Portuguese hospital appeals GDPR fine

A Portuguese hospital is preparing a legal challenge to appeal two fines totalling €400,000 levied under the GDPR (General Data Protection Regulation). at the Centro Hospitalar Barreiro Montijo (CHBM) were raised in April 2018 when the Sindicato dos Médicos da Zona Sul (Medical Workers Union of the Southern Zone) reported that non-clinical staff were using ‘medical’ profiles to access CHBM’s … [Read more...]

Why you should still be concerned about the GDPR

The compliance deadline for the EU GDPR (General Data Protection Regulation) passed six months ago, on 25 May 2018, but its influence is only just starting to take hold. Several experts, including European Data Protection Supervisor Giovanni Buttarelli, have predicted that the first round of fines will be levied in the coming weeks. Buttarelli told Reuters that supervisory authorities have been … [Read more...]

“How can we prevent data breaches?” The questions your board should be asking

Even though your IT department will do much of the work regarding information security, your board is ultimately responsible for preventing data breaches and other disruptions. Top management must therefore work with staff to make sure everyone is taking the necessary steps. Of course, this is easier said than done. Most board members aren’t information security experts, and the subject is so vast … [Read more...]

3 of the most common ways your organisation can suffer a data breach

Over the past year, cyber security experts have warned organisations to accept that data breaches are inevitable. Strong defences can help you prevent most incidents and reduce the severity of successful attacks, but they can’t keep stop data breaches altogether. So, what threats should you be preparing for? Here are three of the most common. Malware Malware is often associated with card … [Read more...]

5 tools that help you comply with the GDPR and mitigate the risk of data breaches

Understanding and implementing the GDPR’s requirements can be tough, but you can make your life easier with these tools. It’s more important than ever to ensure you have strong data protection practices. Not only is the threat of cyber crime on the rise but there’s also the potential for severe disciplinary action under the GDPR (General Data Protection Regulation). The GDPR’s strict requirements … [Read more...]

How to write a GDPR data breach notification procedure

Documenting your GDPR compliance can be tough, but a little guidance and access to documentation templates can make things much easier. You probably found the documentation process one of the most stressful parts of EU GDPR (General Data Protection Regulation) compliance. What you write forms the backbone of your data protection practices, but there’s very little guidance on exactly what you … [Read more...]

4 threats every organisation needs to prepare for

More than 6 million data records are compromised every day, and it would be foolish to think your organisation isn’t at risk of contributing to that figure. Cyber criminals look for vulnerabilities wherever they can find them, and you can be sure that your organisation is full of them. Here are seven threats you need to prepare for:   Malware There are many types of malware you need to … [Read more...]

Will you survive a data breach?

Over the past year or so, the narrative surrounding cyber security has moved from ‘will I be targeted by an attack?’ to ‘will I survive when an attack comes?’ This is mostly because the number of cyber attacks has skyrocketed. According to Gemalto’s Breach Level Index, there was a 72% increase in the number of breached records over the past year. It estimates that there are currently more than 6 … [Read more...]

How to report a data breach to your supervisory authority

Under the GDPR (General Data Protection Regulation), organisations must report certain types of data breach to their supervisory authority within 72 hours of becoming aware of it. This requirement can be relatively straightforward if you are suitably prepared. The first thing you’ll need to determine after a breach is whether the incident meets the GDPR’s criteria for reporting – i.e. does it pose … [Read more...]

Does the GDPR allow you to track biometric data?

Under the EU GDPR (General Data Protection Regulation), biometrics is considered a “special category of personal data” that requires both a special legal basis for processing and an accompanying data protection impact assessment. You are therefore permitted to track biometric data, but you might find the effort it takes outweighs the benefits. What is biometric data? Biometrics is essentially … [Read more...]