Data Protection Regulation

12 September 2018 at 8:06am
In developing our Data Protection Impact Assessment for the Janet Security Operations Centre we noted that our Penetration Testing service could involve high risks, but didn't really fit the DPIA framework.
17 August 2018 at 11:28am
Recently I've been presenting our suggested legal framework for learning analytics to audiences involved in teaching, rather than legal people. For that I've been trying out a different visualisation, which considers the teaching process as involving three layers:
16 August 2018 at 9:05am
Alongside the 1995 Data Protection Directive (DPD) sat the 2002 ePrivacy Directive (ePD), explaining how the DPD should be applied in the specific context of electronic communications.
3 August 2018 at 9:51am
Over recent months the GDPR has given extra weight to concerns - originally expressed by regulators fifteen years ago - about public access to information about individual registrants of DNS domains. This article considers the use of this WHOIS data by those handling information security incidents, and why this represents a benefit, rather than a risk, to the objectives of data protection law.
15 June 2018 at 2:41pm
Since there was a lot of interest in my keynote presentation at the EUNIS 2018 conference last week, this post collects together the slides and the blog posts that provide further analysis and discussion of the ideas:
5 June 2018 at 11:24am
The Information Commissioner’s new guidance on Consent under the General Data Protection Regulation contains some useful guidance for universities and colleges in particular.
31 May 2018 at 11:14am
Learning analytics dashboards, like the class mark books that long preceded them, show tutors a lot of information about their students. That could be pretty intrusive, so should universities and colleges be asking students to consent before tutors look at their data?
25 May 2018 at 9:19am
Delighted to report that our first Data Protection Impact Assessment, for the Janet Security Operations Centre, is now publiushed at Thanks to the SOC and GDPR teams who made this happen!
2 May 2018 at 11:48am
Article 35 of the General Data Protection Regulation introduces a requirement to conduct a formal Data Protection Impact Assessment (DPIA) for any processing that may involve a high risk to individuals. The Article 29 Working Party’s DPIA guidance contains a helpful list of nine factors that may give rise to a high risk. Any activity involving two or more factors is likely to require a DPIA.
1 May 2018 at 9:15am
The Article 29 Working Party has recently highlighted the importance of detecting and mitigating information security breaches.
Subscribe to Data Protection Regulation