Data is one of the most important assets we have. Perhaps second only to its people? Not surprisingly many businesses are unclear whether they need a Data Protection Officer (DPO). Many appoint part-time DPO's, people doing 80% elsewhere in the business and 20% ‘looking after’ Privacy. What is right for your business?
We are providing virtual DPO services for clients, supporting the in-house part-time DPO's and in some cases being the DPO for the client. Are you confident managing Privacy with breach notification requirements, Privacy Impact Assessments, adapting privacy to support changing working practices, and of course keeping your colleagues up to date on what’s new, delivering regular training and awareness?
Privacy is a busy and growing space. Many of our clients and contacts are subject to General Data Protection Regulation, UK Data Protection Act and the California Consumer Privacy Act. All three impose access requests as a consumer right, but how are clients complying with these obligations? The European legislation allows 30 working days to respond, the Californian 45 days. Where businesses don't respond they can be hit with sizeable fines, European sizeable; California up to $7,500 a case.
We have seen the flow of data governed significantly with data frameworks, and in recent years we have seen these frameworks become international. In 2018 the European Union introduced the General Data Protection Regulations(GDPR), adopted and enshrined in local law across Europe. This set the standard with rights and obligations imposed.
Whilst today, the EU GDPR and its harmonisation is being challenged with respect to what we used to call Safe Harbour arrangements. Business in the EU and businesses beyond the EU could transfer data for business use with safeguards in place. This is now challenged with the Schrems and Schrems II cases brought by Austrian Privacy campaigner Max Schrems arguing that safeguards beyond the EU are not good enough to allow these data exchanges to occur. More to be heard in the New Year as the European Courts come back with their thoughts.
Beyond Europe, many countries are taking lessons learned from GDPR. Five African countries, including Nigeria, have formed a coalition to develop an African privacy framework, adopting GDPR best practice, including the enhanced role of the Data Protection Officer, consistent privacy laws and regulation. As with GDPR, the secure flow of data will support economic development in the region. And let’s not forget the Chinese. Last week they published their much-awaited Personal Information Protection Law, with significant learnings from the GDPR, including obligations for data controllers and informed consent.
Whilst businesses often have preferred services, most of us are communicating with people from other businesses with their own preferred service and communicating with people more and more this way in our personal life.Read more
With a 350% increase in phishing targeting employees and a growth in ransom and malware is your incident response and communications plan ready? Does everybody know their role and potential scenarios we might face?Read more
With a 350% increase in reported phishing and with huge growth in ransom and malware now is the most important time to consider your awareness program.Read more