Ode to DPO’s managing GDPR risk

The General Data Protection Regulation is “risk” based legislation.  This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities.  It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.

Get your head above the crowd and KPI your Data Protection Programme

Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.

Santa’s getting certified – but its not what you think!

When is a DPIA not a DPIA?

DATA PROTECTION NEW YEAR’S RESOLUTIONS STOP PUTTING YOUR DATA PROTECTION OBLIGATIONS ON THE LONG FINGER

WE AUDITED SANTA AGAINST THE FORT PRIVACY MATURITY MODEL. DID HE PASS OR FAIL?

5 REASONS WHY GDPR IS NOT Y2K

DATA PROTECTION ON A SMALL SCALE!

HOW COMPLEX IS DATA PROTECTION, REALLY?