Analysing Data Breaches Caused by Human Error
Data Protection – IT Governance Blog
by IT Governance
8h ago
A deep dive into the ICO’s numbers We often hear the terms ‘accidental breach’ and ‘internal threat’, but how common are these phenomena? To find out, we analysed the ICO’s (Information Commissioner’s Office) public data set. Specifically, we looked into four data breach types caused by human error: Data posted or faxed to incorrect recipient Data emailed to incorrect recipient Failure to use Bcc Failure to redact Note that this data set only accounts for personal data breaches reported to the ICO, so it only reflects breaches affecting UK residents. The number of data breaches that actually ..read more
Visit website
GDPR Article 28 Contracts: What You Need to Know
Data Protection – IT Governance Blog
by Kyna Kosling
1w ago
An overlooked GDPR requirement AND a business enabler Andy Snow has trained thousands of people on the GDPR (General Data Protection Regulation). So, he’s a good person to ask about what areas people find challenging. His response? “The data-sharing aspects of contracts.” As a trainer, Andy regularly receives praise for his engaging delivery style, bringing the subject matter to life with real-world examples. In this conversation, he did the same. Andy’s explanations show the importance of this overlooked area of GDPR compliance. Contracts aren’t just a GDPR requirement. Doing your due diligen ..read more
Visit website
Records of Processing Activities (ROPAs): Simplifying GDPR Compliance
Data Protection – IT Governance Blog
by Kyna Kosling
1w ago
Expert insight from a data privacy trainer and DPO “Organisations tend to overcomplicate GDPR [General Data Protection Regulation] compliance.” That’s what data privacy trainer and DPO (data protection officer) Andy Snow said when I asked him, in honour of the Regulation’s sixth anniversary, what organisations are still struggling with when it comes to GDPR compliance. This seems a common theme. Louise Brooks, head of consultancy at our sister company DQM GRC, remarked that many organisations tend to see the GDPR as prescriptive, stemming from misunderstandings around how the Regulation actual ..read more
Visit website
What it Takes to Be Your Organisation’s DPO or Data Privacy Lead
Data Protection – IT Governance Blog
by IT Governance Consultant
7M ago
‘GDPR’ has become a familiar term. We recognise the visible and consumer-facing aspects of it in our everyday lives. As privacy professionals, we see consumers exercising their rights to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. What’s not so evident is whether organisations are keeping their practices fully up to date and in line with the GDPR. For instance: Since adding unsubscribe buttons, those same organisations may have purchased marketing email lists without confirming the lawful basis under which the personal data was collected ..read more
Visit website
How to identify data breaches when you have a hybrid workforce
Data Protection – IT Governance Blog
by Luke Irwin
3y ago
As we emerge from the pandemic, hybrid working has proven hugely popular for individuals and organisations alike: staff enjoy increased flexibility and reduced commuting, and organisations benefit from lower overheads and greater productivity. Plus, the environmental benefits of homeworking are unmistakable.  However, hybrid working also provides greater opportunities for cyber criminals. It introduces new security vulnerabilities, makes staff more susceptible to phishing attacks, and  ..read more
Visit website
How can organisations close the cyber security skills gap?
Data Protection – IT Governance Blog
by Luke Irwin
3y ago
A UK government report published last year found that 48% of organisations lacked the expertise to complete routine cyber security practices. This includes an inability to protect against malware, set access controls and apply updates. The report also found that 30% of organisations had skills gaps in more advanced areas, such as penetration testing, forensic analysis and security architecture. Almost as many (27%) have a skills gap when it comes to incident response. At first glance, these figures are hard to believe. The importance of effective cyber security is discussed often, and the intr ..read more
Visit website
How to become a data protection officer
Data Protection – IT Governance Blog
by Beth Greenall
4y ago
The EU GDPR (General Data Protection Regulation) requires certain organisations to appoint a DPO (data protection officer) to help them comply with the Regulation. However, a shortage of DPOs means many organisations are appointing staff to act as DPOs without the proper level of expertise, experience or qualifications. The GDPR stipulates that DPOs should have appropriate experience and qualifications to fulfil the role. What do data protection officers do? A DPO is an independent data protection expert who is responsible for advising an organisation on how to comply with its regulatory requ ..read more
Visit website
Your DPO questions answered
Data Protection – IT Governance Blog
by Luke Irwin
4y ago
Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect earlier this year. For many, that has included the mandatory appointment of a DPO (data protection officer) to ensure key requirements of the Regulation are being met. But with so many uncertainties about what effective data protection should look like, many DPOs have been thrust into the role without time to think about how best to approach their tasks. That’s why we sought the advice of information security consultant James Tu ..read more
Visit website
What is data loss and how does it work?
Data Protection – IT Governance Blog
by Luke Irwin
4y ago
Data loss refers to the destruction of sensitive information. It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). Data can be lost in several ways – occurring either accidentally or maliciously – and will cause numerous problems for your organisation. In this blog, we explain what you need to know and provide data loss prevention tips. What causes data loss? There are several types of data loss, which can be separated into four categories. Human error Organisations’ biggest risks ar ..read more
Visit website
How breach detection tools can help organisations save money and protect their reputation
Data Protection – IT Governance Blog
by Luke Irwin
4y ago
An organisation’s ability to respond promptly to security incidents has a huge impact on the costs it incurs. According to Ponemon Institute’s Cost of a Data Breach Report 2020, organisations that are able to detect and respond to an incident within 200 days save about $1 million (about £770,000) on average. This fact – along with the alarming news that 1.5 million businesses in the UK suffered a data breach in 2019 – means that organisations must prioritise data breach identification. The problem is that, with so much data being shared internally and among third parties, it can be almost impo ..read more
Visit website

Follow Data Protection – IT Governance Blog on FeedSpot

Continue with Google
Continue with Apple
OR