Santa — Jolly Old Man or Privacy Risk?

As the first Christmas post-GDPR approaches here’s a pressing question. How well prepared was Santa for the introduction of the new EU General Data Protection Regulation in 2018?

Legitimate Interests under the GDPR – Handle with Care!

Many entities are hoping to rely on “legitimate interests” as a legal ground for the processing of personal data. However, while legitimate interests may well be the most flexible ground for processing personal data, it’s not necessarily the easiest.

GDPR Preparation for your Legacy Data

Figuring out what to do about legacy data is one of the big challenges facing businesses preparing for the GDPR. Legacy data is data that a business processes now, under the existing data protection rules. These rules will change under the GDPR which sets new standards for processing data...

5 Reasons why GDPR is not Y2K

I have heard GDPR compared to Y2K a couple of times this week. Mostly by people who don’t remember Y2K and who also don’t really understand GDPR. I am (sadly) old enough to have been there for Y2K and (happily) have developed a pretty good understanding of the operational impacts of GDPR.

Out with the old and in with the new – privacy notices under the GDPR

Most companies have some form of privacy notice on their website. To date, they have been deployed “en masse” and for the most part without any real thought to address the main focus of a privacy notice – to detail the personal data processing activities of the organisation...

Would you be surprised by your data?

It's a common thread for us at Fort Privacy when we open our conversation about data protection and getting prepared for GDPR. People tell us they are surprised (and often appalled!) at what they find when they start examining their data in detail...

Data Protection on a small scale!

My mother was the original online shopper – long before the internet was “invented”! Every Friday morning, she phoned our local grocery store and spoke to Marian or Fiona in the office and gave them her shopping list for the week. Someone in the shop would follow her (strict) instructions...

Controllers and Processors – A very special relationship

Controllers and processors have always enjoyed a special relationship under data protection law. That relationship has been generally one where the controller takes on all of the responsibility for any shortcomings of the processor. Fines are imposed on the controller, enforcement notices are...

How to prepare for Data Access Requests under GDPR

One of the powers bestowed on data subjects by data protection regulation is the power to request information about the personal data that is held by a company or authority. It is the power to make subject access requests. This is one of the most powerful tools given to individuals...

10 Privacy Lessons from Ashley Madison for every business!

If (like me!) you only heard of Ashley Madison when you heard the news that a database of 36 million people actively looking for “married dating and discreet encounters” had been hacked. The discreet encounters were attracting indiscreet publicity....

How complex is data protection, really?

Sometimes I wonder whether the complex and high profile data protection cases that go through the European Court of Justice do more harm than good in advancing the adoption of good data protection practice. These cases are complex and inaccessible to most of us.

Rules of establishment for European data controllers and data processors

In July, I told the short version of the story of Mario Costeja González. His crusade to have an 11-year-old embarrassing newspaper report removed from search results on his name brought him up against Google and into the European Court of Justice...

How data protection is everyone’s responsibility

Who takes responsibility for data protection in your organisation? Most organisations who fail badly when it comes to data protection fail because of a classic error. Data protection is “somebody else’s problem”. The legal team look after that or it IT’s responsibility to keep our data secure...

How GDPR impacts a data controller based outside the EU

GDPR applies if you are a data controller or data processor based in the EU. This article explores the impact for those companies who are based outside the EU but do business with data subjects based within the EU.

Is your website giving out data protection warning signs?

Asking for too much information is another sign that someone is not thinking about customers privacy. Do your customers have to think “I wonder why they need that?”

Getting your Business “GDPR Ready” – Three “Golden Rules”

I always think data protection is a bit like housework. It's only when you don’t do it that it becomes noticeable. The dust starts to gather, the floors get sticky, windows get streaky and visitors start refusing offers of cups of tea on (unspoken) health grounds.