Category Thought Leadership

Interview with Liberum Investment Bank on the consequences of the GDPR for institutional investors

This is a short 5 minute filmed interview produced by Liberum Investment Bank for its clients in London and New York on the Directive 2016/679 (General Data Protection Regulation). Recorded in London in July 2017.

Copyright Liberum Investment Bank 2017.

 

Read More

It’s time to press the delete key

One of the most important and fundamental principles of data protection under Regulation 2016/679 (GDPR) is the Principle of Minimisation. Arguably, it’s the one principle can help satisfy the need to manage security, data protection and privacy objectives, especially with respect to the Internet of Things (IoT).

Under Art.5(1)(c), GDPR, the Data Controller must ensure that ‘processing of personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.’ This is about ensuring that staff are only processing personal data in accordance with the purposes and once these have been satisfied, it’s safest to delete this personal data unless other legal grounds exist to hang on to it.

But the Principle of Minimisation is g...

Read More

Snooping by an employer on its workers will be a breach of the GDPR

In its latest Opinion, adopted on the 8 June and published on 29 June 2017, the Art.29 Data Protection Working Party (WP29) makes a fresh assessment of the balance between legitimate interests of the employer and the reasonable privacy expectations of employees working within the European Union.

The concept of ‘employee’ is widened and includes those with a contract of service as well as contractors working under a contract for services. The Opinion is intended to cover all situations where there’s an employment relationship, irrespective of whether this relationship is based on an employment contract.

WP29 also highlighted the risks posed by new technologies deployed in the workplace and the need for the employer to undertake a proportionality assessment before deploying such measur...

Read More

Special considerations when using Cloud Service Providers under the GDPR

Regardless of the size of the organisation, Data Controllers are entering arrangements with Cloud Service Providers in the hope of improving customer service levels coupled with reductions in processing costs and enhanced personal data security.

It’s important for a Data Controller to understand the different Cloud Service models to select the one that’s best aligned with its risk appetite and business requirements.

Many are often apprehensive about cloud security, however cloud storage with a reputable provider will likely be more secure than on-premises storage because protecting data is the core function of the business.

Unlike a Data Controller that has the entire organisation to consider, a Cloud Service Provider’s only business is to securely process a Data Controller’s data and ...

Read More

FT Debate on GDPR

big-debate-on-gdpr-ft

If you’d like to watch the debate from the FT Cyber Security Summit Europe that took place on 21 September 2016, click here

Read More

FT Cyber Security Summit Europe – Wed 21 Sept 2016 (London)

Debate: “The European Union’s new data protection rules will impose unnecessary burdens on businesses – Yes or No?”

Business leaders are worried that the European Union’s General Data Protection Regulation (GDPR), scheduled to come into effect in early 2018, will seriously harm their commercial interests. It will force them to improve the privacy rights of EU citizens and report data breaches within three days, rules that will be difficult and costly to comply with. Penalties for non-compliance could be as high as 4% of global turnover. However, British businesses could be spared the hassle if Brexit means the UK does not implement the Regulation.

ft-cyber-security-conference-2016In what promises to be a contentious debate, two teams of experts will go head-to-head to argue For (“Yes”) or Against (“No”) the Mot...
Read More

Time is ticking to recruit enough Data Protection Officers in UK to comply with GDPR

SupermanNew research shows that 7,000 large companies in the UK must train around 14 Data Protection Officers a day between now and May 2018 in order to comply with the GDPR irrespective of Brexit vote

Research conducted by GO DPO®, the strategic partner for the Henley Data Protection Officer (DPO) Programme, estimates that around 7,000 large companies (employing in excess of 250 employees) will need to recruit and train at least one DPO each over the next 24 months irrespective of whether or not the UK votes to leave the EU.

On the basis that there are a total of 496 working days (excludes public and Bank Holidays and all weekends) between now and when the EU General Data Protection Regulation (GDPR) comes into full force on 25 May 2018, that means there will be a requirement to train around 14 ...

Read More

Companies face 150% hike in insurance premiums as a result of GDPR

screaming man

Research on the increase in secondary costs as a result of new regulatory burdens imposed on organisations as a result of the forthcoming EU General Data Protection Regulation (GDPR) has exposed a hidden danger.

The costs of insuring against a breach of contract, litigation costs incurred as a result of cyber-attacks and compensation claims made by millions of customers for breach of their personal data records is set to escalate insurance premiums by as much as 150%, warns Martin Hickley, Director of Data Protection at GO DPO® EU Compliance, a specialist executive training company.

Hickley says: “It’s well known that most organisations impacted by the GDPR are dangerously under insured and only about 10% of them have adequate cyber insurance...

Read More

This week’s competition is ‘spot the difference’ between DPA 1998 and GDPR

spot the differenceIt’s not as easy as it looks, is it? And that goes for the differences between the Data Protection Act (DPA) 1998 and the forthcoming EU General Data Protection Regulation (GDPR) on course to gain consent from the European Commission, European Parliament and European Council of Ministers in early January2016.

That means it will be fully implemented at the end of 2017 after the 2-year transition period expires.

Once GDPR has achieved agreement, the Data Protection Directive 95/46/EC is repealed and the basis for the DPA 1998 has effectively been removed.

The legal position as to what happens during the transition period is still to be worked out but by far the safest course of action is for organisations to comply fully with the data protection principles enshrined under the GDPR, given t...

Read More

Wake up call for all major UK companies as GDPR is now around the corner

wake up callEach day more and more comment is emerging on the lack of preparedness of business to deal with the forthcoming EU General Data Protection Regulation (GDPR) and the need to put education and training on the top of the business agenda – and you may find these two very recent news items of interest and helpful.

We’ve been briefing a Member of the Government’s Treasury Select Committee a few weeks’ ago when we highlighted the issue of GDPR is simply much bigger than a digital marketing issue under ICO’s remit reporting into the Department for Culture, Media and Sport (DCMS).

Check out this recent news item

We strongly support the idea of a debate in the British Parliament about the role that the British Government and in particular the role that the Department for Business, Innovati...

Read More