Whenever a controller uses a processor, there must be a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities. The UK GDPR sets out what needs to be included in the contract. If a processor uses...
Archives
Blog
Rearo issues warning to businesses following a cyber attack
Classification: Intelligence briefing...
Cyber Essentials Certification: keep your business data safe
With data breaches in the UK increasing by 46% year on year and over 80% of UK businesses falling victim to a successful attack this costs the UK economy £3.1bn between April ’21 and April ’22. This also resulted in ICO fines of £44m being collected against...
Alarm over low spend on cyber security as MPs review new Bill
At lunchtime today (Monday 5 September), the UK’s next prime minister will be revealed despite delays to voting by Conservative Party members following a GCHQ alert over cyber hackers On the same day the UK Data Protection and Digital Information Bill comes up for its...
GDPR Adoption…the reality
It is almost four and a half years since the GDPR became enforced in May of 2018. Since that date, when the world went mad over consent, subscriptions and other connection requests that most of the requestors ignored, we have had Harry and Megan, Brexit, Covid-19 and...
What is the cost of PCI DSS Compliance?
The PCI DSS (Payment Card Industry Data Security Standard) compliance is not easy or inexpensive. In fact, depending on the size of your organisation and the complexity of your CDE (cardholder data environment), it could take months and cost tens of...
Yodel Hack – Parcel Delivery Delays
The delivery service company Yodel has suffered a “cyber incident” resulting in widespread disruption. Customers awaiting deliveries noted that Yodel’s systems were offline last weekend. Yodel said: “We are working to restore our operations as quickly as possible but...
Meta (Facebook) Fined £14 Million
Meta has been fined €17 million for twelve breaches of the EU GDPR. The company, formerly known as Facebook, violated several GDPR (General Data Protection Regulation) requirements. More than 30 million people have been affected. The Irish DPC (Data...
Special Categories of Data
What is special category data? Found out here. Special category data is personal data that needs more protection because it is sensitive.In order to lawfully process special category data, you must identify both a lawful basis under Article 6 of the UK GDPR. You also...
Six Data Privacy Mistakes every company makes
Does the following sentence sound familiar? “I have read and accepted the privacy policy.” This checkbox is found beneath various online forms. It’s completely superfluous. There is no need to accept a privacy policy because it merely serves an informational...
The GDPR Accountability Principle
The GDPR Accountability Principle is one of the data protection principles. It makes you responsible for complying with the UK GDPR. The regulation states that you must be able to demonstrate your compliance. It is sometime known as the seventh principle....
GDPR Accountability Checklist
Welcome to our GDPR Accountability Checklist. ☐ We take responsibility for complying with the UK GDPR, at the highest management level and throughout our organisation. ☐ We keep evidence of the steps we take to comply with the UK GDPR. We put in place...
7 Common Phrases that can kill your credibility
Don't destroy trust and erode confidence with colleagues and clients alike by using these expressions that will ruin your credibility. We all use common expressions in everyday conversations that we don’t realise can come across as insecure and even dishonest. To make...
GDPR Email Questions Answered
There are many GDPR email related questions GDPR Email Questions Answered: We’ve been contacted with many GDPR email related questions so we thought we would share for you the most common ones: Is sharing an email address a breach of GDPR? This depends on two things:...
The GDPR Accountability Checklist
Take the test Ask yourself the following questions We take responsibility for complying with the UK GDPR, at the highest management level and throughout our organisation. We keep evidence of the steps we take to comply with the UK GDPR. We put in place appropriate...
Cabinet Office Fined for Serious Data Breach
Howard Freeman - November 2021 A 'complete disaster' is how the publication of the home addresses of recipients of awards in the 2020 New Years Honours List has been labelled Iain Duncan-Smith, called for an urgent inquiry into the incident. He also warned of legal...
Pub apps demanding too much customer data unnecessarily
Pub and restaurant chain apps are requiring such data as gender and marital status. This is raising eyebrows among privacy campaigners and industry analysts alike. The Information Commissioner’s Office warned that many pubs and restaurants were asking customers for...
GDPR and Data Retention
Data Protection Law has changed in the United Kingdom as we have now left the European Union. The General Data Protection Regulation (GDPR) requires organisations to create a GDPR and data retention policy's schedule. Its purpose is to help them manage the way they...