Big thanks to ESA and Peter Raymond for inviting me to speak to the students.
Click here to watch the lecture (running time 58 mins)Read More
As the co-programme director for the DPO Certificate at Henley Business School, it was my job to help navigate the delegates through the thicket of the EU General Data Protection Regulation (GDPR) as well as flagging up stuff that organisations need to do now during the two-year transition period.
If you would like a copy of my presentation, feel free to get in touch with me on this website and I’d be happy to send it to you.
My short talk focused on the practical implications for organisations and HR departments in the ...
One of the biggest changes in data protection and privacy to usher in the New Year with a bang is publication of the EU General Data Protection Regulation (GDPR) later this month. And it’s really important that all companies take the necessary steps to protect themselves from becoming liable for personal data breaches under this EU Regulation.
As reported extensively in this blog over the last 12 months, the GDPR will force all organisations to re-wire their thinking as well as their data protection policies and procedures for handling personal data under a fundamental change in European law.
Experience to date shows that effective training is the first line of defence and by far the best way to mitigate against the risks of being landed with a massive fine – which can be as high as €20m...Read More
It’s here: after years and years of debate, the negotiating parties to the trilogue are reported finally to have agreed the text of the European Union’s successor privacy legislation: the General Data Protection Regulation.
Jan Albrecht, the German MEP leading up the European Parliament’s negotiations on the GDPR, even tweeted this picture of the negotiators who struck today’s deal – somehow a fitting use of social media technology, given that the key driver behind this legislative change is to bring Europe’s aging data privacy rules up to date for the modern technological era.
This isn’t the formal end of the legislative process though – while the text of the GDPR has been agreed by the trilogue negotiation parties (and if you’re wondering what a trilogue is, see my coll...Read More
A second reading will now follow in the European Parliament and the publication of the GDPR now seems highly likely mid-January 2016.
Thereafter, transition arrangements will need to be in place across the whole of the EU so that Member States can adopt the new EU Regulation.Read More
Research on the increase in secondary costs as a result of new regulatory burdens imposed on organisations as a result of the forthcoming EU General Data Protection Regulation (GDPR) has exposed a hidden danger.
The costs of insuring against a breach of contract, litigation costs incurred as a result of cyber-attacks and compensation claims made by millions of customers for breach of their personal data records is set to escalate insurance premiums by as much as 150%, warns Martin Hickley, Director of Data Protection at GO DPO® EU Compliance, a specialist executive training company.
Hickley says: “It’s well known that most organisations impacted by the GDPR are dangerously under insured and only about 10% of them have adequate cyber insurance...Read More
At this time of year parents all over the world are busy working out what the latest electronic gadget they need to buy for their children before the Christmas rush makes these highly-prized toys out of stock. One of the biggest manufacturers is Chinese consumer giant VTECH that owns the Learning Lodge app store.
But this story doesn’t have a happy ending.
The customers’ secrets stored on the company’s data base have been hacked and according to security experts this amounts to 4.8m unique customer email addresses as well as names and download history.
According to reports, the company database was compromised on 14 November but it took a good 10 days before HKT (the owners of VTech) notified its customers.
Dear Valued Customer,
On November 24 HKT we discovered that an unauthorized p...Read More
The world’s largest sportswear company has now been issued with a warning to stop this by the Dutch DPA (CBP).
The Nike+ Running app combines GPS information about distance covered with body characteristics such as height and weight to calculate calories and ‘Fuel Points’ for the Nike rankings. Storage of these details for a longer period constitutes handling of sensitive personal health information, CBP found.
Under the forthcoming EU General Data Protection Regulation (GDPR), a key principle is purpose limitation, designed to establish the boundaries within which personal data collected for a given purpose may be processed and put to further use.
The Data Controll...Read More