Category Henley Business School

Not a good start to the New Year for Apple

Apple has just issued a second customer warning for owners of its iPhones, iPads and MAC products that they are affected by a processor flaw that could leave them vulnerable to hackers.

The US tech giant urged its millions of customers to only download software from trusted sources after the security vulnerabilities, known as Meltdown and Spectre, were revealed on Wednesday.

According to the Press Association (PA News), there’s no evidence that the security flaws that affect computer processors built by Intel and ARM – have so far been exploited by hackers, although companies including Microsoft have been working to provide urgent fixes.

Apple says it had released software updates for iOS, the software on its phones and tablets, macOS, which is used by its computers and tvOS for its tele...

Read More

GDPR Transition Programme at Henley Business School

Read More

Do you still worship at the Temple of Big Data?

Major personal data breaches are happening at a rate of one a day – Equifax, BUPADeloitteNHSNottingham County CouncilIslington CouncilHCA Healthcare and many, many more. Wanna Cry? (I bet you do).

Do you live in fear of whether you’re next? It doesn’t have to be this way. We are transitioning to an era in which individuals have both the skills and the opportunities to choose how they manage and share their personal data to achieve a range of beneficial outcomes.

Digital evangelists like Stephen Deadman, Global Deputy Chief Privacy Officer at Facebook remains optimistic about the future, rather than terrified by it...

Read More

Snooping by an employer on its workers will be a breach of the GDPR

In its latest Opinion, adopted on the 8 June and published on 29 June 2017, the Art.29 Data Protection Working Party (WP29) makes a fresh assessment of the balance between legitimate interests of the employer and the reasonable privacy expectations of employees working within the European Union.

The concept of ‘employee’ is widened and includes those with a contract of service as well as contractors working under a contract for services. The Opinion is intended to cover all situations where there’s an employment relationship, irrespective of whether this relationship is based on an employment contract.

WP29 also highlighted the risks posed by new technologies deployed in the workplace and the need for the employer to undertake a proportionality assessment before deploying such measur...

Read More

Special considerations when using Cloud Service Providers under the GDPR

Regardless of the size of the organisation, Data Controllers are entering arrangements with Cloud Service Providers in the hope of improving customer service levels coupled with reductions in processing costs and enhanced personal data security.

It’s important for a Data Controller to understand the different Cloud Service models to select the one that’s best aligned with its risk appetite and business requirements.

Many are often apprehensive about cloud security, however cloud storage with a reputable provider will likely be more secure than on-premises storage because protecting data is the core function of the business.

Unlike a Data Controller that has the entire organisation to consider, a Cloud Service Provider’s only business is to securely process a Data Controller’s data and ...

Read More

Why BYOD in the workplace is such a bad idea

With data security of all organisations under significant threat from external actors, all organisations need to review the security of processing personal data as a matter of urgency. And such reviews must include the use of Bring Your Own Devices (BYOD) as well as the Internet of Things (IoT) used in the workplace.

An employee and independent contractor engaged by the Data Controller, Joint Data Controller(s), Data Processor and sub-Data Processor(s) may well be using their own personal mobile devices, such as a smartphone or tablet, to process personal data of customers, clients, supporters and employees.

The practice of Bring Your Own Devices (BYOD) is endemic across all industry, business and professional sectors and unless such personal data processing is properly secured it will be ...

Read More

‘Team DPO’ set to become the de facto way for monitoring compliance with the GDPR

The professionalsAre you an organisation that’s been on the hunt for a suitably qualified and trained Data Protection Officer (DPO) but have found it impossible to find one? You’re not alone.

There’s a shortage, not just in the UK, but across the European Union, with 12 months to go before the EU General Data Protection Regulation (GDPR) is fully enforceable across all 28 Member States. The role of the DPO is at the heart of the new legal framework for data protection and privacy and facilitating compliance with the provisions of the GDPR. It’s also mandatory to appoint a DPO under Art.37(1), GDPR in three specific circumstances:

  1. Where the personal data processing is carried out by a public authority or body
  2. Where the core activities of the Data Controller, Joint Data Controller, or Data Processor...
Read More

GDPR accelerator – DPIA Lite

ardi-in-action-at-iapp-conference-2016Last week I had the honour of speaking at the IAPP Europe Data Protection Congress 2016 in Brussels that was the biggest gathering of data protection professionals to date on mainland Europe with over 1100 delegates drawn from across Europe, US and the Far East.

My short talk was about sizing the risk and the GDPR accelerator ‘DPIA Lite’ that was devised by our team led by Martin Hickley, Associate, Henley Business School and Director of Data Protection, GO DPO®.

A significant aspect of the EU General Data Protection Regulation (GDPR) is demonstrating and verifying compliance – making it evident to the Supervisory Authority that the organisation is meeting its obligations under the EU Regulation.

There are three key ways in which an organisation can demonstrate that it’s compliant w...

Read More

FT Debate on GDPR


If you’d like to watch the debate from the FT Cyber Security Summit Europe that took place on 21 September 2016, click here

Read More

FT Cyber Security Summit Europe – Wed 21 Sept 2016 (London)

Debate: “The European Union’s new data protection rules will impose unnecessary burdens on businesses – Yes or No?”

Business leaders are worried that the European Union’s General Data Protection Regulation (GDPR), scheduled to come into effect in early 2018, will seriously harm their commercial interests. It will force them to improve the privacy rights of EU citizens and report data breaches within three days, rules that will be difficult and costly to comply with. Penalties for non-compliance could be as high as 4% of global turnover. However, British businesses could be spared the hassle if Brexit means the UK does not implement the Regulation.

ft-cyber-security-conference-2016In what promises to be a contentious debate, two teams of experts will go head-to-head to argue For (“Yes”) or Against (“No”) the Mot...
Read More