Data Protection Regulation

12 December 2017 at 8:37am
The Forum of Incident Response and Security Teams (FIRST) invited me to write a piece on how GDPR affects security and incident response. Summary: it makes them pretty much essential :)
8 December 2017 at 11:12am
The Article 29 Working Party have conducted a brief consultation on draft guidance on Automated Processing that, surprisingly, reverses all previous legal interpretations I've found. GDPR Article 22 is one of several that begin "The data subject shall have the right", in this case:
4 December 2017 at 10:25am
Last week I spoke at the UCISA CISG-PCMG conference on some of the tools we have been using within Jisc to apply the requirements of the GDPR. UCISA has now published a recording of the session, as well as a copy of my slides.
3 November 2017 at 10:21am
The Article 29 Working Party's draft guidance on Breach Notification under the General Data Protection Regulation (GDPR) provides welcome recognition of the need to do incident response and mitigation in parallel with any breach notification rather than, as I've been warning since 2012, giving priority to notification.
26 October 2017 at 4:23pm
Education Technology have just published an article I wrote (though I didn't choose the headline!) on how security and incident response fit into the General Data Protection Regulation. It aims to be an easy read: if you want something more challenging follow the "incident response protects privacy" link to get the full legal analysis.
23 October 2017 at 4:28pm
Although privacy notices are an important aspect of the General Data Protection Regulation, it seems unlikely that we will have final guidance from regulators for several months.
14 October 2017 at 8:12am
The Article 29 Working Party of European data protection supervisors has published the final version of its Guidelines on Data Protection Impact Assessments (DPIAs). These build on the long-standing concept of Privacy Impact Assessments, being similar to normal risk assessments but looking at risks to the individuals whose data are being processed, rather than to the organisation doing the processing.
9 October 2017 at 9:11am
I've been asked how universities can share students' details with their students union. Since there doesn't seem to be any law giving universities "special powers" to do that, the choice seems to be between the six normal legal bases under the General Data Protection Regulation (GDPR).
21 September 2017 at 1:06pm
I'll be doing a presentation on how Information Lifecycles can help you with the General Data Protection Regulation, security and effective use of information
Subscribe to Data Protection Regulation