptocurrency comes a demand for digital wallets. This has led to increased criminal activity. SpriteCoin is advertised as a digital wallet to keep cryptocurrency safe but is in fact ransomware, according to cybersecurity researchers Fortinet. SpriteCoin wallet is a fake cryptocurrency app that will take over a device and install ransomware when downloaded. A ransom note … [Read more...]

The GDPR: Understanding the 6 data protection principles

The EU General Data Protection Regulation (GDPR) outlines six data protection principles that organisations need to follow when collecting, processing and storing individuals’ personal data. The data controller is responsible for complying with the principles and must be able to demonstrate the organisation’s compliance practices. We’ve listed the six principles here with advice on how you can … [Read more...]