GDPR Fines

Does ISO 27001 Certification Give You Immunity From GDPR Fines?

I was actually chuckling to myself as I wrote that title because I know you were thinking [the equivalent of] one of the following as you clicked on the link:

  • If you have not read the GDPR: “That would be awesome!”
  • If you have read the GDPR: “Don’t be so bloody stupid.”
Continue reading
GDPR Expert

Finding the Right GDPR ‘Expert’ to Help Your Business

I have lost count of the number of times I have included phrases like; “You have to ask the right questions.” into my blogs, or into conversations with prospective clients. One of my primary roles as a consultant is to to either help my clients do just that, or to give them the right answers first if they are just too far behind the curve.

Continue reading
Right to Erasure

GDPR: The Right to Erasure Does Not Always Mean Forgotten

The title should actually be more in question form; Did you know that there’s even a difference between being erased and being forgotten?

Article 17 of the GDPR is “Right to erasure (‘right to be forgotten’)“, which suggests they are the same thing. They are not [quite], and I think the only reason the right to be forgotten was added in brackets is because everyone was already calling it that. But it’s just not accurate …enough.

Continue reading
British Airways

BA Faces £500M Fine: Shut Up and Get Your FACTS Straight!

Just about every major news outlet in the UK has the same headline for the BA data breach: “BA faces record £500M fine for data breach!“. Some are not content with even this degree of utter nonsense and are actually making things worse by saying that affected passengers are now “threatening boycott“.

Continue reading
Lawful Basis for Processing

GDPR: Getting to the Lawful Basis for Processing

I have made no secret of my distain for organisations and individuals who consider themselves qualified to determine their client’s lawful basis for processing without having the necessary education or experience to do so. Just reading the GDPR a few times and doing some homework (like me), or taking the “Certified” GDPR Practitioner course (or equivalent), does NOT qualify you to talk legal matters with anyone. Don’t try.

Continue reading