My top 3 items from the Information Commissioner’s fireside chat

On Tuesday 17 October I was at IAPP’s ‘fireside chat’ with Elizabeth Denham, the Information Commissioner. The top 3 items for me were: GDPR certification – details to be published in early 2018, the ICO is leading the work on this in WP29. The Commissioner thought it should be based on Accountability and mentioned the approach… Read More

The impact of the GDPR on sending emails and networking

On 25 May 2018 the General Data Protection Regulation (GDPR) replaces the Data Protection Act (DPA). The aim is to give individuals more control over how their personal data is used and get businesses to be more transparent over how it will be used. The UK Government have confirmed that Brexit has no impact. Businesses… Read More

How interested do parties need to be?

Early on in the ISO27001:2013 standard, page 1 section 4.2 to be precise, is ‘Understanding the needs and expectations of interested parties’. An organisation needs to determine the parties relevant to their information security management system (ISMS) and what requirements they could have for information security. The standard helpfully notes that requirements may include legal and regulatory… Read More

Wetherspoons stop monthly newsletters – GDPR related?

This morning I received an email from Wetherspoons – I am a customer and did sign up to receive updates – saying they will no longer be sending emails as many consider this intrusive. I agree that some people can find this intrusive, but at the same time think this could be part of their General… Read More

Anyone talking about GDPR should include this slide! #ourGDPRstatus

It isn’t hard to find an event at the moment that is specifically about GDPR or includes sessions to cover different aspects of it. With so many companies talking about it and promoting products and services to help prepare for May 2018, you would think/hope they would be the ones that are well on their way… Read More

Things to consider when selecting a new office

Thinking of moving to a new location? Here are some security items you should consider when selecting your perfect office. Location Consider neighbourhood public health and safety issues Is there an unacceptably high incidence of crimes against people or property? Will employees feel safe walking alone at night? Do the police or other emergency services have… Read More

Why the Contact form had to go! #GDPR

We still want to be contacted so we can help businesses improve their information and cyber security, but from now on, please do it by email or by calling. Removing the website Contact form may seem extreme, but it eliminates a risk to personal data over which we have very little control. As everyone probably knows*, the… Read More

GDPR (Data Protection) vs MTD (Tax)

What we know The General Data Protection Regulation (GDPR) will replace the Data Protection Act. Brexit has no impact. The Information Commissioner has said “there may still be questions about how the GDPR would work on the UK leaving the EU but this should not distract from the important task of compliance with GDPR”. This… Read More

Mirror mirror on the wall, who’s the fairest Application and OS of them all

The Computer Vulnerabilities and Exposures (CVE) website provides yearly summaries of application and operating systems vulnerabilities. Having a vulnerability is not the same as it actually being exploited, but the figures provide a useful, if somewhat crude way, of identifying what needs protecting and how this compares to 2015. For anyone that doesn’t want to read much further the… Read More

A is for App and B is for Behave

This isn’t my first blog about Apps that can take your personal information, and it probably won’t be the last. I am all for Apps that make you more productive and provide information on what is going around you. But there are too many that want access to information they could never legitimately use. I… Read More