Luke Irwin, Author at IT Governance UK Blog

British Airways to receive £20 million fine after ICO climbdown

Luke Irwin 21st October 2020 EU GDPR

More than two years after British Airways disclosed a data breach affecting 500,000 customers, the ICO (Information Commissioner’s Office) has confirmed that the airline will receive a £20 million fine. That’s substantially less than the £183.4 million penalty that was …

[Continue Reading...]

Ransomware attackers donate stolen money to charity

Luke Irwin 20th October 2020 News

A criminal hacking group that extorted millions of dollars in a series of cyber attacks is now donating money to charity. The DarkSide crooks said they wanted to “make the world a better place”, after posting receipts for $10,000 in …

[Continue Reading...]

Have you met the DSP Toolkit deadline?

Luke Irwin 20th October 2020 Data Protection, Healthcare

Earlier this year, NHS Digital confirmed that it was extending the 2020/2021 assessment period for DSP (Data Security and Protection) Toolkit until 30 September in light of the COVID-19 pandemic. Organisations now have until March 2021 to achieve compliance. In …

[Continue Reading...]

What is the ISO 27000 series of standards?

Luke Irwin 19th October 2020 ISO 27001

The ISO/IEC 270001 family of standards, also known as the ISO 27000 series, is a series of best practices to help organisations improve their information security. Published by ISO (the International Organization for Standardization) and the IEC (International Electrotechnical Commission), …

[Continue Reading...]

How to write a GDPR data retention policy – with template example

Luke Irwin 16th October 2020 EU GDPR

Under the General Data Protection Regulation (GDPR), organisations must create a data retention policy to help them manage the way they handle personal information. If you keep sensitive data for too long – even if it’s being held securely and not …

[Continue Reading...]

Cyber insurance: A guide for businesses

Luke Irwin 15th October 2020 Cyber Security

Cyber threats are so numerous that it’s impossible to prevent security incidents altogether. That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber …

[Continue Reading...]

3 reasons cyber security training is essential

Luke Irwin 15th October 2020 Cyber Security, Training

Organisations are always looking for ways to improve their security practices, and one of the most effective ways to achieve this is by enrolling employees on cyber security training courses. A recent Lucy Security study found that 96% of respondents agreed …

[Continue Reading...]

The effects of phishing awareness training wear off over time

Luke Irwin 13th October 2020 Phishing

Employees forget the guidance given on phishing training courses within six months, new research has revealed. The findings, which were presented at the USENIX SOUPS security conference in August, were the result of a year-long investigation into the effectiveness of …

[Continue Reading...]

Your DPO questions answered

Luke Irwin 13th October 2020 Data Protection, EU GDPR

Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect. For many, that has included the mandatory appointment of a DPO (data protection officer) …

[Continue Reading...]

How organisations are completing EU–US data transfers following demise of the Privacy Shield

Luke Irwin 8th October 2020 EU GDPR

Earlier this year, the ECJ (European Court of Justice) invalidated the EU–US Privacy Shield, ruling that it fails to protect people’s rights to privacy and data protection. It followed heavy criticism from the Austrian privacy activist Max Schrems, who argued …

[Continue Reading...]

Luke Irwin Archive