Privacy Archive
The GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. This is known as a DSAR (data subject access request). This is not a new concept, but the GDPR introduced several changes that make responding to them …
First published June 2018. Last updated March 2020. Under the EU GDPR (General Data Protection Regulation), you need to identify a lawful basis before processing personal data. But what is a lawful basis for processing? Do you always need individuals’ …
The GDPR (General Data Protection Regulation) gives individuals more control over how their personal data is used. If your organisation processes personal data, the Regulation requires you to provide data subjects with certain information. This typically takes the form of a data privacy …
The first 72 hours after you discover a data breach are critical. Why? The GDPR (General Data Protection Regulation) requires all organisations to report certain types of personal data breach to the relevant supervisory authority. More specifically, Article 33 says that, in the event …
Under the GDPR (General Data Protection Regulation), organisations must be vigilant about how long they retain personal information. If you keep sensitive data for too long – even if it’s being held securely and not being misused – you may …
Microsoft has confirmed a massive data breach affecting anonymised data held on its customer support database. Up to 250 million records were exposed online between 5 and 31 December as a result of the tech giant failing to implement proper …
Twitter has suspended the dating app Grindr from its ad platform after discovering ‘insane violations’ of the GDPR (General Data Protection Regulation). According to a study by the NCC (Norwegian Consumer Council), Grindr shared significant amounts of sensitive personal data …
T-Mobile has confirmed that its systems have been hacked, with cyber criminals stealing the personal data of more than one million US customers. According to the organisation, customer names, addresses, phone numbers, rate plans and plan features were all exposed. …
The Labour Party’s campaign website has suffered a “sophisticated and large-scale” cyber attack, a spokesperson has said. Security procedures had “slowed down” some election campaign activities, but the party believes that no sensitive data was compromised. The incident has nonetheless …
In a month where security experts across Europe were boosting awareness of cyber security, organisations had mixed results in their own data protection practices. On the one hand, the 421,103,896 data records that were confirmed to have been breached in …
