Category EU General Data Protection Regulation

August 6, 2017,  Banks, EU General Data Protection Regulation, European Commission, News, Thought Leadership  No comments

This is a short 5 minute filmed interview produced by Liberum Investment Bank for its clients in London and New York on the Directive 2016/679 (General Data Protection Regulation). Recorded in London in July 2017.

Copyright Liberum Investment Bank 2017.

July 27, 2017,  EU General Data Protection Regulation, Legal update, News, Thought Leadership  No comments

One of the most important and fundamental principles of data protection under Regulation 2016/679 (GDPR) is the Principle of Minimisation. Arguably, it’s the one principle can help satisfy the need to manage security, data protection and privacy objectives, especially with respect to the Internet of Things (IoT).

Under Art.5(1)(c), GDPR, the Data Controller must ensure that ‘processing of personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.’ This is about ensuring that staff are only processing personal data in accordance with the purposes and once these have been satisfied, it’s safest to del...

July 8, 2017,  EU General Data Protection Regulation, Henley Business School, News, Thought Leadership  No comments

In its latest Opinion, adopted on the 8 June and published on 29 June 2017, the Art.29 Data Protection Working Party (WP29) makes a fresh assessment of the balance between legitimate interests of the employer and the reasonable privacy expectations of employees working within the European Union.

The concept of ‘employee’ is widened and includes those with a contract of service as well as contractors working under a contract for services. The Opinion is intended to cover all situations where there’s an employment relationship, irrespective of whether this relationship is based on an employment contract.

WP29 also highlighted the risks posed by new technologies deployed i...

June 22, 2017,  data protection, Data Protection Act 1998, EU General Data Protection Regulation, Legal update, News  No comments

The British Government signalled its intention to replace the Data Protection Act 1998 with a new Data Protection Act that will be in alignment with the EU General Data Protection Regulation (GDPR). The Department for Culture, Media and Sport and the Home Office will be the relevant ‘Lead Departments’ overseeing the passage of the Data Protection Bill through Parliament.

“A new law will ensure that the United Kingdom retains its world-class regime protecting personal data”, said Her Majesty the Queen Elizabeth II in her speech to both the House of Commons and the House of Lords on Wednesday 21 June 2017.

The Bill will fulfil a manifesto commitment to ensure the UK has...

June 16, 2017,  EU General Data Protection Regulation, Henley Business School, News, Thought Leadership  No comments

Regardless of the size of the organisation, Data Controllers are entering arrangements with Cloud Service Providers in the hope of improving customer service levels coupled with reductions in processing costs and enhanced personal data security.

It’s important for a Data Controller to understand the different Cloud Service models to select the one that’s best aligned with its risk appetite and business requirements.

Many are often apprehensive about cloud security, however cloud storage with a reputable provider will likely be more secure than on-premises storage because protecting data is the core function of the business.

Unlike a Data Controller that has the entire org...

May 20, 2017,  EU General Data Protection Regulation, Henley Business School, News  One comment

With data security of all organisations under significant threat from external actors, all organisations need to review the security of processing personal data as a matter of urgency. And such reviews must include the use of Bring Your Own Devices (BYOD) as well as the Internet of Things (IoT) used in the workplace.

An employee and independent contractor engaged by the Data Controller, Joint Data Controller(s), Data Processor and sub-Data Processor(s) may well be using their own personal mobile devices, such as a smartphone or tablet, to process personal data of customers, clients, supporters and employees.

The practice of Bring Your Own Devices (BYOD) is endemic across all ...

April 30, 2017,  data protection, EU General Data Protection Regulation, News, Public Relations practice  No comments

The BBC has run a wonderful news story about the development of what’s claimed to be the world’s most secure email service.

Created by US security tech entrepreneur Will Donaldson, Nomx makes the bold claim it uses the “world’s most secure communications protocol” to protect email messages.

The Nomx personal email server costs from £155 – £310 and claims that users can help to stop messages being copied and hacked as they travel to their destination across the Internet.

Too good to be true?

BBC News asked ex-hacker and now security researcher Scott Helme and computer security expert Prof Alan Woodward of Surrey University to test whether the product could provide 100% pro...

April 13, 2017,  EU General Data Protection Regulation, Henley Business School, Legal update, News  No comments

Are you an organisation that’s been on the hunt for a suitably qualified and trained Data Protection Officer (DPO) but have found it impossible to find one? You’re not alone.

There’s a shortage, not just in the UK, but across the European Union, with 12 months to go before the EU General Data Protection Regulation (GDPR) is fully enforceable across all 28 Member States. The role of the DPO is at the heart of the new legal framework for data protection and privacy and facilitating compliance with the provisions of the GDPR. It’s also mandatory to appoint a DPO under Art.37(1), GDPR in three specific circumstances:

1. Where the personal data processing is carried out by a...

November 20, 2016,  EU General Data Protection Regulation, Events, Henley Business School, Legal update, News  No comments

Last week I had the honour of speaking at the IAPP Europe Data Protection Congress 2016 in Brussels that was the biggest gathering of data protection professionals to date on mainland Europe with over 1100 delegates drawn from across Europe, US and the Far East.

My short talk was about sizing the risk and the GDPR accelerator ‘DPIA Lite’ that was devised by our team led by Martin Hickley, Associate, Henley Business School and Director of Data Protection, GO DPO®.

A significant aspect of the EU General Data Protection Regulation (GDPR) is demonstrating and verifying compliance – making it evident to the Supervisory Authority that the organisation is meeting its obligation...

October 16, 2016,  EU General Data Protection Regulation, News  No comments

Foreword by Jan Philipp Albrecht MEP

We are witnessing history in the making.

On the 25 May 2018 the EU General Data Protection Regulation (GDPR) comes into force across all 28 Member States. The GDPR introduces new accountability obligations, stronger Data Subject rights to protect our digital existence and ongoing restrictions on international personal data flows.

The new framework is ambitious, complex, rigorous and workable if you’re prepared to shift the way you do business now in the world’s biggest digital single market.

The GDPR is a ‘risk based’ approach to data protection and privacy, requiring organisations and accountable individuals to demonstrate and verify ...