12 September 2018 at 8:06am
In developing our Data Protection Impact Assessment for the Janet Security Operations Centre we noted that our Penetration Testing service could involve high risks, but didn't really fit the DPIA framework.
31 May 2018 at 11:14am
Learning analytics dashboards, like the class mark books that long preceded them, show tutors a lot of information about their students. That could be pretty intrusive, so should universities and colleges be asking students to consent before tutors look at their data?
2 May 2018 at 11:48am
Article 35 of the General Data Protection Regulation introduces a requirement to conduct a formal Data Protection Impact Assessment (DPIA) for any processing that may involve a high risk to individuals. The Article 29 Working Party’s DPIA guidance contains a helpful list of nine factors that may give rise to a high risk. Any activity involving two or more factors is likely to require a DPIA.
1 May 2018 at 9:15am
The Article 29 Working Party has recently highlighted the importance of detecting and mitigating information security breaches.
26 April 2018 at 9:46am
Like the current Data Protection Act 1998, the General Data Protection Regulation (GDPR) will apply to any research involving data about identifiable living individuals. Also like the Act, the Regulation provides for adaptation in a couple of areas where this is needed to make such research possible.
24 April 2018 at 2:00pm
As the GDPR approaches, several customer organisations have asked us if the Janet network will be offering a data processor contract. Presumably the idea is that the organisation that creates an IP packet is the data controller for the source IP address and that all the other networks that handle the packet on its journey are (sub-)processors.
4 April 2018 at 10:08am
It's well-known that the General Data Protection Regulation says that IP addresses should be treated as personal data because they can be used to single out individuals for different treatment, even if not to actually identify them.
23 March 2018 at 1:24pm
The General Data Protection Regulation's Article 4(1) establishes six principles for any processing of personal data. It's interesting to compare how federated authentication – where a student authenticates to their university/college, which then provides relevant assurances to the website they want to access – performs against those principles when compared with traditional direct logins to websites.
22 March 2018 at 11:24am
I was recently invited by EDUCAUSE to present a webinar on GDPR to their community of mostly North American universities and colleges. The number of participants indicates that European data protection law is a topic of interest. But the most common question was why, as non-EU organisations, they should care about GDPR. So I wrote a blog post, which EDUCAUSE have now published...
2 March 2018 at 9:55am
I've had a number of questions recently about how long help desks should keep personal data about the queries they receive. The correct answer is "as long as you need, and no longer". But I hope the following examples of why you might need to keep helpdesk tickets are more helpful than that bare statement:
Subscribe to GDPRtopics