Data, Education and GDPR - Information Management Today

Data breaches grow across UK education sector

IT Governance

NOVEMBER 29, 2018

A recent freedom of information request by chartered accountants UHY Hacker Young reveals a worrying rise in reported data breaches across the UK education sector. The post Data breaches grow across UK education sector appeared first on IT Governance Blog. Combat the most common cyber threats.

Education

Education Data breaches GDPR Government

IT Governance Podcast 2023-1: more ransomware attacks on the education sector, and DPC and Meta sued

IT Governance

JANUARY 13, 2023

This week, we discuss a series of ransomware attacks on 30 schools and colleges in the UK, legal action against both Meta and the Irish Data Protection Commission following last year’s massive Facebook GDPR fine, and the third stage of a cyber-defence-in-depth strategy: management.

Education

Education Ransomware Government IT

Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

Hunton Privacy

JULY 1, 2020

The Italian Data Protection Authority ( Garante per la protezione dei dati personali , “Garante”) recently announced that it levied a €600,000 fine on banking institution UniCredit for several violations of the Italian Personal Data Protection Code, in its pre-General Data Protection Regulation (“GDPR”) form.

Data breaches

Data breaches GDPR Personal data Education

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Government surveying further education providers before Brexit

IT Governance

SEPTEMBER 24, 2019

Among the uncertainty surrounding GDPR (General Data Protection Regulation) compliance – particularly with Brexit complicating things – the UK government has been a reliable source for advice. The GDPR and Brexit. The government’s advice will be invaluable for understanding how to manage your data protection requirements.

Education

Education Government GDPR Compliance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

GDPR: How the definition of personal data has changed

IT Governance

APRIL 10, 2019

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data. What constitutes personal data?

Personal data

Personal data GDPR Education Government

Department for Education’s handling of pupil data ruled illegal

The Guardian Data Protection

OCTOBER 7, 2020

Data watchdog finds ministry broke GDPR by mishandling national database for England The Department for Education broke the law in its mishandling of the national database containing details of every school pupil in England, the Information Commissioner’s Office has concluded in a highly critical report.

Education

Education GDPR Privacy IT

Sign up for the new education sector email updates

IT Governance

AUGUST 2, 2018

To support the wider education sector with data protection and cyber security, we are launching a sector specific email newsletter and blog series. To sign-up, send us ideas of what you would like us to cover or questions for us to answer, please leave complete this form and choose education as your sector. How to sign up.

Education

Education GDPR Data breaches Government

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: more than 59 million data records. BianLian claims to have exfiltrated 5 TB of data, comprising millions of sensitive documents. Data breached: 5 TB.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

Exploiting GDPR to Get Private Information

Schneier on Security

AUGUST 13, 2019

A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR) , which came into force in May 2018. Generally if it was an extremely large company -- especially tech ones -- they tended to do really well," he told the BBC.

GDPR

GDPR Education Compliance IT

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

IT Governance

DECEMBER 6, 2023

‘GDPR’ has become a familiar term. As privacy professionals, we see consumers exercising their rights to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. What’s not so evident is whether organisations are keeping their practices fully up to date and in line with the GDPR.

Data Privacy

Data Privacy Privacy GDPR IT

More than half of schools not compliant with the GDPR

IT Governance

MAY 2, 2019

Almost one year on from the introduction of new data protection laws, more than half of UK schools and colleges reveal they are not fully compliant. Despite this, 46% cited a lack of security awareness as one of the biggest challenges in complying with data protection regulations. Mandatory breach recording and reporting. The GDPR.co.uk

GDPR

GDPR Data breaches Compliance Phishing

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

IT Governance

FEBRUARY 6, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Eye4Fraud database allegedly leaked – 14.9 Data breached: 14,900,000 lines. million unique records, with 9.4

Data Privacy

Data Privacy Privacy Insurance Security

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant. Transparency is a core principle of the GDPR. Make sure people know they’re being recorded.

GDPR

GDPR Privacy Retail Personal data

7 steps to highly effective GDPR compliance

IT Governance

AUGUST 21, 2019

The GDPR (General Data Protection Regulation) hasn’t exactly crept up unnoticed over the past year or so, but it’s still caught many organisations by surprise. Meanwhile, although the specifics of Brexit are still unclear, one thing is certain: whatever happens, UK-based organisations will be subject to the GDPR’s requirements.

GDPR

GDPR Compliance Personal data Access

Belgian Privacy Commission Issues Guidance on Data Protection Impact Assessments Under the GDPR

Data Matters

APRIL 5, 2018

On 28 February 2018, the Belgian Commission for the Protection of Privacy (the “Privacy Commission”) published a recommendation setting out its approach to Data Protection Impact Assessments (“DPIAs”), and in doing so published a “White List” and a “Black List” of processing operations, pursuant to the General Data Protection Regulation (“GDPR”).

GDPR

GDPR Privacy Personal data Education

The GDPR: A year in review

IT Governance

MAY 23, 2019

A year ago this week, the GDPR (General Data Protection Regulation) took effect, promising to revolutionise information security. To mark the anniversary, we gathered a panel of data protection experts to discuss the effect of the Regulation and the future of data protection. Compliance fatigue’.

GDPR

GDPR Data breaches Compliance Retail

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

IT Governance

DECEMBER 5, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. According to CyberNews , more than 300 million data records were compromised, including 21,000 telephone numbers and 31,000 email addresses. Some payment card data was also exposed.

Data Privacy

Data Privacy Privacy Manufacturing Retail

Spanish Senate signs-off new GDPR-compliant Data Protection Act

DLA Piper Privacy Matters

NOVEMBER 21, 2018

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018.

GDPR

GDPR Personal data Access Education

What are the Data Subject Rights under the GDPR?

IT Governance

JUNE 15, 2018

Even though the EU General Data Protection Regulation (GDPR) is now in effect, many organisations are still working towards compliance. That’s certainly not the end of the world , but organisations will run into serious problems if they aren’t equipped to deal with data subject rights. The right to data portability.

GDPR

GDPR Personal data Compliance Access

Why is the GDPR still something I should be concerned about?

IT Governance

OCTOBER 15, 2018

The EU’s GDPR (General Data Protection Regulation) superseded all laws based on the EU’s Data Protection Directive, including the UK’s Data Protection Act 1998, on 25 May 2018. Some organisations believe that a simple privacy notice is all that is required, but the GDPR actually demands far more than that. .

GDPR

GDPR Data breaches Personal data Data collection

3 tips for successful GDPR staff training

IT Governance

NOVEMBER 21, 2017

Staff awareness should be a major concern for organisations looking to comply with the EU General Data Protection Regulation (GDPR). However, our 2017 GDPR Report found that less than 10% of organisations have provided GDPR staff awareness training to all employees. Why implement a GDPR staff awareness training programme?

GDPR

GDPR Compliance Education Data breaches

GDPR automated decision-making and profiling: what are the requirements?

IT Governance

NOVEMBER 9, 2018

In addition to data subjects’ rights to be informed, of access, to rectification, to erasure, to restrict processing, to data portability and to object, the EU’s GDPR (General Data Protection Regulation) sets out requirements relating to automated individual decision-making, including profiling.

GDPR

GDPR Personal data Financial Services Compliance

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

IT Governance

APRIL 22, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Compromised data includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers. Data breached: 5,300,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Security

Is your school GDPR-compliant? Use our checklist to find out

IT Governance

MARCH 28, 2019

At the recent ASCL (Association of School and College Leaders) conference , a guest said to us: “The GDPR ? How was it possible for someone to be so misguided about such a well-publicised regulation, the requirements of which have huge ramifications for the way organisations handle personal data? GDPR compliance in schools.

GDPR

GDPR Compliance Data breaches Personal data

How the CCPA and GDPR Are Different

KnowBe4

SEPTEMBER 10, 2019

The California Consumer Privacy Act (CCPA) was introduced just a month after the European Union instituted the General Data Protection Regulation (GDPR), earning the CCPA the nickname of “California’s GDPR.”. While the GDPR has been in effect since May of 2018, the CCPA is on track to become effective on January 1, 2020.

GDPR

GDPR Privacy Personal data Passwords

Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns

Security Affairs

APRIL 1, 2023

Italy’s data protection agency is temporarily blocking the popular chatbot ChatGPT due to a possible violation of the European data privacy regulation. The Authority pointed out that OpenAI does not alert users that it is collecting their data. “No way for ChatGPT to continue processing data in breach of privacy laws.

Privacy

Privacy Personal data GDPR Compliance

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data set is a collection of 1 billion credentials sourced from stealer logs and hosted on the illicit.services website. Data breached: 70,840,771 email addresses.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The GDPR has arrived – are you compliant?

IT Governance

JUNE 14, 2018

The EU General Data Protection Regulation (GDPR) has been in effect for almost three weeks now – are you compliant, are you still working towards compliance or are you unsure of where to start? Register for our free webinars to find out how you can get started with your GDPR compliance project. Upcoming webinars.

GDPR

GDPR Compliance Education Risk

We Finally Have Our First Big GDPR Fine: Data Privacy Trends

eDiscovery Daily

JANUARY 22, 2019

OK, we’ve been waiting for that first big fine for failing to comply with Europe’s General Data Protection Regulation and now we have one. million ) fine to Google for failing to comply with GDPR. million ) fine to Google for failing to comply with GDPR. They also need to provide a way for users to delete that data.

GDPR

GDPR Data Privacy Privacy Education

Government survey reveals GDPR awareness is falling short

IT Governance

FEBRUARY 8, 2018

The Cyber Security Breaches Survey 2018 from the Department for Digital, Culture, Media and Sport (DCMS) has revealed that only 38% of businesses and 44% of charities have heard of the General Data Protection Regulation (GDPR). Are your staff aware of the GDPR?

GDPR

GDPR Government Education Compliance

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. When must breaches be reported?

Personal data

Personal data Data breaches Data collection GDPR

How to implement a GDPR staff awareness training programme

IT Governance

OCTOBER 29, 2018

When organisations look to initiate a GDPR compliance programme, the ‘people’ factor is often overlooked. Yet staff awareness and education are key components of any organisation’s GDPR compliance framework. . Staff awareness training for the GDPR does not mean simply briefing your employees about the Regulation.

GDPR

GDPR Compliance Security awareness Education

How to implement a GDPR staff awareness training programme

IT Governance

OCTOBER 29, 2018

When organisations look to initiate a GDPR compliance programme, the ‘people’ factor is often overlooked. Yet staff awareness and education are key components of any organisation’s GDPR compliance framework. . Staff awareness training for the GDPR does not mean simply briefing your employees about the Regulation.

GDPR

GDPR Compliance Security awareness Education

GDPR priorities in the lead up to May

IT Governance

MARCH 1, 2018

GDPR compliance should be a priority and high on every organisation’s agenda with only three months until the regulation comes into effect on 25 May 2018. Training – make sure those responsible for the project are trained on implementing the GDPR in the workplace.

GDPR

GDPR Compliance Privacy Data breaches

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

On 16 November 2021, the French data protection supervisory authority (the “CNIL”) published a practical guide (“Guide”) on Data Protection Officers (“DPOs”). Among the organizations that have designated a DPO, the most represented sectors are, unsurprisingly, the public administration, education and health sectors.

GDPR

GDPR Compliance Personal data Communications

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Hathaway breached, 41.5 The compromised data allegedly includes names, email addresses and phone numbers.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

62% of organisations unaware of the GDPR

IT Governance

FEBRUARY 23, 2018

There is an alarming lack of awareness across all industries about the EU General Data Protection Regulation (GDPR) , according to a government survey. As you would expect, larger organisations were more likely to be aware of the GDPR. Preparing for the GDPR. The survey split respondents into businesses and charities.

GDPR

GDPR Compliance Insurance Personal data

Only 25% of UK law firms are prepared for the GDPR

IT Governance

NOVEMBER 20, 2017

A recent report from CenturyLink has highlighted a lack of preparation among UK law firms for the upcoming EU General Data Protection (GDPR) compliance deadline. The report questioned more than 150 legal sector IT decision makers in the UK and discovered that only 25% believe they are currently compliant with the GDPR.

GDPR

GDPR Compliance Data breaches Paper

Are your staff GDPR trained? Find out what you need to do

IT Governance

OCTOBER 30, 2018

Staff awareness training is a core component of GDPR compliance, yet many organisations haven’t implemented the necessary measures. Verizon estimates than one in four data breaches are caused by insiders. Breaches tend to happen because employees aren’t aware of the risks associated with handling personal data.

GDPR

GDPR Government Data breaches Information Security

Are your staff GDPR trained? Find out what you need to do

IT Governance

OCTOBER 30, 2018

Staff awareness training is a core component of GDPR compliance, yet many organisations haven’t implemented the necessary measures. Verizon estimates than one in four data breaches are caused by insiders. Breaches tend to happen because employees aren’t aware of the risks associated with handling personal data.

GDPR

GDPR Government Data breaches Information Security

What’s your data democratization strategy? How to successfully democratize data

Collibra

MAY 23, 2022

If you’re already sold on the importance of data democratization , you’re likely wondering how to get started with your data democratization strategy. How can you ensure that the right people can access the right data, at the right time? What is a data democratization strategy? Benefits of data democratization.

Education

Education Access Data science Libraries

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data is no longer publicly available. Data breached: >223,000,000 records. Data breached: >7,000,000 records. Data breached: 5,500,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Retail

What mixture of leadership styles should a decent data protection officer display?

Data Protector

AUGUST 21, 2020

Notwithstanding the specific obligations that are set out in Section 4 of the General Data Protection Regulation, I’ve known some that operate as one-man-bands, working in virtual isolation from the rest of the organisation. A number of the concepts in privacy laws, including the GDPR, can be difficult to comprehend.

Privacy

Privacy GDPR Risk Education

Data breaches grow across UK education sector

IT Governance Podcast 2023-1: more ransomware attacks on the education sector, and DPC and Meta sued

Webinars

Trending Sources

Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

Webinars

Government surveying further education providers before Brexit

Security Compliance & Data Privacy Regulations

GDPR: How the definition of personal data has changed

Department for Education’s handling of pupil data ruled illegal

Sign up for the new education sector email updates

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

Exploiting GDPR to Get Private Information

What it Takes to Be Your Organisation’s DPO or Data Privacy Lead

More than half of schools not compliant with the GDPR

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

Does your use of CCTV comply with the GDPR?

7 steps to highly effective GDPR compliance

Belgian Privacy Commission Issues Guidance on Data Protection Impact Assessments Under the GDPR

The GDPR: A year in review

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

Spanish Senate signs-off new GDPR-compliant Data Protection Act

What are the Data Subject Rights under the GDPR?

Why is the GDPR still something I should be concerned about?

3 tips for successful GDPR staff training

GDPR automated decision-making and profiling: what are the requirements?

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

Is your school GDPR-compliant? Use our checklist to find out

How the CCPA and GDPR Are Different

Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

The GDPR has arrived – are you compliant?

We Finally Have Our First Big GDPR Fine: Data Privacy Trends

Government survey reveals GDPR awareness is falling short

When are schools required to report personal data breaches?

How to implement a GDPR staff awareness training programme

How to implement a GDPR staff awareness training programme

GDPR priorities in the lead up to May

France: The CNIL publishes a practical guide on Data Protection Officers

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

62% of organisations unaware of the GDPR

Only 25% of UK law firms are prepared for the GDPR

Are your staff GDPR trained? Find out what you need to do

Are your staff GDPR trained? Find out what you need to do

What’s your data democratization strategy? How to successfully democratize data

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

What mixture of leadership styles should a decent data protection officer display?

Stay Connected