Data Protector

The EU’s draft Data Governance Act: an own goal?

Data Protector

The EU’s draft Data Governance Act is designed to facilitate the greater sharing of non-Personal data within the EU. Such big data ought to provide new insights and benefit the lives of EU citizens, the EU thinking goes.

Is it still necessary for data protection laws to have particular processing rules for specific types pf personal data?

Data Protector

I think not. European laws have special rules for the processing of “sensitive data” or “special category data” regardless of the context within which the data will be processed. This has been the case in the UK since the coming into force of the first (1984) Data Protection Act.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Why have I joined the LinkedIn Data Protection Reform Group?

Data Protector

There is an ongoing debate on the rights that data controllers should have, compared with the rights that private individuals should have. There’s also an ongoing debate on what role our national Data Protection supervisory authority should play in developing and enforcing privacy laws.

GDPR 156

Revise the GDPR

Data Protector

GDPR 156

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

My (data) fine is enormous

Data Protector

156
156

Adequacy

Data Protector

In data protection law, transfers of personal data must be safeguarded by written contracts between the parties.

What mixture of leadership styles should a decent data protection officer display?

Data Protector

I was recently asked this question and found it hard to answer. So much depends on the culture of the organisation and the resources available to the DPO.

International data transfers: an opinion the EDPB (probably) won’t publish

Data Protector

One of the consequences of the Scherms II decision is that EU organisations need to take greater care in determining how best to protect the flows of personal data outside the EU.

The Schrems II decision – some EU data exporters will face a huge task to work out whether SCCs are sufficient

Data Protector

Many privacy professionals will be shocked to learn that, in terms of safeguarding personal data flows from an EU to a non-EU country, in the absence of an adequacy decision, more is required than simply slipping the right set of SCCs into a vendor contract.

GDPR 156

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

In praise of. the Investigatory Powers Act 2016

Data Protector

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

One of the Government's core objectives throughout the Brexit negotiations has been to respect data protection rights, slash Brussels' red tape and allow the United Kingdom to be a competitive safe haven for businesses all over the world.

GDPR 156

Privacy Shield shafted – but do SCCs really deliver better privacy protections?

Data Protector

Here we go again. The compulsory Sunday morning church services for all Anglicans at my boarding school served as an opportunity for The Reverend James Culross, (or Druid, as we boys affectionately called him), to churn out stuff from the Book of Common Prayer.

Data Protection: Whither the EU’s SCCs …

Data Protector

It is possible that the European Commission will fail to provide the UK with a data protection adequacy assessment by the end of the year. It is also possible that, in the near future, the EU will publish revised sets of Standard Contractual Clauses to replace the existing SCCs in a bold effort to ensure that flows of personal data outside the European Union remain suitably protected. So what?

GDPR 120

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

The case for delaying the date the GDPR applies for a couple more years

Data Protector

A huge percentage of the organisations I’ve recently come into contact with have little chance of becoming “GDPR compliant” by May 2018. To be fair, a good proportion of these organisations have spent the past decade or so ignoring the professional advice that's available on how to better comply with the requirements of the existing data protection legislation.

GDPR 139

Warm words for the UK's intelligence privacy practices from the UN

Data Protector

I t’s not often that the UK is praised for the manner in which its intelligence agencies adopt appropriate data protection standards. So let's give due acknowledgement to Joe Cannataci, the UN’s Special Rapporteur on the right to privacy, who has recently used some very warm words to comment on these privacy practices.

In praise of. Elizabeth Stafford

Data Protector

Many of even the most dedicated members of the UK’s data protection fraternity may not have heard of Elizabeth Stafford. And that’s a shame. Because she, along with a small band of colleagues in the Department of Digital, Culture, Media & Sport are doing great things.

Briefing paper to Peers in advance of the Committee Stage of the Data Protection Bill in the House of Lords [30 October 2017]

Data Protector

Your Lordships This bill has been eagerly awaited by data protection professionals, whose careers depend on its successful passage. Please don’t worry too much that the bill is so very hard to understand. It's the Government’s way of ensuring that a select band of privacy professionals will be offered very significant salaries to decipher its contents and recommend ways of complying with the key provisions.

Paper 120

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

The debate on the Data Protection Bill in the House of Lords

Data Protector

What follows below is an edited version of the debate in the House of Lords of the Second Reading of the Data Protection Bill, held on 10 October.

GDPR 120

The future for “free” Subject Access Requests

Data Protector

Parliamentarians will soon be debating the merits of the Data Protection Bill, and I’m wondering whether much consideration will be given to the implications of the proposal to gift citizens with “free” Subject Access Requests. What parliamentarian might oppose such a measure? After all, what’s not to like about “free” stuff? But hang on a minute. This stuff is not “free”. Citizens will pay for it, in the end, through increased charges, as business costs rise for data controllers.

Access 120

How many audit controls does an organisation need to establish to show that it takes data protection seriously?

Data Protector

Whenever I visit a clinic for a health check, I’m asked a slightly different set of questions. Each clinic is very professionally run, and, until recently I haven’t been unduly concerned that the same questions aren’t always asked. I’ve generally been healthy, so I guess there was never any real need for the medical profession to probe too deeply. So, why should I be worried about different questions being asked about data protection?

GDPR 120

Scrutinising the Data Protection Bill: The case for a Keeling Schedule

Data Protector

Parliamentarians who are tasked with scrutinising the Data Protection Bill have an inenviable job. Can there be a less desirable appointment than siting on a Parliamentary Committee, scrutinising text that many seasoned data protection professionals have thrown their arms up in the air in despair over? Given that the Bill is intended to last a generation, (the current Act will have lasted 20 years by the time of its repeal) , surely we deserve something we can more readily understand.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

We have 480 days to go before the General Data Protection Regulation is “in force”. And then what? That's the question I’m being increasingly asked these days. Does it really mean that in 481 days, European privacy regulators will be heralding the first megafine for non-compliance with one of the GDPR’s more obscure requirements? I think not.

GDPR 131

Missing the GDPR deadline of May 2018: And then what?

Data Protector

As May 2018 looms, I’m aware of a growing number of companies that are seeking help with their GDPR compliance obligations. For most of them, it's a huge wake-up call. Many (me included) have been sent a stream of emails from self-styled “GDPR experts” containing dire warnings of ginormous fines for non-compliance.

GDPR 120

When does the General Data Protection Regulation not require firms to appoint a Data Protection Officer?

Data Protector

I’m increasingly asked whether particular firms actually need to appoint a Data Protection Officer in order to comply with the requirements of the GDPR. Given that the potential fine for non-compliance (with Article 37) is €10 million Euros or up to 2% of the total worldwide annual turnover, companies quite understandably don't want to get such a basic issue wrong.

B2B 131

Post Brexit, what options are available for a GDPR-light Data Protection Act?

Data Protector

Let’s think the unthinkable. Lets assume that, post Brexit, the British Government has an opportunity to decide how its data protection legislation should reflect the requirements of an aspiring British economy. And let’s assume that the Minister with responsibility for Data Protection asks for options about trimming back those elements of the General Data Protection Regulation that are unduly burdensome and, in practice, actually do very little to safeguard fundamental human rights.

GDPR 131

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Will the latest marketing and consent guidance result in a financial shortfall for charities?

Data Protector

Concern has been mounting that the attitude the Information Commissioner’s Office is currently taking towards charities will result in it becoming even harder to raise funds from supporters and potential supporters. New guidance about how charities should obtain consent to contact supporters, and how this consent should be used, has recently been published by both the ICO and the Fundraising Regulator. But are the regulators really raising the bar?

My (somewhat unreliable) data protection predictions for 2017

Data Protector

I’ve recently had a quiet year on the blogging front – my professional duties have prevented me from playing a more active role on the Internet during this year than I would have liked, but that is set to change in 2017.

GDPR 120

Apollo – they can’t still be up to their old tricks?

Data Protector

Two years ago I blogged about an unsettling experience I had with Apollo, a firm that had confused me as to what they were really all about. Since then, I’ve had a number of emails from people who have had similar experiences. Today, I’m reprinting (most of) the most recent one – which comments about an organisation called Apollo-Transitions. Surely, this is not the same company as the Apollo company I had encountered?

IT 120

My 7 top security publications from the ICO

Data Protector

Given what can only be described as an omnishambles of security breaches, is there much more that the ICO can do to warn data controllers of the risks they should take account of? Probably not. What might be helpful though, is data controllers refreshing their memories about the guidance which has emerged from the ICO over the past few years. In terms of the top 7 ICO publications, (virtual) copies of the following guides really ought to be at every DPO’s fingertips: 7.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

750 days to go before the new data protection rules bite

Data Protector

How often do organisations get 750 days’ notice of new rules that may require them to make huge changes to comply? Well, it’s happened. The European Commission has just announced that the General Data Protection Regulation, a mighty piece of legislation that took over 4 years to negotiate, will come into force on 25 May 2918. What will it mean to most organisations? Potentially, lots.

The (discrete) search for the new Information Commissioner

Data Protector

The (discrete) search to appoint a successor to David Smith, soon-to-retire Deputy Information Commissioner and Director of Data Protection is over. Shortly, the successful candidate will be unveiled. Don't worry, it’s not me. And a (discrete) search will commence to find a suitable replacement for Chris Graham, soon-to-be outgoing Commissioner. How secret should this process be, and when is it appropriate to extend the selection process?

Do privacy laws prevent police forces from naming suspects?

Data Protector

I was asked this question at 6.15 am today. And, if I knew the answer, was I available for a BBC radio interview immediately after the 7.00 am news? No and Yes were my answers – so I subsequently had a chat with BBC Radio’s Adrian Goldberg. The question arose because the Birmingham Mail had asked West Midlands Police to disclose the names and images of ten suspects it had been hunting for at least a decade for crimes including rape and murder.

A (light hearted and) handy guide to privacy activists for the under 10s

Data Protector

Privacy activists in the olden days There weren’t many privacy activists in the olden days. This was because there was no Internet, and very few people had heard of the Data Protection Commissioner. As it was expensive to make a telephone call, and texts had not yet been invented, it was quite hard to spread rumours and exchange information with lots of people you didn’t know.

Design Thinking for Product Teams: Leverage Human Insight Throughout Development

Product teams must increase their exposure hours with customers—seeing and hearing them. Human insights and the design thinking framework can be applied to your development cycle to help you build better products and experiences for your customers.