Why BYOD in the workplace is such a bad idea

With data security of all organisations under significant threat from external actors, all organisations need to review the security of processing personal data as a matter of urgency. And such reviews must include the use of Bring Your Own Devices (BYOD) as well as the Internet of Things (IoT) used in the workplace.

An employee and independent contractor engaged by the Data Controller, Joint Data Controller(s), Data Processor and sub-Data Processor(s) may well be using their own personal mobile devices, such as a smartphone or tablet, to process personal data of customers, clients, supporters and employees.

The practice of Bring Your Own Devices (BYOD) is endemic across all industry, business and professional sectors and unless such personal data processing is properly secured it will be ...

Read More

The myth of cyber security and why computers can never be secure

The BBC has run a wonderful news story about the development of what’s claimed to be the world’s most secure email service.

Created by US security tech entrepreneur Will Donaldson, Nomx makes the bold claim it uses the “world’s most secure communications protocol” to protect email messages.

The Nomx personal email server costs from £155 – £310 and claims that users can help to stop messages being copied and hacked as they travel to their destination across the Internet.

Too good to be true?

BBC News asked ex-hacker and now security researcher Scott Helme and computer security expert Prof Alan Woodward of Surrey University to test whether the product could provide 100% protection against hacking and interception.

The investigation started by taking the device apart to find that it was b...

Read More

Digital Economy Act 2017 described as taking ‘baby steps’ into the digital future

The much-criticised Digital Economy Bill has just received the Royal Assent (Thursday 27 April 2017) and is now law in the UK.

The British Government claims that the new Act will do the following:

  • empower consumers and ensure everyone has access to broadband wherever they live, including rural areas which has suffered from a lack of broadband connectivity
  • build a better infrastructure fit for the digital future
  • enable better public services using digital technologies
  • provide important protections for citizens from spam email and nuisance calls and protect children from online pornography.

baby-stepsOn this last point, the NSPCC has already called on the British Government to regulate social media companies such as Facebook and Twitter and to fine these companies if they fail to protect children on...

Read More

‘Team DPO’ set to become the de facto way for monitoring compliance with the GDPR

The professionalsAre you an organisation that’s been on the hunt for a suitably qualified and trained Data Protection Officer (DPO) but have found it impossible to find one? You’re not alone.

There’s a shortage, not just in the UK, but across the European Union, with 12 months to go before the EU General Data Protection Regulation (GDPR) is fully enforceable across all 28 Member States. The role of the DPO is at the heart of the new legal framework for data protection and privacy and facilitating compliance with the provisions of the GDPR. It’s also mandatory to appoint a DPO under Art.37(1), GDPR in three specific circumstances:

  1. Where the personal data processing is carried out by a public authority or body
  2. Where the core activities of the Data Controller, Joint Data Controller, or Data Processor...
Read More

GDPR accelerator – DPIA Lite

ardi-in-action-at-iapp-conference-2016Last week I had the honour of speaking at the IAPP Europe Data Protection Congress 2016 in Brussels that was the biggest gathering of data protection professionals to date on mainland Europe with over 1100 delegates drawn from across Europe, US and the Far East.

My short talk was about sizing the risk and the GDPR accelerator ‘DPIA Lite’ that was devised by our team led by Martin Hickley, Associate, Henley Business School and Director of Data Protection, GO DPO®.

A significant aspect of the EU General Data Protection Regulation (GDPR) is demonstrating and verifying compliance – making it evident to the Supervisory Authority that the organisation is meeting its obligations under the EU Regulation.

There are three key ways in which an organisation can demonstrate that it’s compliant w...

Read More

A landmark moment for European data protection in our lifetime

foreword-by-jan-albretcht-mep-for-jdpp

Foreword by Jan Philipp Albrecht MEP

We are witnessing history in the making.

On the 25 May 2018 the EU General Data Protection Regulation (GDPR) comes into force across all 28 Member States. The GDPR introduces new accountability obligations, stronger Data Subject rights to protect our digital existence and ongoing restrictions on international personal data flows.

The new framework is ambitious, complex, rigorous and workable if you’re prepared to shift the way you do business now in the world’s biggest digital single market.

The GDPR is a ‘risk based’ approach to data protection and privacy, requiring organisations and accountable individuals to demonstrate and verify compliance – and extending this obligation to data processors for the first time...

Read More

FT Debate on GDPR

big-debate-on-gdpr-ft

If you’d like to watch the debate from the FT Cyber Security Summit Europe that took place on 21 September 2016, click here

Read More

Calling all new entrants to the UK banking sector!

Nchallenger-banks2ew entrants to the UK banking sector have just under two years to prepare for the enforcement of the EU General Data Protection Regulation (GDPR). Enforcement will commence on the GDPR Effective Date (25 May 2018).

The 2-year transition period is designed to allow organisations to adapt to the new requirements of the GDPR. Processing of customers’ personal data that’s already underway should be brought into conformity with the GDPR within this 2 year transition period.

Recital 171, GDPR provides:

(1)  Directive 95/46/EC should be repealed by this Regulation. Processing already under way on the date of application of this Regulation should be brought into conformity with this Regulation within the period of two years after which this Regulation enters into force...

Read More

FT Cyber Security Summit Europe – Wed 21 Sept 2016 (London)

Debate: “The European Union’s new data protection rules will impose unnecessary burdens on businesses – Yes or No?”

Business leaders are worried that the European Union’s General Data Protection Regulation (GDPR), scheduled to come into effect in early 2018, will seriously harm their commercial interests. It will force them to improve the privacy rights of EU citizens and report data breaches within three days, rules that will be difficult and costly to comply with. Penalties for non-compliance could be as high as 4% of global turnover. However, British businesses could be spared the hassle if Brexit means the UK does not implement the Regulation.

ft-cyber-security-conference-2016In what promises to be a contentious debate, two teams of experts will go head-to-head to argue For (“Yes”) or Against (“No”) the Mot...
Read More

Time is ticking to recruit enough Data Protection Officers in UK to comply with GDPR

SupermanNew research shows that 7,000 large companies in the UK must train around 14 Data Protection Officers a day between now and May 2018 in order to comply with the GDPR irrespective of Brexit vote

Research conducted by GO DPO®, the strategic partner for the Henley Data Protection Officer (DPO) Programme, estimates that around 7,000 large companies (employing in excess of 250 employees) will need to recruit and train at least one DPO each over the next 24 months irrespective of whether or not the UK votes to leave the EU.

On the basis that there are a total of 496 working days (excludes public and Bank Holidays and all weekends) between now and when the EU General Data Protection Regulation (GDPR) comes into full force on 25 May 2018, that means there will be a requirement to train around 14 ...

Read More