The data protection DOs and DON’Ts during the COVID-19 crisis

You’ve no doubt come across dozens of articles advising you on how to cope during the COVID-19 crisis. However, it’s not only the physical and mental wellbeing of your staff that you need to look after but also your organisation’s ability to prevent security incidents. With employees working from home and no longer subject to the security protections that the office provides, it can be hard to … [Read more...]

A quick guide to the GDPR’s articles and recitals

There is such a breadth of information online about the GDPR (General Data Protection Regulation) that it can be daunting to find even basic clarifications on its rules and requirements. With this blog, we hope to simplify things, providing quick explanations of the GDPR’s core concepts. For those who want to learn more about each topic, we have links to articles where we’ve discussed the issue in … [Read more...]

What are the security risks of Cloud computing?

Cloud services are an integral part of modern business, with as many as 94% of organisations using it for at least some part of their operations. The reliance on Cloud services will soar in the coming weeks and months, as employees work from home where possible in the fight against the 2019 novel coronavirus pandemic. Separated from the office and local hard drives, employees will be able to use … [Read more...]

What’s the difference between information security and cyber security?

Are you confused about the terms ‘information security’ and ‘cyber security’, and why some people use them interchangeably? You’re not alone, as many discussions on data protection and cyber crime overlook the nuances that define the industry. We aim to correct that here, providing a simple explanation of both terms and how they fit into your organisation. What is information security? Information … [Read more...]

ICO issues £500,000 fine to Dixons Carphone over data breach

Dixons Carphone, based in the UK, has been fined £500,000 (about €589,000) following a cyber attack that compromised the data of approximately 14 million people.   An investigation conducted by the UK’s ICO (Information Commissioner’s Office) found malware installed on 5,390 tills between July 2017 and April 2018.    Details of the breach The criminal hackers collected payment card … [Read more...]

Nine steps to successful ISO 27001 implementation

It may be something of a cliché but, for information security management system (ISMS) projects, it is certainly true to say that ‘well begun is half-way done’. The person charged with leading an ISO/IEC 27001:2013 ISMS project has to reduce something that looks potentially complex, difficult and expensive in terms of time and resources, to something that everyone believes can be achieved in the … [Read more...]

Cyber attacks and data breaches in review: November 2019

The numbers don’t tell the full story this month. There may have been 1.34 billion breached records disclosed, but almost all of them came from a single incident of ambiguous origin.  Likewise, there were an abnormally high number of incidents in which the organisation didn’t reveal the number of affected records, so it’s a hard month to define in terms of cyber security success.  What we are sure … [Read more...]

Q & A: The challenges for Data Protection Officers (DPOs)

Under the GDPR (General Data Protection Regulation), many organisations are required to appoint a DPO (data protection officer). Our recent webinar, ‘Challenges for data protection officers (DPOs)’, provided an introduction to the role and its requirements, covering the DPO’s responsibilities and the challenges they face. This was followed by a Q&A session with our GDPR expert Alice … [Read more...]

Why your organisation should implement ISO 27701

There’s a new standard for data privacy: ISO 27701. Released earlier this year as an extension to the ISO 27000 series, it provides essential guidance to help organisations protect sensitive information and meet data subject rights.  ISO 27701 fills a gap left by the GDPR (General Data Protection Regulation), which contains strict rules about privacy management but doesn’t advise organisations on … [Read more...]

5 things you must do to avoid data breach disaster

Some of the most disastrous consequences of data breaches occur not from the incident itself but as a result of organisations’ inability to respond quickly and effectively.  You can’t assume that a data breach is a negligible risk that you’ll deal with if it ever happens. That’s because your chances of being breached are much higher than you might think. In fact, the insurance … [Read more...]