Why the BA Fine Was So High, and What YOU Can Do To Avoid the Same

I have long maintained that fines under GDPR are the last resort, and that the ICO do NOT want to use Article 83 of the GDPR as a stick to scare organisations into compliance.

The ICO commissioner, Elizabeth Denham has even said as much herself, using the word “nonsense” when it was suggested that large fines would become the norm, that “Issuing fines has always been, and will continue to be, a last resort[…]“, and “While fines may be the sledgehammer in our toolbox, we have access to lots of other tools that are well suited to the task at hand and just as effective […]“.

Continue reading

How Valid Can the IAPP’s Certifications Be?

I have made no secret of my distain for the ‘GDPR Practitioner Certification‘ badge, and I still have no time for it, or its recipients who pass it off as real-world experience. But what alternatives are there if you want to obtain some form of data protection certification / privacy education?

The de facto standard, and really the only player in town, is the International Association of Privacy Professionals (IAPP), and their flagship badge, the Certified Information Privacy Professional (CIPP), is the most widely recognised and respected acronym you can add to your CV/resume. It’s the equivalent of the CISSP for those of us in the cybersecurity industry.

Continue reading

Artificial Intelligence (AI)? You’ve Just Lost Two Buyers

I am absolutely sick to death of security vendors using the buzz-phrase Artificial Intelligence (AI) as a descriptor for their product or service.

Because:

  1. AI does not even exist yet, the most you can say is that it’s very clever programming;
    o
  2. Not everyone is a fan of AI.

So, by trying to claim your product uses AI, you have now alienated 2 types of people; 1) those who hate bullsh*t artists, and 2) the paranoid.

In cybersecurity, there are a lot of both.

Continue reading
Selling Security

Selling Cybersecurity: What We Can Learn From The Ice Bucket Challenge

In July/August 2014 the ALS Ice Bucket Challenge changed forever how charities should have organised their fundraising efforts. Replacing the usual guilt-trip approach with something fun/’socially mandatory’ resulted in hundreds of millions being donated to a cause few people had even heard of, let alone cared about.

Continue reading
GDPR Fines

Does ISO 27001 Certification Give You Immunity From GDPR Fines?

I was actually chuckling to myself as I wrote that title because I know you were thinking [the equivalent of] one of the following as you clicked on the link:

  • If you have not read the GDPR: “That would be awesome!”
  • If you have read the GDPR: “Don’t be so bloody stupid.”
Continue reading