Category Thought Leadership

US companies are behind the curve on understanding how GDPR impacts their businesses

There’s an eerie lack of awareness about the impact of the GDPR on US businesses that target consumers in the European Union. According to recent research by the IAPP, complexity of laws, inadequate budget and too little time combined with the lack of qualified and trained staff have conspired to perpetuate this lack of readiness by US companies.

Here in Europe, many companies and organisations have been bracing themselves for the biggest shake-up in data protection, privacy and security for over two decades that’s fully effective from 25 May 2018 – in 13 days’ time.

I’ve been in conversations with senior US-executives who’ve boldly told me that the “GDPR doesn’t apply to them” and in any event they can rely on ‘legitimate interest’ to continue to market goods and services and monitor t...

Read More

Dot Gone! The end of the road for Whois

It’s the end of the road – and the end of an era – for the Whois service as its US-based parent ICANN fails to find a solution to continue the service that isn’t a breach of the General Data Protection Regulation (GDPR).

According to its Wikipedia entry, Whois is a ‘query and response protocol that’s widely used for querying databases that store the registered users or assignees of anInternet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.’

The Whois system publishes the name, address and telephone number of everyone that registers an internet address without any data privacy notice or prior consent of the ...

Read More

Creepy or Cool?

When it comes down to deciding whether to process personal data under consent or legitimate interests – try thinking to yourself if you were the data subject (customer, client, supporter or employee) would you find it creepy or cool? If it’s creepy – it’s not the right thing to do. And you don’t need a lawyer to tell you that. I delivered this presentation at the recent IAPP Data Protection Intensive 2018 in London.

Read More

‘Surveillance Capitalism’ – will it survive post-GDPR?

Facebook and Cambridge Analytica now face a series of class actions for ‘surveillance capitalism’ in the US – will this open the floodgates for similar legal actions across the world?

Class Action Complaint Case No. 18-cv-02276 has been brought by Patricia King (Plaintiff) in the US District Court for the Northern District of California and has asked for trial by jury.

The class action reads as follows:

1. Facebook is a social networking platform that engages in surveillance capitalism: It monetizes personal and behavioral data which it acquires through real-time surveillance of Facebook users. (see Shoshana Zuboff, Big Other: Surveillance Capitalism and the Prospects of an Information Civilization, 30 J. Info. Tech. 75 (Apr. 4, 2015), available at http://ssrn.com/abstract=2594754).

2...

Read More

GDPR by Royal Appointment

Read More

The joys of data hygiene

Unfortunately, the article in the current edition of my favourite business newspaper The Economist in explaining the GDPR was riddled with errors. Tut tut!

Here’s an example: “Data Subjects can demand a copy of the data held on them (data portability) …” which as we all know is a subject access request (SAR) and isn’t an absolute right under the GDPR.

Another error in the article on GDPR is the bold assertion: “The GDPR is prescriptive about what organisations have to do to comply.”

Er, no it isn’t. Few bits go into detail, like the requirements for a data protection impact assessment (Art.35, GDPR) or a subject access request (Art. 15, GDPR).

The GDPR is a deliberate move away from a ‘tick-box’ approach of the Data Protection Directive 95/46/EC that it replaces and moves to a risk-ba...

Read More

Lack of transparency with Facebook and other social media sites will be forced to come to an end as a result of GDPR

The Economist reports today (7 April 2018) that there’s been a bit of wake up call for Facebook and all other social media giants as a result of the furore over the mis-use of personal data. Mark Zuckerberg is openly admitting that Facebook data of up to 87 million people – 37 million more than previously reported – may have been improperly shared with Cambridge Analytica.

As a result of a data breach on a scale not seen since Yahoo!, Americans are looking enviously at Europe where data protection, privacy and security laws protecting the individual are now the global ‘gold standard’ as a result of the GDPR that’s fully enforceable from 25 May – just 34 working days from today.

Rights over personal data are enshrined in the EU’s Charter of Fundamental Rights and EU citizens now have...

Read More

Written for a new type of Superhero!

Published globally by Kogan Page and available on Amazon from 3 June 2018. Price: £49.99/$85.00. Foreword written by Elizabeth Denham, UK Information Commissioner.

Contents: (1) Speed read of the GDPR (2) The role of the Data Protection Officer (3) The gap between policy, company appetite and reality (4) Upward and downward communication (5) Identifying risks (6) Sanctions, compliance and fines (7) The Data Protection Impact Assessment (8) Privacy and Security Breach Management (9) Managing the Value Chain (10) Introducing Data Protection by Design and by Default (11) Contracting out personal data processing (12) Data incident breach: obligations, implications and management (13) Security standards (14) Implementing Data Protection by Design and by Default (15) Technical security measures...

Read More

British Government showdown with social media giants next month

Last chance saloon for social media giants, warns Matthew Hancock, Secretary of State, DCMS as British Government raises the prospect of a ‘breach of duty of care’ owed to users of social media services and promises more legislation unless they get themselves sorted out.

Speaking to The Sunday Times (25 March 2018), Hancock said Facebook and other tech giants that harvested personal data from users would be ordered to simplify their terms and conditions so they fitted on a single page.

He’s summoned Facebook, Google and Twitter to a showdown next month following revelations about the way Facebook data was used by the UK firm Cambridge Analytica to help Donald Trump’s Presidential election campaign.

A cloud still hangs over the prospect of unlawful profiling of UK citizens to influence ...

Read More

First among equals – Hitachi Consulting first global company to certify under BS 10012:2017

On Friday 23 March 2018, the BSI (British Standards Institution) has certified Hitachi Consulting Corporation, a subsidiary of Hitachi, Ltd (TSE: 6501), to a new standard of excellence in data protection, privacy and security developed under the General Data Protection Regulation (GDPR).

Hitachi Consulting becomes one of the first companies in the UK to achieve compliance with the BS 10012:2017 data protection standard for its personal information management system (PIMS) that sits at the heart of its compliance with the GDPR.

“We are immensely proud of this recognition from the one of the world’s leading certification bodies...

Read More