A key change to data subjects’ rights under the EU General Data Protection Regulation (GDPR) is the right to ask organisations what data they hold about the data subject. Although this was possible under the Data Protection Act 1998, organisations …
Organisations need to be prepared to respond to a wide variety of cyber security incidents. Your biggest concern might be the threat of criminal hackers breaking into your systems, but you also need to know what to do if, say, …
This week, we discuss a £77,000 fine for BT, Bithumb’s loss of £24 million, Islington Council’s PCI DSS fail and some topical phishing campaigns. Hello and welcome to the IT Governance podcast for Friday, 22 June 2018. Here are this …
Data security is an increasing priority for many organisations. The EU General Data Protection Regulation (GDPR), high-profile data breaches and new sector-specific frameworks such as the Data Security and Protection (DSP) Toolkit mean that many are looking for ways to …
It is widely acknowledged that the retail and hospitality industries experience high staff turnover: frontline roles are often filled by temporary, young or part-time staff, the hours can be long and unsociable and the work can be physically demanding. Despite the operational challenge of staff turnover, there is still …
What does Article 30 require? Article 30 of the EU General Data Protection Regulation (GDPR) sets out what exactly organisations need to document in order to comply with the Regulation. As the GDPR has a heavy emphasis on accountability, organisations …
Under the EU General Data Protection Regulation (GDPR), as an individual (known as the ‘data subject’), you have eight rights. Your ‘right of access’, set out in Article 15 of the Regulation, requires data controllers (organisations that control the processing …
Far too often, information security teams have only the broadest overview of the wider workings of their organisations. Other staff, meanwhile, tend to have little knowledge of or interest in information security practices, which they often believe have been designed …
To mark the launch of the Data Security and Protection (DSP) Toolkit, we are offering 10% off our DSP Toolkit Documentation Templates when purchased before 30 June. The DSP Toolkit has superseded the Information Governance (IG) Toolkit as the standard for cyber and data security for healthcare organisations. It aims …
A number of people have asked whether the GDPR (General Data Protection Regulation) applies to data breaches that occurred before 25 May 2018 but were discovered after that date. The short answer appears to be yes, but, as ever, it’s …
