Common data privacy failures and how to mitigate them
Welcome to this week’s Security Spotlight, in which we shine a light on:???
???
Q&A | How Organizations Are Failing to Process Personal Data Lawfully Under the GDPR?
At the heart of the?EU GDPR (General Data Protection Regulation)?lie the Article 5 data protection principles.?
When asked which principle organizations are most prone to getting wrong, data privacy trainer?and?DPO (data protection officer)?Andy Snow found it hard to pick just one. In part, this is due to how the principles naturally interlink – an issue with one principle naturally leads to issues with (some of) the others, too.?
Andy took the first principle as an example, saying:?
“You’d think organizations can get something as basic as ‘lawfulness, fairness and transparency’ right, but no!?
“There are often problems with the lawfulness of personal data processing, largely due to over-reliance on consent. Organizations still don’t understand what consent?actually?entails.”?
In this interview, Andy explains how organizations are failing to process personal data lawfully under the GDPR and how can they address this while improving their day-to-day business operations.?
Blog | ISO 27001:2022 Annex A Controls Explained?
ISO 27001?is the international standard for information security. Its framework requires organizations to identify information security risks and select appropriate controls to tackle them.?
Clauses 4–10 of the Standard define the broader requirements for an ISMS (information security management system). However, they don’t specify individual controls.?
Annex A of ISO 27001 takes a different approach.?
This blog explains:?
?
?
Q&A | Where to Start with Cyber Security Risk Management?
Risk management lies at the heart of data security. Virtually every best-practice framework and law related to cyber security or data privacy takes a fundamentally risk-based approach, including:?
领英推荐
Damian Garcia is our head of GRC (governance, risk and compliance) consultancy. He’s an expert in information security and risk management, with more than 30 years’ experience in the field and an MSc in cyber security risk management.?
In this interview, Damian talks us through how to begin managing your cyber security risks.?
?
Free paper | General Data Protection Regulation (GDPR) – A compliance guide for the US?
The EU’s GDPR heralds the most significant change to data protection law in Europe – and globally – in recent years. Every organization that processes EU residents’ personal information must comply with the Regulation, including organizations in the US.?
Download this free green paper to receive compliance advice from the GDPR experts and understand the core elements of the Regulation that are subject to the higher-tier fines, and what you need to do to comply with them.?
The guide covers:?
?
Training Offer | Get 25% off selected training courses?
Make the most of your end-of-year budget: save 25% on instructor-led and self-paced foundation training.?
?
Speak to an expert???
With 20+ years’ experience in information security and data privacy, we understand risk management.???
Our experts have implemented security and compliance programs for hundreds of organizations across a multitude of industries in both the private and public sectors.???
New to the world of information security and data privacy, and need advice on how to get started????
Or updating an existing programme????
Our experts are here to help.???
Get in touch???
?