Neil Ford Archive
Under the GDPR (General Data Protection Regulation), a lawful basis must be documented when organisations process personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are …
Today is Earth Day, an annual global event that aims to raise awareness of environmental issues. This year’s event – the fiftieth Earth Day – falls in the midst of an unprecedented interruption to life as we know it, and …
The measures we all must take to slow the spread of COVID-19 will inevitably cause disruption for most organisations. Reducing the impact on your business is paramount. One area you might not have considered is how to maintain compliance with …
Welcome to the second part of our round-up of 2019’s information security stories. You can read the first part here >> July The second half of the year began with major data privacy news: the UK’s data protection authority, the …
The 2018 British Airways data breach was one of the first to occur under the GDPR (General Data Protection Regulation), so the ICO (Information Commissioner’s Office)’s investigation into the incident was seen as a test case. It was therefore unsurprising …
A US medical bill and debt collection agency has filed for Chapter 11 bankruptcy protection after suffering a data breach that exposed the sensitive personal data of at least 20 million people. Compromised data included names, addresses, dates of birth …
In our last ever podcast, we discuss Citrix’s data breach, the GDPR and cookie walls, data breach notification, and Patch Tuesday. Hello and welcome to the IT Governance podcast for Thursday, 7 March 2019. It’s our last episode, so I …
This week, we delve into the government’s FTSE 350 Cyber Governance Health Check report, Microsoft’s Security Intelligence Report Volume 24, and Cisco’s latest Data Privacy Benchmark Study. Hello and welcome to the IT Governance podcast for Thursday, 7 March 2019. …
This week, we discuss ICANN’s warning about DNS attacks, the extent of credential stuffing attacks on the retail sector, password managers’ responses to recent research into security flaws, and the European Data Protection Supervisor’s annual report for 2018. Hello, and …
This blog has been updated to reflect industry updates. Originally published 20 June 2018. If you’re classified as a data controller under the GDPR (General Data Protection Regulation), you might have overlooked an important compliance obligation: since 25 May 2018, the …
