The Data Protection Blog

November 6, 2017

Seven months till the GDPR and most UK businesses haven’t even begun to plan

A shock is coming to UK businesses who haven’t yet put a data protection programme in place. The General Data Protection Regulation comes into play in May 2018, by which time businesses need to show they’re already compliant with it.
November 1, 2017

Finalised GDPR Data Protection Impact Assessment (DPIA) guidelines released by WP29

A Data Protection Impact Assessment is a process for building and demonstrating compliance with the GDPR. It’s a process that an organisation can use to systematically describe its data processing purpose and operation, assess whether its processing is likely to result in risk for the data subjects concerned, and determine measures for addressing these risks.
October 31, 2017

Data mapping and compliance with GDPR Article 30

Article 30 of the General Data Protection Regulation (GDPR) stipulates that organisations maintain a record of their data processing activities. Basically, this means that for an organisation to become compliant with the GDPR, it needs to present an audit of personal data as it moves through an organisation.
October 18, 2017

Are schools ready for the GDPR?

There’s a lot of talk online about businesses becoming ready for the General Data Protection Regulation compliance deadline of May 2018, but what about all the thousands of schools out there? All schools, whether they’re private or public, need to comply with the GDPR. When the GDPR comes into play, schools will need to have their data protection programmes already operating. So where to begin?
October 12, 2017

GDPR : Who’s most at risk and what’s the risk?

Facebook is under pressure as a result of a €1.2-million fine by the Spanish Data Protection Authority for not adequately collecting the consent of its user and non-users. This infringement of data privacy is the second in a matter of months, following a €150 000 fine from the French privacy regulators for a violation along similar lines.
October 11, 2017

Archive Or Delete : What Should You Do With Your Data?

The volume of data you have on your computer system grows by the day. But do you need it all and how will you manage the storage of it as it increases? Since backing up has become vital to business continuity, you need to be smart about what you keep and what you don’t. Redstor looks at the question in their data management article: Archive or delete – What should you do with your data?
October 10, 2017

Irish court asks for review on data transfers

In a move that spotlights the accelerating importance of data protection and privacy worldwide, Ireland’s High Court will ask the EU’s Court of Justice for a ruling on whether business enterprises operating via the Internet, such as social media giant Facebook, will be allowed to transfer users’ data to the United States. Needless to say, a ban on data transfers would have huge consequences not only for social media, but for all US enterprises that process data on EU residents, whether for online purchases, accommodation bookings or moving employee data between countries. Just think of all the US websites that are used heavily by Europeans every day: Amazon, Google, HomeExchange, Airbnb, Whatsapp and
October 6, 2017

GDPR365 announces strategic partnership with international data management experts, Redstor

In anticipation of the EU’s General Data Protection Regulation (GDPR), which will come into effect in May 2018, Redstor has partnered with compliance specialists GDPR365 to offer their clients a cloud-based software tool that will enable initial and ongoing compliance with the new data protection law. Every organisation – inside or outside the EU – that processes personal information belonging to individuals in the EU will need to comply with the GDPR. The regulation has been developed primarily to strengthen the rights of individuals and, as a result, sets new data privacy and protection standards for organisations doing business with Europe.
September 20, 2017

Equifax hack makes you ask: are US organisations ready for the GDPR?

On 7 September the The Washington Post reported that a security breach at Equifax, a US credit rating bureau, resulted in hackers gaining access to personal data belonging to an estimated 143 million individuals. Apparently, the breach was due to an 11-year-old website application flaw that compromised the personal information of not only Americans, but British and Canadian consumers. Amongst the stolen personal data are names, driver’s license details, credit card numbers, social security numbers and birth dates – basically the key ingredients for identity fraud.