In this webinar with iSTORM, specialists in privacy, security and penetration testing, we will look at how far cybersecurity education and awareness have come over the last two decades and what are the priorities for the future to ensure a secure and interconnected world.
This free, one-hour webinar will combine practical advice with the latest cyber concepts and challenges your organisation should know. From best practices in password management and multifactor authentication to the increasingly sophisticated ways scammers target companies with phishing attempts.
This webinar will cover:
– New cyber disclosure rules from the SEC and EU – Best practice in breach reporting and GDPR compliance – What all organisations must do to protect themselves – Key governance requirements for cybersecurity – Future trends in data protection and cybersecurity
The webinar will feature experts from the consultancy iSTORM and the VinciWorks compliance team.
Concerns about AI and its potential dangers have been raised by industry professionals, prompting calls for action. Over 50,000 signatories signed a letter in March urging an immediate halt in the development of “giant” AIs and the establishment of robust AI governance systems.
The EU’s General Data Protection Regulation (GDPR) has now been in force for five years. During that time, fines have totalled close to €2.8 billion, with over €1 billion in fines coming in the past 12 months. The most recent fines show that both large and small businesses are subject to regulators’ scrutiny.
Listen again to our webinar on GDPR’s fifth anniversary to look at the effect the regulation has had on the way we collect and process data and what we can expect going forward. We were joined by our own in-house DPO and went through the key developments in GDPR from across the EU.
The webinar will cover: – A review of where businesses are falling short in GDPR compliance – What can we learn from recent GDPR fines and enforcement actions? – An update on the UK government’s proposed GDPR reforms – The GDPR risks of AI services like ChatGPT – Best-practice guidance – How to take your GDPR compliance to the next step
As the UK grapples with if, how, when and exactly what it will replace GDPR with (or not), there’s some data which shows the wider compliance gap with whatever data protection regime the UK will come up with.
Data from the UK government’s own impact assessments paint some stark figures. There are over 4 million companies in the UK, each one of these registered with Companies House. There is just over a million companies registered as data controllers on the ICO’s public register.
Under GDPR, a data subject has the right to obtain confirmation as to whether or not their personal data is being processed. The right to receive data under a subject access request must not adversely affect the rights and freedoms of others. You cannot comply with a subject access request if it would adversely affect someone else’s rights. If the information is subject to legal privilege or concerns a third party, it may not be able to be released.
What is a subject access request?
Data subjects are entitled to find out what personal data is held about them by an organisation, why the organisation is holding it and who else knows the information. The process of finding this out is known as a subject access request, or SAR.
A subject access request is not the same as a Freedom of Information (FOI) request. An FOI request covers all information held only by public authorities, but not personal information about the person making the request. If you are not a public body or otherwise covered by FOI legislation, an FOI request cannot be made to you.
The government have published the draft legislation to amend the data protection regime in the UK. The Data Protection and Digital Information Bill (DPDIB), which was introduced to Parliament just before the summer recess and before the appointment of the new government in September, would modify the existing UK version of GDPR and cause some significant areas of diversion with EU GDPR. Earlier this year, VinciWorks outlined the key changes that were expected to be made. The aim of the new UK data protection legislation is to ease GDPR requirements for companies and make them less burdensome.
What are the key changes the UK data protection bill seeks to introduce?
Among other things, the changes will:
amend the definition of personal data
use AI to process sensitive data and other information
add new legitimate interests
remove the requirement for cookie consent
amend accountability requirements
remove the need to appoint a data protection officer
charge fees to access your own data
remove record-keeping requirements
reform of the Information Commissioner’s Office (ICO)
raise fines for PECR breaches
Even though the bill proposes widespread changes, it actually preserves the existing UK GDPR and the PECR, as it was drafted as an amending act rather than a completely new legislative instrument.
In addition, there is a chance that political factors could stymie the bill. If an election is called prior to the bill receiving royal assent, it won’t become law. The UK’s adequacy status with the EU remains a question, even though the government has expressed the opinion it is entirely possible to retain it.
New courses and resources coming soon
VinciWorks is closely following the legislation and will, in the coming weeks and months, be releasing new updated resources, guides and a completely revised UK GDPR course that will reflect the changes and keep you and your organisation aware of everything you need to know about the updated bill.
You can keep up with the latest via our blog and through the Regulatory Agenda that we publish, which documents new and important compliance regulations.
The EU’s General Data Protection Regulation (GDPR) has now been in force for four years. GDPR’s reach is global, and in the four years that it’s been in force, fines have reached a total of over €1.6 billion, with the majority of fines having been levied in the past 12 months. Also during that time, the UK left the EU, data protection regulation reforms were announced in the UK and the ICO appointed a new commissioner.
Any company that offers goods or services to anyone in the EU is required to comply with GDPR, and any employee who collects, processes or stores data as part of their responsibilities, needs to be trained in data protection rules and regulations, including business owners, directors, managers, supervisors, staff and contractors.
But now it’s been over four years since GDPR came into force and some might be asking if it’s still relevant, and why they should still care.
Thank you to everyone who came along to last week’s GDPR webinar. We had a number of questions during the webinar and we’ve answered them all here in this blog. Please contact us if you would like a personalised discussion on your data protection compliance needs.
Top 12 GDRP questions and answers
How can I legally transfer data to the USA?
Right now the way to legally transfer data to the USA is using the standard contractual clauses, or the British equivalent mechanism. This means going through a risk assessment process, filling out all the paperwork of who the data is going to, who processes it etc.
Think of it like exporting physical goods. Paperwork needs to be filled out at the port of exit and properly done so, and data is unfortunately no different. But do the paperwork correctly and there shouldn’t be too many problems.
The EU’s General Data Protection Regulation (GDPR) has now been in force for four years. During that time, fines have reached a total of over €1.6 billion, with the majority of fines having been levied in the past 12 months. Also during that time, the UK left the EU, data protection regulation reforms were announced in the UK and the ICO appointed a new commissioner.
On the fourth anniversary of GDPR coming into force, we took a look at the last four years of GDPR, the effect the regulation has had on the way we collect and process data and what we can expect going forward.
The webinar covered:
A review of where businesses are falling short in GDPR compliance
What can we learn from recent GDPR fines?
How the UK’s data protection reforms affect UK GDPR
How to implement an effective GDPR compliance programme
On May 25, 2018, the General Data Protection Regulation (GDPR), a law regulating how businesses must handle personal data, came into effect. The impact on how online user data had to be handled was massive. Shortly thereafter, on 28 June that year, the California Consumer Privacy Act (CCPA) was passed, going into force on 1 January 2020. On August 14, 2020, the final regulations were approved and it immediately went into effect. To the relief of those companies that were already GDPR compliant, CCPA is, in many ways, a more lenient version of GDPR. However, there are important differences.
GDPR legislates how companies in the EU must handle personal data. This includes names, email addresses, location data, browser data, etc. This legislation places a responsibility upon companies to be transparent in their handling of personal data and maintain records of how they process that information. The law is meant to ensure that individuals always retain control over their information. Most importantly, consent to use personal information must be explicitly given before being collected and can be revoked whenever it is requested. There is no such thing as implicit consent. For example, browsing or scrolling through a website cannot be considered consent to collect and make use of personal information.