Data Protection with a hard Brexit – you might not need a representative in the UK

Several companies have made claims similar to “EU companies required to appoint UK Representative if there is a NO DEAL Brexit”. The headlines are wrong. I checked the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 and with the ICO. EU companies MAY need to appoint a UK representative, but if… Read More

CCTV and privacy – what you need to do

The majority of offices use CCTV as part of their security measures to protect the perimeter of buildings and/or to monitor restricted areas. There is nothing wrong in doing this providing a legal basis for processing the personal data (images) is established,  you tell people what it is used for and meet any requirements laid… Read More

WADIFF Consulting help Ditto AI get ISO27001 certification

Ditto AI Limited is an Explainable AI (XAI) company, that serves regulated, safety critical sectors that require accountability and transparency in their AI solutions. The security and integrity of information is seen as critically important to their business. With a target market of regulated industries, getting the ISO27001 certification made perfect sense both technically and… Read More

You wouldn’t get caught out by a phishing email, or would you?

Phishing emails – you get them, I get them and those pesky cyber criminals continue to evolve the format to try and get people to click links or download files that contain malware. The majority are easy to identify from the content.  Messages from banks you don’t use and links to invoices from companies you… Read More

GDPR – Large scale processing

The GDPR refers to large scale processing several times. Questions about what is meant by this come up on a regular basis. We have produced a short video with details on factors to consider, examples of large scale processing and examples of what isn’t large scale processing. Get in touch if you need help with… Read More

Policy pile up creates user uncertainty

This blog was written after recently working with different companies on their Information Security Management Systems (ISMSs).  The ISO27000 standard – the Overview and vocabulary part of the ISO27nnn series – defines an ISMS as consisting of “policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its… Read More

Are you meeting the GDPR Accountability principle?

Meeting the General Data Protection Regulation (GDPR) requirements isn’t a one-off ‘set and forget’ activity. Ongoing work is needed to ensure the requirements continue to met, this is covered by the Accountability principle in Article 5. It states that the controller “shall be responsible for, and be able to demonstrate compliance with, paragraph 1”; and… Read More

CNIL – causes of reported data breaches (May – October 2018)

The CNIL (the French Data Protection Authority) received 742 notifications of personal data breaches (and see the original report in French) that affected over 33 million individuals located in France or elsewhere. 695 related to confidentiality breaches. The accommodation and food services sector had the highest number of breaches – 185. This is due to a specific case… Read More

Behind the scenes: Deleting data from Google

You click Delete and your data is gone…..or is it? The IT infrastructure and services you use will not remove it straight away as you may need to recover it if the deletion was accidental, or it may need to be retained to meet legal requirements. For Google users, there are details of their four stage process… Read More

The Classification Conundrum #ISO27001

An important step to effectively manage information security risks is identifying how many information Classifications you have. The ISO27001 standard supports through clause 8.2.1 “Information should be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification”.  There is no standard answer to how many are needed. It is one… Read More