Let’s face it, most people think that compliance is boring. Maybe that’s why 71% of organisations are still not GDPR compliant[i] and most still don’t encrypt data properly[ii] (i.e. take “appropriate measures”). And if GDPR wasn’t difficult enough to get your head around, the regulatory environment is going to get tougher and much more complicated…
If you are collecting customer data on the phone or in writing
If you are collecting customer data on the phone or in writing (usually through the internet on an electronic form) what information must you tell them at the time of data collection. Your company name, your contact details, and the name of your DPO if you have one. What you are going to do with…
Happy 1st Birthday GDPR!
Well that birthday was nearly a month ago – and yes, I’m terrible at remembering birthdays… But the data protection legislation baby has grown quickly and at times flexed its newly-discovered muscles. And it’s going to get bigger and stronger in the coming years. The whole point of it was to enhance the rights for…
Henry’s Blog
Hi all, Here is the first of my new Blog for you all to enjoy. Keep watching for new episodes coming soon.
Subject Access Requests – what should you do?
It’s just part and parcel of modern life that a lot of organisations hold electronic data about us. Data can lurk in many places, whether in databases, accounting software, spreadsheets, electronic documents or emails. Many smaller organisations, whether charities or SME’s, have taken the approach that they are too worthy or too small for the Information…
Who actually likes cookies?
Searching for cookies on the internet I found many articles about peoples favourite cookies and other biscuity delights. But it wasn’t what I was looking for… It seems a long time ago but the latest meaningful research on cookies that I could find was by PWC in February 2011 (yes, when dinosaurs ruled the Earth)….
The 100 worst passwords of 2018
We all use online services there’s days, whether it’s for business or pleasure, or maybe paying your taxes. Almost every service that you use requires a password, and these days your web-browser-of-choice will suggest and generate a strong random password for you. Yet, despite this assistance, it seems that people use the same password for…
Can GDPR and blockchain be friends?
Sometimes it seems that General Data Protection Regulations (GDPR) and blockchain are separated by a vast continental divide. Blockchain technologies gained prominence with bitcoin and those confusing adverts screened during the FIFA 2018 World Cup. GDPR also gained prominence in 2018 as new European data protection laws came in to force. Blockchain is based upon…
What happens to UK’s GDPR after Brexit?
You can’t escape the topic of Brexit at the moment. Much of the discussion will be on whether we get a deal or not, but a topic that is not discussed is why some of the negotiations are so complex. Much of EU trade (whether cross-border or not) has a data element to it. All…
Jonathan Jacob in conversation with James Haxell of RegTech Analyst
A misconception is brewing with some SMEs that they’re too small to be fined by the ICO for data protection failures, but that’s not the point, it’s their legal obligation to make sure they are compliant, Jonathan Jacob, CEO at Compliance Compendium told RegTech Analyst. Fear levels about fines reached fever-pitch back when the General Data Protection Regulation (GDPR) became law on the 25thMay 2018. Major worries accumulated…
BYOD = Bring Your Own Device, or should that be Breach Your Own Data?
Our phones are with most of us most of the time these days. And their capabilities surpass the humble moniker of “phone”. We use them for mail, social media, searching the internet, playing games and much, much, more. However, it occurred to me the other day that I was using my personal phone for work…
French data protection CNIL regulator fines Google over consent
The French version of the ICO (Commision Nationale de l’information et des Liberties – CNIL) has issued the first high profile penalty notice (€50m) against Google “in accordance with GDPR for lack of transparency, inadequate information and lack of valid consent regarding ad personalization.” As Googles European headquarters are in Ireland it might seem strange…