ISO/IEC 27701 is the international standard for privacy information management systems and is a companion standard for ISO 27001. ISO/IEC 27701 enables organisations to demonstrate compliance with all applicable privacy regulations, including the GDPR and the Data...
Estate agency fined £80,000 for failing to keep tenants’ data safe. The Information Commissioner’s Office (ICO) has fined a London estate agency £80,000 for leaving 18,610 customers' personal data exposed for almost two years. The security breach happened at...
This revised edition of one of HSE’s most popular guides is mainly for leaders, owners and line managers. It will particularly help those who need to put in place or oversee their organisation’s health and safety arrangements. The advice may also help workers...
A former GP surgery secretary has been fined for reading medical records of 231 patients in two years, the ICO reported in 2018. A trip back in time to November of 2018 for this blog. We shouldn't forget that whilst this story may have a few cobwebs on it, this could...
Can you refuse to comply with a data subject access request (DSAR) under the UK GDPR and Data Protection Act 2018? For any organisation, the challenge of responding to Data Subject Access Requests (DSARs) is considerable. For example, the NHS, according to research by...
The United Kingdom has now left the European Union. However, until 31st December 2020, EU laws, which include the General Data Protection Regulation (GDPR), continue to apply to the U.K. This is the transition period. Once the transition period has ended,...
The Danish data protection authority ('Datatilsynet') announced, on 20th August 2020, that it had itself suffered a personal data breach. The breach was the discovery of its paper waste containing confidential and sensitive information about citizens and employees....
The number of UK businesses that have suffered cyber-attacks has doubled in the past five years, according to a new report. Hastings based Beaming’s Five Years in Cyber Security found that 1.5 million organisations fell victim to cyber-crime in 2019. This...
How will you tackle data retention? Two plus years on from GDPR enforcement, does your housekeeping need a refresh? How long you will keep personal data raises lots of questions. Where to start? How to judge necessity? Have you considered your method of disposal of...
GDPR and POPI - MUST SOUTH AFRICANS COMPLY? The EU’s General Data Protection Regulation (GDPR) took effect on 25 May 2018 – as heralded by the million-or-so “We’ve changed our Privacy Policy” messages we all received at the time and continue to do so. Whilst...
The EU's Court of Justice has just invalidated the "Privacy Shield" data sharing system between the EU and the US, because of overreaching US surveillance. Privacy Shield ruled invalid after hearing. Schrems argued that there were insufficient safeguards in place and...
Commission conducting ‘preparatory work’ should ECJ invalidate privacy shield The European Commission is preparing for the eventuality that the European Court of Justice (ECJ) may invalidate the EU-US data transfer agreement know as the Privacy Shield. The agreement...
With the arrival of South Africa's new privacy law, POPIA, we have developed a series of services to help you become compliant to the new regulation. We have built or services around the eight principles of the regulation. Accountability - as the data processor you...
South Africa's new data privacy law and what it means for you South Africa's Protection of Personal Information Act, POPIA is now law. This is good news for South African citizens and residents as the aim of the legislation is to protect their personally identifiable...
Protection of Personal Information Act On 24th June 2020, the Republic of South Africa passed into law the final part of the Protection of Personal Information Act. The South African Protection of Personal Information Act has finally come into force. Now this is good...
Many organisations may not realise how the GDPR affects them and how they handle data. Sports clubs and associations are typical of the type of organisation that can run into trouble if they are not careful. This article explains what sports clubs need to do to comply...
The lockdown is all but at an end in England. Many businesses reopened on 4th July, with the government allowing pubs, restaurants, cinemas, museums and hotels to reopen. Part of the conditions attached to this are that pubs will collect your personal data. The...
A government report (National Cyber Security Centre[NCSC]) published in the last 12 months highlighted a plethora of cyber risks businesses are being placed at. Specifically, according to HISCOX in the UK, one small business is hacked...