Data Protection Regulation

2017 - ICO Guidance on Consent

Andrew Cormack
Wednesday, March 22, 2017 - 10:00
Data Protection Regulation
The Guidance makes a surprisingly broad distinction between public and private sector organisations, even when they process the same data for the same purposes. This would remove important protections when personal data are processed by the public sector, and does not appear to be required by the General Data Protection Regulation that the Guidance aims to implement.
Read more
19 April 2017 at 9:40am

GDPR: A new kind of consent

Andrew Cormack
Data Protection Regulation
Consent
GDPRdevelopment
GDPRprocess
While some have viewed the General Data Protection Regulation's approach to consent as merely adjusting the existing regime, the Information Commissioner's draft guidance suggests a more fundamental change: "a more dynamic idea of consent: consent as an organic, ongoing and actively managed choice, and not simply a one-off compliance box to tick and file away".
Read more
19 April 2017 at 9:39am

What's the data protection difference between public and private sectors?

Andrew Cormack
Data Protection Regulation
GDPRdevelopment
[UPDATE] a slightly revised version of this post formed our response to the ICO consultation.
Read more
19 April 2017 at 9:41am

Consent for Learning Analytics: Practical Guidelines

Andrew Cormack
Learning Analytics
Data Protection Act
Data Protection Regulation
GDPRtopics
Recently I've been doing some work with Niall Sclater on how education organisations might inform students about the use of learning analytics, and when they might seek students' consent. The resulting blog post is at https://analytics.jiscinvolve.org/wp/2017/02/16/consent-for-learning-analytics-some-practical-guidance-for-institutions/
Read more

2017 - Article 29 Working Party on Right to Portability

Andrew Cormack
Friday, January 27, 2017 - 09:48
Data Protection Regulation
Portability Right
These are Jisc's comments on the Article 29 Working Party's Guidelines on the Right to Data Portability (WP242).
Read more
19 April 2017 at 9:43am

Incident Response and the GDPR

Andrew Cormack
incident response
Data Protection Regulation
GDPRtopics
After (too) many years, I’ve turned the ideas from my original TF-CSIRT documents into a formal academic paper, which has just been published in the open access law journal, SCRIPTed: Andrew Cormack, "Incident Response: Protecting Individual Rights Under the General Data Protection Regulation", (2016) 13:3 SCRIPTed 258 https://script-ed.org/?p=3180
Read more
19 April 2017 at 9:42am

Portability right: a data protection challenge

Andrew Cormack
Data Protection Regulation
Information Security
GDPRdevelopment
[Update: Jisc has responded to the Working Party's invitation to comment on these guidelines]
Read more
25 April 2017 at 2:30pm

GDPR: moving to Information Lifecycle Registers?

Andrew Cormack
Data Protection Regulation
GDPRprocess
[UPDATE: the Irish GDPR coalition have a nice infographic on information lifecycles under the GDPR] Anyone who has looked at an information security standard is likely to be familiar with the idea of an Information Asset Register. These cover the What and Where of information that an organisation relies on: what information do we hold, and where is it kept.
Read more
19 April 2017 at 9:46am

GDPR: Twelve Steps, Sorted

Andrew Cormack
Data Protection Regulation
GDPRprocess
Although the Information Commissioner's "Twelve Steps to Prepare" is an excellent guide to what organisations need to do in the eighteen months before the General Data Protection Regulation  becomes UK law in May 2018, following them in order from 1 to 12 may n
Read more
19 April 2017 at 9:46am

ECJ rules in favour of security and incident response

Andrew Cormack
incident response
Data Protection Regulation
GDPRtopics
The recent European Court case of Breyer v Germany provides welcome support for those who wish to protect the security of on-line services.
Read more
Subscribe to Data Protection Regulation