November 7, 2017,  EU General Data Protection Regulation, Innovation, Thought Leadership  One comment

On Tuesday 31 October, President Donald J Trump gave the executive order to release previously withheld files relating to the 1963 assassination of John F Kennedy.

Among the many black and white TV news clips of speeches made by JFK that I’ve been watching across several TV networks that are marking one of the darkest hours in American history, one sentence in particular struck a chord with me and perhaps many of you reading this too:

“In each of us there’s a private hope and dream which, if fulfilled, can be translated into benefit for everyone.”

That may sound like a lofty ideal, but I sincerely believe that as data protection professionals we all need to have the c...

October 24, 2017,  News  No comments

October 20, 2017,  Thought Leadership  No comments

The cost of compliance is much less than the price of failure.

To most readers of my blog, this adage may sound obvious, with respect to the General Data Protection Regulation (Regulation 2016/679). Nonetheless, it’s advice isn’t universally observed.

Some months ago, I was talking to a director of a well-known European financial services company about the impact Regulation 2016/679 would have on the business. But I wasn’t fully prepared for his response. “We can afford to pay the fines,” he said.

Wow!

There then followed a couple of seconds of silence as I composed myself...

October 10, 2017,  data protection, EU General Data Protection Regulation, Henley Business School, News, Social marketing practice, Thought Leadership  No comments

Major personal data breaches are happening at a rate of one a day – Equifax, BUPA, Deloitte, NHS, Nottingham County Council, Islington Council, HCA Healthcare and many, many more. Wanna Cry? (I bet you do).

Do you live in fear of whether you’re next? It doesn’t have to be this way. We are transitioning to an era in which individuals have both the skills and the opportunities to choose how they manage and share their personal data to achieve a range of beneficial outcomes.

Digital evangelists like Stephen Deadman, Global Deputy Chief Privacy Officer at Facebook remains optimistic about the future, rather than terrified by it...

October 3, 2017,  European Commission, Legal update, Thought Leadership  No comments

Ireland’s High Court has just ruled today (Tuesday 3 October 2017) that the decision to ban the use of Standard Contractual Clauses (SCC) by social media giants like Facebook, Microsoft and Google to transfer users’ personal data to the US must be initially decided by the Court of Justice of the European Union (CJEU).

Giving her judgment in open court, Irish High Court Judge Caroline Costello said: “I have decided to ask the Court of Justice for a preliminary ruling. European Union law guarantees a high level of protection to EU citizens…they are entitled to an equivalent high level of protection when their data is transferred outside of the European Economic Area.”

T...

September 7, 2017,  EU General Data Protection Regulation, Legal update, News  No comments

With less than 200 working days left before Regulation 2016/679 (General Data Protection Regulation) kicks in, a new global study published by the Centre for Information Policy Leadership – a privacy and security think tank – claims that organisations in the US, South America, Europe and Asia are confused about the legal basis for processing personal data under the GDPR.

A total of 223 senior managers of multi-national companies (57% Data Controllers, 43% Data Processors) responded to the survey across a wide variety of sectors including financial services, healthcare, pharma, technology and telecoms.

The authors of the study explored the reasons why organisations choose to r...

September 3, 2017,  Guru in a Bottle  No comments

Share the Guru...

August 8, 2017,  data protection, Data Protection Act 1998, EU General Data Protection Regulation, Legal update, News  No comments

The British Government  has just announced (Monday 7 August 2017) that it will incorporate Directive 2016/679 (General Data Protection Regulation) along with specific derogations permitted under the GDPR as well as the Data Protection Law Enforcement Directive (DPLED) into UK law.

The move effectively repeals the current Data Protection Act 1998.

This follows a short consultation period (12 April – 10 May 2017) that called for views and which included 170 submissions from a wide range of professional bodies, legal and consumer groups, local government, technology companies, global organisations and academic institutions (7...

August 6, 2017,  Banks, EU General Data Protection Regulation, European Commission, News, Thought Leadership  No comments

This is a short 5 minute filmed interview produced by Liberum Investment Bank for its clients in London and New York on the Directive 2016/679 (General Data Protection Regulation). Recorded in London in July 2017.

Copyright Liberum Investment Bank 2017.

Share the Guru...

July 27, 2017,  EU General Data Protection Regulation, Legal update, News, Thought Leadership  No comments

One of the most important and fundamental principles of data protection under Regulation 2016/679 (GDPR) is the Principle of Minimisation. Arguably, it’s the one principle can help satisfy the need to manage security, data protection and privacy objectives, especially with respect to the Internet of Things (IoT).

Under Art.5(1)(c), GDPR, the Data Controller must ensure that ‘processing of personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.’ This is about ensuring that staff are only processing personal data in accordance with the purposes and once these have been satisfied, it’s safest to del...