GDPR: lawful bases for processing, with examples

IT Governance

For tasks carried out in the public interest or exercise of authority vested in the data controller. For example, when you process staff data for payroll purposes, contractual obligations will apply, as staff will have signed a contract of employment.


Digital transformation threats and opportunities in travel and transportation

DXC Technology

In travel and transportation most companies today don’t look at customer journeys as a collaborative exercise. A railway, for example, may only care that it has moved passengers safely from station A to station B.

Man Behind Fatal ‘Swatting’ Gets 20 Years

Krebs on Security

For example, perpetrators of swatting often call non-emergency numbers at state and local police departments to carry out their crimes precisely because they are not local to the region and cannot reach the target’s police department by calling 911.

Intelligent Information Management - Learning from CHOCOLATE?!


Everyone participated and was engaged throughout - livened up with a few good stories and examples of lessons learned that they shared. One of the exercises I developed was called "The Taxonomy of Salad".

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

But it would also be nice if more police forces around the country received additional training on exercising restraint in the use of deadly force, particularly in responding to hostage or bomb threat scenarios that have hallmarks of a swatting hoax.

How to prepare for the California Consumer Privacy Act

Thales eSecurity

For example, data collected by an entity may not be associated with an individual but could identify a household. Also, entities under the CCPA must post a “Do Not Sell My Personal Information” link on their websites allowing consumers to easily exercise their right of opting-out. (4)

Is Co-Authoring the Right Prescription for You?


My doctor wrote a prescription for a stronger analgesic, advised me to get more exercise, and sent me on my way. Pharmaceutical and Life Science are good examples of industries that are feeling the pain. Submissions to the Food and Drug Administration, for example, can total hundreds, if not thousands, of pages. Several months ago, I developed a nagging pain in my right shoulder. Nothing much at first, but over time, it got worse.

What is data protection by design and default

IT Governance

In this blog, we explain how data protection by design and by default works, and provide examples of the steps you should take to achieve it. Examples of data protection by design. Examples of data protection by default.

What is ‘privacy by design’?

IT Governance

This method also enables you to assess the risks in your data processing activities and identify where controls are required, for example, assessing privacy and data security risks.

Navigating China: The digital journey

DLA Piper Privacy Matters

Promotion of online mechanisms for users to exercise data subject rights (deletion, de-registration, access, correction, revoke consent etc.). Episode 6: Further developments in PRC data privacy regulations.

Username (and password) free login with security keys

Imperial Violet

In practical terms, web sites exercise this capability via WebAuthn , the same API that handles the traditional security key flow. While it doesn't matter for the web, one might want to use security keys to act as, for example, door access badges; especially over NFC. Thus the pertinent resident credentials would have to be discoverable and exercisable given only physical presence.

CHINA: important new developments in PRC data privacy regulations

DLA Piper Privacy Matters

Promotion of online mechanisms for users to exercise data subject rights (deletion, de-registration, access, correction, revoke consent etc.). Specific examples are given of what might constitute excessive data collection for certain types of apps, such as car hailing, e-commerce and IM apps.

Business Architecture and Process Modeling for Digital Transformation


Fidelity International is an example of a successful digital transformation adopter and innovator. With it, any transformation initiative becomes a simple, streamlined exercise to support distributed information capture and management, object-oriented modeling, simulation and collaboration.

The Customer Journey Digital Transformation Workbook

Bill Schmarzo - Dell EMC

To support this training, we created a methodology that guided the students through a digital transformation exercise. For example, digital renders distribution intermediaries obsolete (with limitless choice and price transparency). For example, Customer Journey Mapping provides a step-by-step guide to putting the customer you serve at the center of your design process, and to come up with new answers to difficult customer problems and challenges [1].

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist


GDPR on the other hand is designed to primarily enable data subjects to exercise greater degree of control over the processing of their personal information. This is yet another example of where regulation is addressing a problem in the rear view mirror rather than looking at the road ahead….

Pwned Passwords, Version 5

Troy Hunt

There's often biases in password distribution due to the sources they're obtained from, for example the prevalence of the service's name or other attributes or relationships to the breached site. Consistently, I'm hearing the results of this exercise are.

Communicating About Cybersecurity in Plain English

Lenny Zeltser

I’m not suggesting that the resulting statement should replace the original text; instead, I suspect this exercise will train you to write more plainly and succinctly.

5 things HR departments need to know about data protection

IT Governance

A contract with the individual : for example, to supply goods or services they have requested, or to fulfil an obligation under an employee contract. A public task : for example, to complete official functions or tasks in the public interest.

Does your use of CCTV comply with the GDPR?

IT Governance

You must tell people when you’re collecting their personal information to give them the opportunity to exercise their data subject rights. There are six bases in total and, with the exception of consent , each one might be suitable in different circumstances: A contract with the individual : for example, to supply goods or services, which may include a provision that those services are monitored. For example, it might say, “CCTV is in operation for the purpose of public safety”.


Artificial Intelligence: 6 Step Solution Decomposition Process

Bill Schmarzo - Dell EMC

For example, PNC Financial Services Group’s annual report mentions the business initiative to “grow profitability through the acquisition and retention of customers and deepening relationships.” We will use this “increase customer retention/reduce customer attrition” business initiative for the rest of this exercise. For example, instead of asking: “What was customer attrition last month?” The results of this exercise might look like Figure 7. It’s simple.

Watch out for scams as Brexit confusion intensifies

IT Governance

Brexit is clearly a pressing issue for many organisations, but we urge you to exercise caution whenever you receive communications out of the blue relating to the UK’s departure from the EU. The course content is updated quarterly to provide the latest real-world examples of phishing emails. The confusion around Brexit has not cleared up despite the increased urgency and ongoing discussion about what will happen and when.

Is your organisation equipped for long-term GDPR compliance?

IT Governance

It could be a simple tick-box exercise, with the unchecked steps forming the gaps that need to be addressed. Providing this information helps individuals understand their rights and how they can be exercised. Last week, the GDPR (General Data Protection Regulation) turned one year old.


CNIL Details Rules On Audience and Traffic Measuring In Publicly Accessible Areas

Hunton Privacy

On October 17, 2018, the French data protection authority (the “CNIL”) published a press release detailing the rules applicable to devices that compile aggregated and anonymous statistics from personal data—for example, mobile phone identifiers ( i.e. , media access control or “MAC” address) —for purposes such as measuring advertising audience in a given space and analyzing flow in shopping malls and other public areas.

Where does data flow mapping fit into your GDPR compliance project?

IT Governance

You should begin your data mapping exercising by identifying the following key elements: Data items (e.g. This blog has covered the basics of data flow mapping, but you can get more comprehensive advice by reading Conducting a Data Flow Mapping Exercise Under the GDPR.


Why Personal Data Privacy Needs a Customer-centric Focus


More specifically: 84% of respondents claim to know of the right to opt out of direct marketing, and 23% say they have exercised this right. Awareness among consumers of their rights under GDPR – and their willingness to exercise those rights – will only increase over time.

#ModernDataMasters: Mike Evans, Chief Technology Officer


If you are not tying what you are doing, in any kind of data initiative, to a business vision and some tangible outcomes that a business is trying to achieve, then MDM can become just a complex academic exercise.”. Kate Tickner, Reltio.

MDM 82

UK: Greater Scrutiny for Public Sector Contractors: The ICO’s Proposals for Reform to the Freedom of Information Regime

DLA Piper Privacy Matters

Under section 5 of the Freedom of Information Act 2000 (FOIA), the Government has the power to designate private sector suppliers as a public authority for the purposes of FOIA legislation (and therefore be subject to FOIA requests and issue publication schemes) if they are exercising functions of a public nature. The ICO notes in the report that the EIR do not permit the designation of organisations exercising functions of a public nature in the same way as section 5 FOIA.


Why your DPO needs specialised training

IT Governance

It’s only through practical exercises that DPOs can learn to bridge that gap. Using practical examples and exercises, you’ll learn how to fulfil the DPO’s tasks and develop the soft skills that the role requires.

California Consumer Privacy Act: The Challenge Ahead — Data Mapping and the CCPA

HL Chronicle of Data Protection

As part of our ongoing series on the CCPA and its implications, this post sets out key issues and questions to consider when contemplating a data mapping exercise. For example, beyond the immediate benefit of assessing risks and identifying legal obligations, a data mapping exercise can promote organizational hygiene, identify problematic practices and security risks, and uncover operational inefficiencies.

Sales 62

How to start your career in cyber security

IT Governance

Account executives and junior penetration testers, for example, tend to have little work experience, and can learn while on the job. A version of this blog was originally published on 8 December 2017.

Is the Brazilian Data Protection Framework marching to a bleak future?

Privacy Surgeon

One good example is a 1996 Senate Bill on the structuring and use of records and databases on data about individuals (a rough version of personal data). By: Thiago Moraes and José Renato Laranjeira de Pereira.

Retired Malware Samples: Everything Old is New Again

Lenny Zeltser

When training professionals how to reverse-engineer malware , I’ve gone through lots of malicious programs for the purpose of educational examples. For example, I recently came across a DarkComet RAT builder that was surreptitiously bundled with a DarkComet backdoor of its own.

How to write a GDPR-compliant data subject access request procedure

IT Governance

Recital 63 of the GDPR states, “a data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.”.

The Need for Strong Federal Data Privacy Legislation


Managing up to 50 different “flavors” of privacy legislation would be a daunting or even futile exercise for companies that do business nationwide, with a disproportionate impact on new or smaller businesses.

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

State-of-the-art telepresence gear, supplied by Merit Network , funnels everything from capture-the-flag exercises to full course work and certification testing to earn 42 different professional designations. Take, for example, 17-year-old Pinckney senior Aidan Ozias.

Beyond Compliance – Personal Data Protection as a Key Differentiator


For companies, getting data privacy right is no longer just a compliance exercise – a box to be ticked. For example, GDPR is actually part of the EU’s Single Digital Market initiative, which seeks to empower both its citizens and its economy.

What Should Be The Core Competencies For Cybersecurity For C-Suite

Cyber Info Veritas

This example, therefore, serves to show you the importance of taking cybersecurity seriously since a cyber attack can terribly damage an organization’s reputation and even lower the quality of the service or product it offers.