Category data protection

FT Cyber Security Summit Europe – Wed 21 Sept 2016 (London)

Debate: “The European Union’s new data protection rules will impose unnecessary burdens on businesses – Yes or No?”

Business leaders are worried that the European Union’s General Data Protection Regulation (GDPR), scheduled to come into effect in early 2018, will seriously harm their commercial interests. It will force them to improve the privacy rights of EU citizens and report data breaches within three days, rules that will be difficult and costly to comply with. Penalties for non-compliance could be as high as 4% of global turnover. However, British businesses could be spared the hassle if Brexit means the UK does not implement the Regulation.

ft-cyber-security-conference-2016In what promises to be a contentious debate, two teams of experts will go head-to-head to argue For (“Yes”) or Against (“No”) the Mot...
Read More

Are you a Superhero?

Superman…-Saves-the-DayOne of the biggest changes in data protection and privacy to usher in the New Year with a bang is publication of the EU General Data Protection Regulation (GDPR) later this month. And it’s really important that all companies take the necessary steps to protect themselves from becoming liable for personal data breaches under this EU Regulation.

As reported extensively in this blog over the last 12 months, the GDPR will force all organisations to re-wire their thinking as well as their data protection policies and procedures for handling personal data under a fundamental change in European law.

Experience to date shows that effective training is the first line of defence and by far the best way to mitigate against the risks of being landed with a massive fine – which can be as high as €20m...

Read More

Watch out – there’s a Stealing Santa about!

Stealing SantaAt this time of year parents all over the world are busy working out what the latest electronic gadget they need to buy for their children before the Christmas rush makes these highly-prized toys out of stock. One of the biggest manufacturers is Chinese consumer giant VTECH that owns the Learning Lodge app store.

But this story doesn’t have a happy ending.

The customers’ secrets stored on the company’s data base have been hacked and according to security experts this amounts to 4.8m unique customer email addresses as well as names and download history.

According to reports, the company database was compromised on 14 November but it took a good 10 days before HKT (the owners of VTech) notified its customers.

Dear Valued Customer,

On November 24 HKT we discovered that an unauthorized p...

Read More

TalkTalk was heading for security chief before it was hacked

TalkTalk logoTalkTalk has been caught in the eye of a storm over its data protection and privacy policies and procedures leaving a wake of very angry customers threatening to take legal action for the breach of their personal data.

And as the Information Commissioner’s Officer (ICO) starts to investigate the mobile provider, it may like to read the advertisement TalkTalk placed on LinkedIn on the 19 October for the post of Information Security Officer.

When we checked on Sunday 25 October, there had been 15 applicants for the post – now with the level of national media interest in how TalkTalk is culpable in its failure to adequately protect its customers, maybe there will be deluge of qualified candidates knocking on its door..?

Or will it now have to pay a much bigger salary to attract the right ...

Read More

Wake up call for all major UK companies as GDPR is now around the corner

wake up callEach day more and more comment is emerging on the lack of preparedness of business to deal with the forthcoming EU General Data Protection Regulation (GDPR) and the need to put education and training on the top of the business agenda – and you may find these two very recent news items of interest and helpful.

We’ve been briefing a Member of the Government’s Treasury Select Committee a few weeks’ ago when we highlighted the issue of GDPR is simply much bigger than a digital marketing issue under ICO’s remit reporting into the Department for Culture, Media and Sport (DCMS).

Check out this recent news item

We strongly support the idea of a debate in the British Parliament about the role that the British Government and in particular the role that the Department for Business, Innovati...

Read More

Goodbye to ‘Safe Harbor’ as US companies need to start playing by the same rules

not so safe harborThis week the blogosphere went into overdrive with the news that the non-binding legal opinion of the Advocate General of the European Court of Justice claims that EU user data transferred to the US by various technology companies is a violation of current EU data protection and privacy laws.

Even before this opinion, the European Commission was already attempting to re-negotiate the Safe Harbor Agreement with the US. The Advocate General observed: “If the (European) Commission decided to enter into negotiations with United States, that is because it considered beforehand that the level of protection ensured by that third country, under the safe harbour scheme, was no longer adequate.”

And of course, he’s impeccably right in this regard.

The cornerstone of this highly influential leg...

Read More

DPO is ‘compliance orchestrator’ under GDPR says Working Party 29

Zubin MethaFor Working Party 29 (WP29), the role of the Data Protection Officer (DPO) under the forthcoming EU General Data Protection Regulation (GDPR) is the cornerstone of accountability as well as being a real tool of competitiveness for companies.

Tasked with the implementation of accountability tools that include the policies, procedures documentation, data protection impact assessments as well as internal training for all employees entrusted with handling customer data, the DPO is more like a ‘compliance orchestrator’ in much the same way as a conductor of a symphony orchestra, such as Parsee-born Zubin Mehta, conductor of the Israeli Philharmonic Orchestra.

In its advice note to the European Commission, European Parliament and Council of Ministers, WP29 said: “While recognising the need f...

Read More

Is Google taking the pee out of data protection?

Google taking the pissIt’s no exaggeration to claim but when the history of data protection and privacy is written 10 years from now, one company will be credited with having had the most influence over the shape of data protection and privacy across the European Union (EU).

And it’s Google.

No week goes past without some reference to one of the most powerful digital companies on the planet. And this week just gone has been no exception.

On Thursday 9 July, Google was forced to revise its privacy policy after the Dutch Data Protection Authority (DPA) threatened to fine company €15m. Google will now have to seek new users’ permission to combine their personal data throughout its services...

Read More

“Positive vibes” as Trilogue on GDPR begins today

Positive EU vibes2Speaking after the first Trilogue meeting today, Jan Philipp Albrecht, Rapporteur for the European Parliament said that agreement between the European Commission, Parliament and Council of Ministers may be achievable by the end of 2015 alongside the Data Protection Directive for law enforcement – the so-called EU Police Directive.

Speaking to reporters, Albrecht said: “The Trilogue (negotiations) today showed very clearly that agreement is feasible if all parties are open to compromise. All parties are committed to the timetable. The texts are actually a lot closer to each other now than we thought a few months ago.”

He was referring to the versions of GDPR that each side has as they enter negotiations over the next 6 months in order to reach agreement on the precise wording for GDPR...

Read More

When bankers cry – well, they will if they fined under GDPR

unhappy.yellow.shirt_.cropped1According to Varonis (Nasdaq:VRNS), a leading provider of software solutions for unstructured, human-generated enterprise data, banks will be among the first to be hit with massive fines for falling foul of the EU’s General Data Protection Regulation (GDPR).

In a poll conducted at Cebit – Europe’s largest IT show – the company revealed the level of how unprepared the financial services sector is to life under GDPR. Notably, 50% of all respondents that took part in the survey worked within the European banking sector.

According to Varonis, despite the small sample size of 145 respondents, its survey reflects a much wide degree of how under prepared the financial services sector is as well as the nervousness that has penetrated the wider banking community.

Key survey findings:

  • 8...
Read More