Category Thought Leadership

Special considerations when using Cloud Service Providers under the GDPR

Regardless of the size of the organisation, Data Controllers are entering arrangements with Cloud Service Providers in the hope of improving customer service levels coupled with reductions in processing costs and enhanced personal data security.

It’s important for a Data Controller to understand the different Cloud Service models to select the one that’s best aligned with its risk appetite and business requirements.

Many are often apprehensive about cloud security, however cloud storage with a reputable provider will likely be more secure than on-premises storage because protecting data is the core function of the business.

Unlike a Data Controller that has the entire organisation to consider, a Cloud Service Provider’s only business is to securely process a Data Controller’s data and ...

Read More

FT Debate on GDPR

big-debate-on-gdpr-ft

If you’d like to watch the debate from the FT Cyber Security Summit Europe that took place on 21 September 2016, click here

Read More

FT Cyber Security Summit Europe – Wed 21 Sept 2016 (London)

Debate: “The European Union’s new data protection rules will impose unnecessary burdens on businesses – Yes or No?”

Business leaders are worried that the European Union’s General Data Protection Regulation (GDPR), scheduled to come into effect in early 2018, will seriously harm their commercial interests. It will force them to improve the privacy rights of EU citizens and report data breaches within three days, rules that will be difficult and costly to comply with. Penalties for non-compliance could be as high as 4% of global turnover. However, British businesses could be spared the hassle if Brexit means the UK does not implement the Regulation.

ft-cyber-security-conference-2016In what promises to be a contentious debate, two teams of experts will go head-to-head to argue For (“Yes”) or Against (“No”) the Mot...
Read More

Time is ticking to recruit enough Data Protection Officers in UK to comply with GDPR

SupermanNew research shows that 7,000 large companies in the UK must train around 14 Data Protection Officers a day between now and May 2018 in order to comply with the GDPR irrespective of Brexit vote

Research conducted by GO DPO®, the strategic partner for the Henley Data Protection Officer (DPO) Programme, estimates that around 7,000 large companies (employing in excess of 250 employees) will need to recruit and train at least one DPO each over the next 24 months irrespective of whether or not the UK votes to leave the EU.

On the basis that there are a total of 496 working days (excludes public and Bank Holidays and all weekends) between now and when the EU General Data Protection Regulation (GDPR) comes into full force on 25 May 2018, that means there will be a requirement to train around 14 ...

Read More

Companies face 150% hike in insurance premiums as a result of GDPR

screaming man

Research on the increase in secondary costs as a result of new regulatory burdens imposed on organisations as a result of the forthcoming EU General Data Protection Regulation (GDPR) has exposed a hidden danger.

The costs of insuring against a breach of contract, litigation costs incurred as a result of cyber-attacks and compensation claims made by millions of customers for breach of their personal data records is set to escalate insurance premiums by as much as 150%, warns Martin Hickley, Director of Data Protection at GO DPO® EU Compliance, a specialist executive training company.

Hickley says: “It’s well known that most organisations impacted by the GDPR are dangerously under insured and only about 10% of them have adequate cyber insurance...

Read More

This week’s competition is ‘spot the difference’ between DPA 1998 and GDPR

spot the differenceIt’s not as easy as it looks, is it? And that goes for the differences between the Data Protection Act (DPA) 1998 and the forthcoming EU General Data Protection Regulation (GDPR) on course to gain consent from the European Commission, European Parliament and European Council of Ministers in early January2016.

That means it will be fully implemented at the end of 2017 after the 2-year transition period expires.

Once GDPR has achieved agreement, the Data Protection Directive 95/46/EC is repealed and the basis for the DPA 1998 has effectively been removed.

The legal position as to what happens during the transition period is still to be worked out but by far the safest course of action is for organisations to comply fully with the data protection principles enshrined under the GDPR, given t...

Read More

Wake up call for all major UK companies as GDPR is now around the corner

wake up callEach day more and more comment is emerging on the lack of preparedness of business to deal with the forthcoming EU General Data Protection Regulation (GDPR) and the need to put education and training on the top of the business agenda – and you may find these two very recent news items of interest and helpful.

We’ve been briefing a Member of the Government’s Treasury Select Committee a few weeks’ ago when we highlighted the issue of GDPR is simply much bigger than a digital marketing issue under ICO’s remit reporting into the Department for Culture, Media and Sport (DCMS).

Check out this recent news item

We strongly support the idea of a debate in the British Parliament about the role that the British Government and in particular the role that the Department for Business, Innovati...

Read More

Goodbye to ‘Safe Harbor’ as US companies need to start playing by the same rules

not so safe harborThis week the blogosphere went into overdrive with the news that the non-binding legal opinion of the Advocate General of the European Court of Justice claims that EU user data transferred to the US by various technology companies is a violation of current EU data protection and privacy laws.

Even before this opinion, the European Commission was already attempting to re-negotiate the Safe Harbor Agreement with the US. The Advocate General observed: “If the (European) Commission decided to enter into negotiations with United States, that is because it considered beforehand that the level of protection ensured by that third country, under the safe harbour scheme, was no longer adequate.”

And of course, he’s impeccably right in this regard.

The cornerstone of this highly influential leg...

Read More

What has Bob Dylan, ethics in data collection and GDPR have in common? More than you think.

Yes, how many years can some people exist

Before they’re allowed to be free?

Yes, how many times can a man turn his head

Pretending he just doesn’t see?

Yes, how many times must a man look up

Before he can see the sky?

Yes, how many ears must one man have

Before he can hear people cry?

The answer, according to Dylan is blowin in the wind.

Bob DylanBack in 1962, Blowin’ in the Wind became the anthem of the civil rights movement. In fact, Peter, Paul & Mary performed it on the steps of the Lincoln Memorial in August of that year, a few hours before Dr Martin Luther King delivered his ‘I have a dream’ speech.

Years later, Dylan explained that the song can mean whatever you want it to mean. But there’s no getting away from the sentiment that it asks questions about what’s wrong with the world...

Read More

Companies need to start hiring Data Protection Officers in readiness of GDPR, advises Allen & Overy

Allen and Overy Big ThinkCity law firm Allen & Overy has just produced this Guide for HR Directors: “Data with Destiny” as part of its Big Think Programme.

What organisations need to start doing today

First, make sure they are ready to comply with a stricter and systematically different regime – and many are not yet anywhere near that position.

Second, and more importantly, they must not lose sight of the bigger prize that is on offer to them if they put data to use in innovative ways, in particular the huge potential of HR Big Data Analytics…

The firm sees Data Protection Officers (DPOs) as essential in leveraging this opportunity.

Companies should start recruiting DPOs NOW

DPOs must perform their duties independently, meaning that they must not take instructions from anyone else internally, but they are ...

Read More