All articles by PrivSec Report – Page 17
-
FeatureOpen banking and GDPR, is there a clash?
Open banking is here, that means you can give third parties access to the data held about you by your bank. GDPR is to be enforceable come May of this year, this regulation protects customer privacy. But is there a clash between the two regulations?
-
Q&AHow does a data controller differ from a data protection officer?
GDPR has been on the horizon for some time now and most business owners are generally familiar with the overarching principles and terminology behind the regulations, which will be enforced on 25th May 2018. But there remains some confusion over the finer details, particularly regarding data controllers and data protection officers (DPOs) and their remits.
-
FeatureBalancing a warm corporate welcome and GDPR
Worth £193bn annually to the UK economy, face-to-face business remains king, so how can UK organisations strike the right balance between a smooth check-in for visitors and meeting the forthcoming GDPR requirements?
-
FeaturePSD2: Are you ready for strong customer authentication (SCA)?
Let’s start with the basics, The Second Payment Services Directive (PSD2) was officially published by the European Commission in December 2015 and follows on from the First Payment Services Directive (PSD1), which was implemented in 2009.
-
FeatureFive added benefits of GDPR compliance
The General Data Protection Regulation (GDPR) will bring about a massive overhaul in data protection laws for EU citizens when it goes into effect on May 25, 2018.
-
FeatureHow can schools ensure they are GDPR compliant?
The new GDPR (General Data Protection Regulation) is replacing the current Data Protection Act (DPA) and is set to strengthen and unify all data held within an organisation.
-
FeatureGDPR: What can you prove?
Within the immense framework that is GDPR, there is one clause that invokes a topic in the security community that is particularly interesting, though not very much fun: audit logging. When you read Article 30 that covers “Records of Processing” you see that data processors and controllers need to be able to show how and when data was processed and be able to prove it. Typically this comes in the form of some type of application or security log that provides an audit trail of the actions taken against data from the time of its creation to its erasure.
-
FeatureGDPR Subject Access Requests
Handling subject access requests (“SAR”) effectively and within the legal timeframe remains a challenge for many employers especially where SARs are becoming increasingly onerous
-
Q&ACan employers legally monitor employees’ emails at work?
This year we have seen a high profile European court case and new guidance from the Article 29 Working Party (the data protection advisory body made up of representatives from the data protection authorities in each EU Member State) (“29 WP”) confirming the legal position and providing guidance on monitoring employees at work.
-
FeatureDealing with subject access requests under GDPR
Under the new General Data Protection Regulation (“GDPR”), which will come into force on 25 May 2018, individuals will benefit from heightened rights in terms of their ability to request and access personal data from any entities holding such data about them.
-
FeatureHow to keep video conferencing GDPR compliant
The countdown to GDPR is on. The legislation marks a crackdown in terms of where data is stored in the cloud, with stricter fines for businesses in breach of those regulations.
-
FeatureElizabeth Denham’s Full Speech on Cyber Security and Data Protection
Elizabeth Denham, UK Information Commissioner, ICO talked about how cyber security and data protection are inextricably linked in her speech at the CBI Cyber Security Conference on 13 September 2017.
-
Feature8 tips to securely dispose of your end of life data assets
In preparation of GDPR, it is vital that your business has a process in place to securely and responsibly dispose of end of life data assets.
-
FeatureHow to manage a GDPR project
Compliance with the GDPR is likely to be a key project for many companies, especially the far reaching nature of the requirements under the GDPR and potential fines for non-compliance of up to 4% of annual worldwide turnover.
-
FeatureThe five essentials of data access control
Organisations now have under a year to prepare for the introduction of the general data protection regulations. One action that needs to be prioritised is establishing clear and secure user access to any data that the organisation holds.
-
FeatureGDPR compliance: Where does the responsibility lie?
The natural assumption ahead of GDPR implementation is that businesses and service providers have, or are, taking steps to ensure that their systems and processes are compliant.
-
FeatureGDPR: What landlords and letting agents need to know
Data protection is about to change dramatically with the introduction of the GDPR, and the housing sector needs to be aware of the implications.
-
FeatureGDPR and storage limitation: time to update your data retention policy?
The gist of the storage limitation principle under the General Data Protection Regulation (“GDPR”) (Art 5(1)(e)) isn’t materially different to the existing principle under the Data Protection Directive. In a nutshell, personal data should not be retained longer than necessary, in relation to the purpose for which such data is processed.
-
FeatureGuidelines and consequences for non-compliance
Even though enforcement doesn’t begin until May 2018, there are some key questions every organisation should be asking itself as the enforcement day approaches.
-
FeatureFive ways technology accelerates GDPR compliance
You may already be familiar with the GDPR. Indeed, you may be working right now on a compliance strategy to target the Regulation. Or maybe there’s still a lot of work to be done: research last year indicated that just 46 percent of organisations are highly confident that they’ll be ready by the implementation date and 88 percent report technological challenges.
