dcsimg

ACCESS Act might improve data privacy through interoperability

Data privacy is back in Congressional lawmakers’ sights, as a new, legislative proposal focuses not on data collection, storage, and selling, but on the idea that Americans should be able to more easily pack up their user data and take it to a competing service—perhaps one that better respects their data privacy. The new bill would also require certain tech companies, including Facebook, … [Read more...]

The GDPR: How the right to be forgotten affects backups

The GDPR (General Data Protection Regulation) is a big, complex law, and, as it’s only natural that some elements appear to contradict each other.  One of those apparent contradictions involves arguably the most notorious aspect of the GDPR: the right to erasure (also known as the ‘right to be forgotten’).  This right – one of eight enshrined in the GDPR – allows individuals to request that … [Read more...]

3 reasons you should give your DPO specialist training

Organisations that appoint a DPO (data protection officer) will have a significantly different approach to information security than those that don’t.  The person who fills the position is responsible for monitoring the organisation’s data protection practices and helping staff understand their regulatory requirements, amongst other things.  Under the GDPR (General Data Protection Regulation), … [Read more...]

How does the GDPR affect sole traders?

Almost all EU-based organisations are affected by the GDPR (General Data Protection Regulation), from sole traders to multinationals.  But even though the GDPR unifies data protection rules across Europe, not all businesses will face the same problems. We’ve covered many of the issues you’re likely to face, but this blog focuses on the way sole traders should approach their compliance … [Read more...]

The GDPR has led to a spike in DSARs (data subject access requests)

Depending on who you ask, the GDPR (General Data Protection Regulation) has either overhauled the way organisations handle personal data or it’s a complex and ultimately pointless piece of bureaucracy.  Fortunately, the number of people in the latter camp has shrunk in the past year or so, as the GDPR has proven to have a tangible effect on business. And we’re not just talking about fines, both … [Read more...]

How EU organisations’ GDPR requirements will change in a no-deal Brexit scenario

We’re now, once again, on the precipice Brexit, and as the deadline nears, you’ll see more stories appear about how EU-based organisations will be affected by the UK’s departure from the EU.  European organisations with ties to the UK are particularly concerned about the ramifications of the GDPR (General Data Protection Regulation). With the UK’s EU status up in the air, organisations must … [Read more...]

Does your organisation’s data protection policy comply with the GDPR?

The introduction of the GDPR (General Data Protection Regulation) has meant that organisations across Europe must be a lot more rigorous about the way they handle people’s personal data.  One of the most important steps is to create a data protection policy to make sure employees know exactly what they should and shouldn’t do when processing or storing sensitive information.    What a data … [Read more...]

What role does data destruction play in cybersecurity?

When organization leaders think about cybersecurity, it’s usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What’s not often considered is which items should be taken away. Nearly as important to an organization’s … [Read more...]

CEOs offer their own view of a US data privacy law

Last week, the chief executives of more than 50 mid- and large-sized companies urged Congress to pass a national data privacy law to regulate how companies collect, use, and share Americans’ data. Buried deep within the chief executives’ recommendations for such a law, presented as a policy framework for guidance, was a convenient proposal: Private individuals should not be allowed to sue … [Read more...]

Is your organisation’s privacy notice GDPR compliant?

If your organisation is subject to the GDPR (General Data Protection Regulation), you must create and distribute a privacy notice.  This document ensures that individuals are aware of the way their personal data is processed, helping them understand what data is being collected, why and how it’s being used, and how long it will be kept.  But there are several other reasons organisations should … [Read more...]