Policy pile up creates user uncertainty

This blog was written after recently working with different companies on their Information Security Management Systems (ISMSs).  The ISO27000 standard – the Overview and vocabulary part of the ISO27nnn series – defines an ISMS as consisting of “policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its… Read More

Are you meeting the GDPR Accountability principle?

Meeting the General Data Protection Regulation (GDPR) requirements isn’t a one-off ‘set and forget’ activity. Ongoing work is needed to ensure the requirements continue to met, this is covered by the Accountability principle in Article 5. It states that the controller “shall be responsible for, and be able to demonstrate compliance with, paragraph 1”; and… Read More

CNIL – causes of reported data breaches (May – October 2018)

The CNIL (the French Data Protection Authority) received 742 notifications of personal data breaches (and see the original report in French) that affected over 33 million individuals located in France or elsewhere. 695 related to confidentiality breaches. The accommodation and food services sector had the highest number of breaches – 185. This is due to a specific case… Read More

Legitimate Interests – 3 part test

Legitimate interests (LI) is one of the lawful basis for processing personal data. The ICO say it is appropriate “where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. The three parts to the test to identify a LI have been… Read More

Anyone talking about GDPR should include this slide! #ourGDPRstatus

It isn’t hard to find an event at the moment that is specifically about GDPR or includes sessions to cover different aspects of it. With so many companies talking about it and promoting products and services to help prepare for May 2018, you would think/hope they would be the ones that are well on their way… Read More

Will marketing make companies miss the May 2018 GDPR deadline?

We all do marketing to make us stand out from the competition and show the compelling reasons to have the product or service we provide. But sometimes a marketing message doesn’t give the complete picture. For the General Data Protection Regulation (GDPR), this could lead companies to believe they comply but actually have several outstanding issues to address.… Read More

Why keeping information secure is much more than an IT issue

When I ask business owners what they are doing to keep their business information secure, the vast majority say it is an IT issue and I should talk to their IT team or the company used to maintain their IT systems. But what about dealing with risks from your staff, lack of adequate physical security or keeping… Read More

The outlook is Cloudy with possible spells of data protection issues

This isn’t a blog about the weather, but some people may be in for a stormy time if they use apps or services that don’t have good data protection measures in place. The majority of us now use ‘the Cloud’ to provide services or store data. The main players seem to have good data protection policies… Read More

Self-assessment tool to help SMEs with Data Protection

The Information Commissions Office has launched a self-assessment tool to help small and medium-sized enterprises (SMEs) assess their compliance with the Data Protection Act and the key obligations for processing their customers’ or clients’ personal information. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that… Read More

Sharing too much on social media can be bad for you

Every few months there are stories about criminals taking information from social media sites to commit some type of ‘identity theft’ crime. The majority of stories are not very specific about the impact, or the impact is in an area that would not concern many people. But what if someone can take out a credit… Read More