CNIL – causes of reported data breaches (May – October 2018)

The CNIL (the French Data Protection Authority) received 742 notifications of personal data breaches (and see the original report in French) that affected over 33 million individuals located in France or elsewhere. 695 related to confidentiality breaches. The accommodation and food services sector had the highest number of breaches – 185. This is due to a specific case… Read More

Behind the scenes: Deleting data from Google

You click Delete and your data is gone…..or is it? The IT infrastructure and services you use will not remove it straight away as you may need to recover it if the deletion was accidental, or it may need to be retained to meet legal requirements. For Google users, there are details of their four stage process… Read More

Don’t panic – stopping apps from accessing your emails

If you give an App access to your emails (and other data) it should come as no surprise that they use the access. And sometimes that could mean humans reading emails contents, and possibly not for the expected reason.  Here are ways to check who has access to your data in Google and Microsoft.com and… Read More

How to track down your personal data (Data Mapping)

One of the early stages to prepare for the General Data Protection Regulation (GDPR) is identifying the Personal Data you process; this blog provides a framework to build a Personal Data Inventory. An inventory is not a requirement of the GDPR, but it is a good way to build up a picture of the personal… Read More

Legitimate Interests – 3 part test

Legitimate interests (LI) is one of the lawful basis for processing personal data. The ICO say it is appropriate “where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. The three parts to the test to identify a LI have been… Read More

Accountability and Governance – Documentation #GDPR #DPB

Details of documentation requirements for Accountability and Governance under the GDPR and Data Protection Bill are on the ICO website. A mind map has been created to act as a quick reference. Click on the image to view the full-size mind map. You can use the Checklist on the ICO website page to track what… Read More

My top 3 items from the Information Commissioner’s fireside chat

On Tuesday 17 October I was at IAPP’s ‘fireside chat’ with Elizabeth Denham, the Information Commissioner. The top 3 items for me were: GDPR certification – details to be published in early 2018, the ICO is leading the work on this in WP29. The Commissioner thought it should be based on Accountability and mentioned the approach… Read More

Wetherspoons stop monthly newsletters – GDPR related?

This morning I received an email from Wetherspoons – I am a customer and did sign up to receive updates – saying they will no longer be sending emails as many consider this intrusive. I agree that some people can find this intrusive, but at the same time think this could be part of their General… Read More

Anyone talking about GDPR should include this slide! #ourGDPRstatus

It isn’t hard to find an event at the moment that is specifically about GDPR or includes sessions to cover different aspects of it. With so many companies talking about it and promoting products and services to help prepare for May 2018, you would think/hope they would be the ones that are well on their way… Read More

Why the Contact form had to go! #GDPR

We still want to be contacted so we can help businesses improve their information and cyber security, but from now on, please do it by email or by calling. Removing the website Contact form may seem extreme, but it eliminates a risk to personal data over which we have very little control. As everyone probably knows*, the… Read More