Governance, Risk, Compliance
The first 72 hours after you discover a data breach are critical. Why? The GDPR (General Data Protection Regulation) requires all organisations to report certain types of personal data breach to the relevant supervisory authority. More specifically, Article 33…
Under the GDPR (General Data Protection Regulation), organisations must be vigilant about how long they retain personal information. If you keep sensitive data for too long – even if it’s being held securely and not…
The GDPR (General Data Protection Regulation) gives individuals more control over how their personal data is used. If your organisation processes personal data, the Regulation requires you to provide data subjects with certain information. This typically takes the…
The documentation of processing activities is a new legal requirement under the EU GDPR (General Data Protection Regulation). Documenting your processing activities can also support good data governance, and help you to demonstrate your compliance…
This blog has been updated to reflect industry developments. Originally published Jan 04, 2018. The EU General Data Protection Regulation (GDPR) restricts transfers of personal data to countries outside the EEA. These restrictions apply to…
British Airways has been fined £183.4 million for a data breach that affected around 500,000 customers last year. The airline, owned by IAG, says it is “surprised and disappointed” by the penalty – the largest ever fine for a…
A version of this blog was originally published on 6 February 2018. The GDPR (General Data Protection Regulation) isn’t just about implementing technological and organisational measures to secure the information you store. You also need…
Mumsnet has disclosed a data breach that occurred during a software update between 5-7 February. A technical error meant that users who logged on simultaneously were directed to someone else’s account. The site’s founder, Justine Roberts, said that up to 4,000 users logged in while the vulnerability (which sounds like a caching glitch) was effective, but…
Alan Calder, founder and executive chairman of IT Governance, was invited onto BBC Radio 4’s “You & Yours” programme to discuss privacy concerns from the perspective of displeased customers and organisations tackling GDPR compliance. The conversation revolved around establishing whether the GDPR is, as the…
Ships have experienced a digital transformation in recent years. New technologies are helping them navigate the waters and ensure that everyone on board experiences the connectivity and convenience they expect. However, this increased volume of…