Archives

Howard Freeman

Rights under the GDPR
Rights under the GDPR

What are the data subject rights under the GDPR? The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. You must let individuals know how they can exercise these rights, and meet requests promptly....

CCTV breach – Retailer Fined
CCTV breach – Retailer Fined

The Austrian regulator has issued its first fine for a GDPR violation. In this case, it was for a CCTV breach. This decision by the regulator, namely the Austrian Data Protection Authority ("DSB"), is particularly interesting. The Austrian Data Protection Act...

Transferring data to the US
Transferring data to the US

Assessment and Action Plan Make sure your EU-US data transfer is lawful  In July 2020, the European Court of Justice delivered its ruling on the Schrems II case, declaring the EU-US Privacy Shield invalid. The Privacy Shield was one of the three options available...

ISO 27701 – are you privacy ready?
ISO 27701 – are you privacy ready?

ISO/IEC 27701 is the international standard for privacy information management systems and is a companion standard for ISO 27001. ISO/IEC 27701 enables organisations to demonstrate compliance with all applicable privacy regulations, including the GDPR and the Data...

Estate agency fined
Estate agency fined

Estate agency fined £80,000 for failing to keep tenants’ data safe. The Information Commissioner’s Office (ICO) has fined a London estate agency £80,000 for leaving 18,610 customers' personal data exposed for almost two years. The security breach happened at...

Managing for health and safety (HSG65)
Managing for health and safety (HSG65)

This revised edition of one of HSE’s most popular guides is mainly for leaders, owners and line managers. It will particularly help those who need to put in place or oversee their organisation’s health and safety arrangements.  The advice may also help workers...

ISO 9001 Quality Management
ISO 9001 Quality Management

What is ISO 9001? Quality Management Systems (QMS) explained Companies and organisations are now expected to prove competency across an increasing number of disciplines in order to win contracts in both the private and public sector. A quality management system (QMS)...

GP surgery secretary fined
GP surgery secretary fined

A former GP surgery secretary has been fined for reading medical records of 231 patients in two years, the ICO reported in 2018. A trip back in time to November of 2018 for this blog. We shouldn't forget that whilst this story may have a few cobwebs on it, this could...

ISO 27701 Privacy Information Management
ISO 27701 Privacy Information Management

ISO 27001 is the well recognised international standard for information security. A companion standard has now been added, this is ISO 27701. This page is a brief introduction to ISO 27701. It is the standard for Privacy Information Management. This page will discuss...

Brexit and the new UK GDPR
Brexit and the new UK GDPR

The United Kingdom has now left the European Union. However, until 31st December 2020, EU laws, which include the General Data Protection Regulation (GDPR), continue to apply to the U.K. This is the transition period. Once the transition period has ended,...

PCI DSS Service
PCI DSS Service

The PCI Data Security Standard (PCI DSS) applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational practices for system components included in or connected to environments with cardholder...

Danish Authority Data Protection Breach
Danish Authority Data Protection Breach

The Danish data protection authority ('Datatilsynet') announced, on 20th August 2020, that it had itself suffered a personal data breach. The breach was the discovery of its paper waste containing confidential and sensitive information about citizens and employees....

ISO 9001 Services
ISO 9001 Services

ISO 9001 is an ISO standard that seems out the criteria for quality management systems (QMS). This standard is based on a number of quality management principles including a strong customer focus, motivation and implication of top management, the process...

GDPR Supply Chain Audit
GDPR Supply Chain Audit

Consider the way in which your business operates. Could it operate without suppliers? This will include any other business you deal with, from an outsourced payroll company, to a medical insurance provider and even the company that waters plants in the office. The...

GDPR Periodic Audits
GDPR Periodic Audits

Why carry out GDPR periodic audits? Article 32.1.d of the GDPR, data controllers and data processors must implement appropriate technical and organisational measures to ensure a level of security. This security should be appropriate to the risk. The regulation states...

Data Retention and the GDPR
Data Retention and the GDPR

How will you tackle data retention? Two plus years on from GDPR enforcement, does your housekeeping need a refresh? How long you will keep personal data raises lots of questions. Where to start? How to judge necessity? Have you considered your method of disposal of...