It is almost four and a half years since the GDPR became enforced in May of 2018. Since that date, when the world went mad over consent, subscriptions and other connection requests that most of the requestors ignored, we have had Harry and Megan, Brexit, Covid-19 and...
The PCI DSS (Payment Card Industry Data Security Standard) compliance is not easy or inexpensive. In fact, depending on the size of your organisation and the complexity of your CDE (cardholder data environment), it could take months and cost tens of...
The Children's Code The Children’s Code (or Age Appropriate Design Code to give its proper title) is a data protection code of practice for online services. This includes apps, online games, and web and social media sites that are likely to be accessed by...
In July 2016, the EU issued the eIDAS regulation, which increased the significance of electronic signatures drastically. However, under the current circumstances, the value of signing documents online is higher than ever before. What is an electronic signature?...
The recently launched NHS DSP Toolkit for Care Homes was designed to help care homes with an NHS email address. Full compliance, or standards met is also available allowing care homes to take part in Coordinate My Care. When registered, he care home faces a tad which...
In case you didn’t know, but CCTV footage is subject to the GDPR (General Data Protection Regulation). The Regulation isn’t just about written or electronic data such as names and addresses. It applies to any information that can identify someone. That includes...
Howard Freeman - 29th December 2020. The feared outcome that businesses would have to find new ways to keep data flowing between the EU and the UK following the Brexit deal has not been realised. Brexit negotiators agreed to a temporary solution that will keep the...
Utility supplier People’s Energy has had its entire customer list stolen. All 270,000 customers of People’s Energy, a renewable energy start-up, have had their details compromised in a major data breach incident that occurred last week, on 16th December 2020....
Due to social distancing and restrictions enforced by the UK’s tier systems, we are now used to business meetings taking place online. In particular, the video conferencing platform “Zoom” has achieved huge popularity through the pandemic. However, over the same...
Nursing home fined for a data breach after a laptop with residents' details is stolen A nursing home in County Antrim has been fined £15,000 for failing to adequately protect sensitive data about its staff and residents. This story is a look back in history but...
British firms face a bill of up to £1.6 billion if the UK government fails to win an EU adequacy decision. The decision, if granted, would allow dataflows to continue as normal. This was revealed by a new report published on Monday last (23rd November 2020). UK firms...
And how to avoid them… The scramble for bargains and supposedly unbelievable savings, whatever your thoughts about Black Friday are, brings with it a spike in cybersecurity threats. Cybercriminals will be just as keen to take advantage of you as you are desperate for...
We are often asked about consent and the GDPR. But, what consent can be given face to face or over the telephone? Verbal consent and the GDPR, is verbal consent allowed? Given the documentation requirements of the law, one might expect the answer to be no. However,...
One-third of small businesses don’t feel GDPR applies to them. It doesn't apply to me!!! We interviewed our CEO, Howard Freeman, who talks with SME business owners every day and he offered us his insights for the website. Howard, do small businesses understand the...
4 of the 5 top causes of data breaches are because of human or process errors Although data breaches as a result of cyber-attacks get all the press, it is often negligence or a lack of basic processes, policies and procedures that result in data breaches. The...
Will the GDPR still apply? The GDPR is an EU regulation and we wanted to update on post-Brexit GDPR. This means it became law in all member states of the EU (including the UK), without the need for a UK Act of Parliament. It also applies to the EEA states. The UK...
The GDPR states that you must identify a lawful basis before processing personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are ‘legitimate interests’? You must understand your GDPR...
The Austrian regulator has issued its first fine for a GDPR violation. In this case, it was for a CCTV breach. This decision by the regulator, namely the Austrian Data Protection Authority ("DSB"), is particularly interesting. The Austrian Data Protection Act...