Howard Freeman - 29th December 2020. The feared outcome that businesses would have to find new ways to keep data flowing between the EU and the UK following the Brexit deal has not been realised. Brexit negotiators agreed to a temporary solution that will keep the...
Archives
Howard Freeman
Customer List stolen
Utility supplier People’s Energy has had its entire customer list stolen. All 270,000 customers of People’s Energy, a renewable energy start-up, have had their details compromised in a major data breach incident that occurred last week, on 16th December 2020....
Video Conferencing and the GDPR
Due to social distancing and restrictions enforced by the UK’s tier systems, we are now used to business meetings taking place online. In particular, the video conferencing platform “Zoom” has achieved huge popularity through the pandemic. However, over the same...
Nursing home fined
Nursing home fined for a data breach after a laptop with residents' details is stolen A nursing home in County Antrim has been fined £15,000 for failing to adequately protect sensitive data about its staff and residents. This story is a look back in history but...
UK firms face high compliance costs
British firms face a bill of up to £1.6 billion if the UK government fails to win an EU adequacy decision. The decision, if granted, would allow dataflows to continue as normal. This was revealed by a new report published on Monday last (23rd November 2020). UK firms...
ISO 27701 Readiness Assessment
Getting ready for an ISO 27701 certification with our readiness assessment, the new standard for Privacy Information Management ISO/IEC 27701 is the new international “gold standard” for privacy management. It is the companion standard for ISO 27001, the...
Black Friday 2020 scams
And how to avoid them… The scramble for bargains and supposedly unbelievable savings, whatever your thoughts about Black Friday are, brings with it a spike in cybersecurity threats. Cybercriminals will be just as keen to take advantage of you as you are desperate for...
Verbal Consent and the GDPR
We are often asked about consent and the GDPR. But, what consent can be given face to face or over the telephone? Verbal consent and the GDPR, is verbal consent allowed? Given the documentation requirements of the law, one might expect the answer to be no. However,...
It doesn’t apply to me!!!
One-third of small businesses don’t feel GDPR applies to them. It doesn't apply to me!!! We interviewed our CEO, Howard Freeman, who talks with SME business owners every day and he offered us his insights for the website. Howard, do small businesses understand the...
Data Breach – the Causes
4 of the 5 top causes of data breaches are because of human or process errors Although data breaches as a result of cyber-attacks get all the press, it is often negligence or a lack of basic processes, policies and procedures that result in data breaches. The...
Update on post-Brexit GDPR
Will the GDPR still apply? The GDPR is an EU regulation and we wanted to update on post-Brexit GDPR. This means it became law in all member states of the EU (including the UK), without the need for a UK Act of Parliament. It also applies to the EEA states. The UK...
GDPR and the lawful bases for processing
The GDPR states that you must identify a lawful basis before processing personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are ‘legitimate interests’? You must understand your GDPR...
Rights under the GDPR
What are the data subject rights under the GDPR? The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. You must let individuals know how they can exercise these rights, and meet requests promptly....
CCTV breach – Retailer Fined
The Austrian regulator has issued its first fine for a GDPR violation. In this case, it was for a CCTV breach. This decision by the regulator, namely the Austrian Data Protection Authority ("DSB"), is particularly interesting. The Austrian Data Protection Act...
Transferring data to the US
Assessment and Action Plan Make sure your EU-US data transfer is lawful In July 2020, the European Court of Justice delivered its ruling on the Schrems II case, declaring the EU-US Privacy Shield invalid. The Privacy Shield was one of the three options available...
ISO 27701 – are you privacy ready?
ISO/IEC 27701 is the international standard for privacy information management systems and is a companion standard for ISO 27001. ISO/IEC 27701 enables organisations to demonstrate compliance with all applicable privacy regulations, including the GDPR and the Data...
Estate agency fined
Estate agency fined £80,000 for failing to keep tenants’ data safe. The Information Commissioner’s Office (ICO) has fined a London estate agency £80,000 for leaving 18,610 customers' personal data exposed for almost two years. The security breach happened at...
Managing for health and safety (HSG65)
This revised edition of one of HSE’s most popular guides is mainly for leaders, owners and line managers. It will particularly help those who need to put in place or oversee their organisation’s health and safety arrangements. The advice may also help workers...