GDPR Now!

This episode is part of our series of updated podcasts addressing security & privacy concerns resulting from the coronavirus pandemic and the shift in working practises for millions of businesses across the UK and the world. In this episode, we start our series of discussions on track and trace apps from around the world. Today, we are are discovering how track and trace is being managed in Australia. To discuss this with us, we are delighted to have Katherine Sainty and Belyndy Rowe from Sainty Law, a boutique law firm specialising in privacy, big data, technology & cybersecurity in Sydney. Katherine and Belyndy are going to talk to us about what is happening in Australia. GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO. www.dpo4business.co.uk www.thisisdpo.co.uk. Guest/s Katherine Sainty Director Katherine is the founder and team leader at Sainty Law. Katherine is a corporate and commercial lawyer who specialises in digital, technology and media law. http://www.s

Regular listeners will have already heard our episodes on what DPOs need to know about cyber security, and COVID 19 impact on data protection. gdpr, privacy, data security, cyber crime, data protection, SME In this episode, we are going to talk about the exponential rise of cyber crime as a business, the need to understand the risks and the security challenges for SME's. This episode is part of our series of updated podcasts addressing security & privacy concerns resulting from the coronavirus pandemic and the shift in working practises for millions of businesses across the UK and the world. We are delighted to have Zohar Rozenberg (Col. Ret.) who is the Chief Security Officer at Elron, a leading Israeli holding company dedicated to building technology companies. Aside from an impressive career in Israeli defence and cyber security, Zohar has written a number of recent articles on cyber issues: https://www.cisomag.com/cyber-startup-hub-in-israel-declines-as-global-competition-rises-elron-vp/ https://

Welcome to another episode of GDPR Now, a podcast dedicated to data protection and all things data security and privacy. This week’s episode is Group Action lawsuits arising from data breaches. We continue our series of podcasts addressing concerns resulting from the coronavirus pandemic, such as increases in data breaches arising from IT security issues and the increased risks resulting from the huge shift to remote working for 100,000s businesses across the UK and the world. In the studio today we are delighted to have Kingsley Hayes, Managing Director of Hayes Connor Solicitors based in Widnes, Cheshire. In this second episode, we are going to talk about Group Action lawsuits, what they are, how they operate and the British Airways case. For anyone who wants to join the BA data breach action if they have been affected - the link is here. If you missed it, Kingsley and I discussed COVID19 and the impact on Data Protection in Episode 17. GDPR Now! Is brought to you by Data Protection 4 Business &

Welcome to another episode of GDPR Now, a podcast dedicated to data protection and all things data security and data privacy. This week’s episode is COVID 19 and the impact on Data Protection. Regular listeners will have already heard our episodes on what DPOs need to know about cyber security, for those that missed them, they are episodes 7 & 15. Today, we start a series of podcasts addressing concerns resulting from the coronavirus pandemic and the shift in working practises for 100,000s businesses across the UK and the world. In the studio today we are delighted to have Kingsley Hayes, Managing Director of Hayes Connor Solicitors based in Widnes, Cheshire. In this first of two episodes, we are going to talk about Covid 19 and the impact on data protection. In our second episode, Kingsley and I will be discussing data breach Group Action law suits in general, and the BA action in particular. We cover the reputational and financial risks businesses need to be aware of when Group Actions, are fi

On the day after Data Protection Day (or Privacy Day, depending on whether you are tomato or tomato) we take a look at privacy enhancing technologies - how to control, restrict and eliminate your personal data footprint (if that’s what you want to do). This podcast will be invaluable for privacy professionals that want to know what PETs are available and for consumers that would like to have greater control of their digital profiles. GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest/s Abigail Dubiniecki Data Protection Specialist My Inhouse Lawyer https://www.linkedin.com/in/abigaild/ Host Mark Sherwood-Edwards info@thisisdpo.co.uk Materials Competition and Markets Authority (UK competition regulator) report on digital advertising https://www.gov.uk/government/news/cma-lifts-the-lid-on-digital-giants Links to PETs (Privacy Enhancing Tech) and resources mentioned in the podcast (and more!) Disclaimer – not endorsing any PET in particular, just sharing info. Want a pretty version

Cyber security is an area of key concern for any DPO or privacy professional. Having looked at people and training issues in episode 7, this episode focuses on the key physical issues: physical and technical access controls, network design considerations, default deny and least privilege, separation of duties and working in key areas. GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest/s Andy Larkum CEO of ADL Consulting https://adlconsulting.co.uk andy@adlconsulting.co.uk Host Mark Sherwood-Edwards info@thisisdpo.co.uk Materials You can try ADL Consulting’s "Introduction to Cyber Security" module for free here: https://adlconsulting.teachable.com/p/an-introduction-to-cyber-security From previous episode on cyber security Cyber Essentials self-assessment questionnaire: https://adlconsulting.co.uk/getting-help-cyber-essentials - see heading "What's Involved" ISO 27001 https://adlconsulting.co.uk/iso27001-consultancy Training: https://adlconsulting.co.uk/staff-training https://adlco

Privacy By Design is one of the key elements of good data protection, and is made mandatory by Article 25 of the GDPR. But what does PbD mean in practice? In this podcast, we look at the key elements of PbD, discuss some actual use cases, and examine how to apply PbD on the ground. GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest Sam Bouso, Founder and CEO of Precognitive Inc., sbouso@precognitive.io https://precognitive.com/ Host Mark Sherwood-Edwards info@thisisdpo.co.uk Materials Recommended By Sam Bouso Article “Privacy By Design Is Important For Every Area Of Your Business” is a good general intro Book “The Ultimate GDPR Practitioner Guide: Demystifying Privacy & Data Protection” Especially Chapter 11 which has solid examples and areas of focus for those trying to implement PbD. Ann Cavoukian’s 7 principles of PbD Proactive not reactive; preventive not remedial The privacy by design approach is characterized by proactive rather than reactive measures. It anticipate

What are the building blocks of good data protection governance? In this broad-ranging discussion, we talk to James Leaton Gray about his assessment of current data protection in the UK, what it takes to run a good data protection regime, different target operating models, how different parts of the business need to work together, the evolving role of the DPO, privacy and privsec, common mistakes and – critically – how move the data protection regime up the value chain. Plus the opportunities open to organisations that manage to establish a relationship of trust with their data subjects. GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest James Leaton Gray, Director of The Privacy Practice. http://www.privacypractice.co.uk/ Email: jlg@leatongray.com Telephone: +44 7740 818036 Host Mark Sherwood-Edwards info@thisisdpo.co.uk Materials None relevant Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podca

What do UK companies need to do if the UK crashes out of the EU? This podcast discusses the privacy implications for UK companies after October 31st and what they should be doing – now – to prepare for a hard Brexit. At the time this podcast was recorded, a hard Brexit is scheduled for October 31st GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest Oana Dolea GDPR Practice Lead, D2 Legal Technology Email: oana.dolea@d2legaltech.com Website: www.d2legaltech.com D2 Legal Technology LLP Level 39 One Canada Square London E14 5AB Telephone: +44 737 747 2019 Host Mark Sherwood-Edwards info@thisisdpo.co.uk Materials The Data Protection Implications of a 'No-Deal Brexit', Douwe Korff https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3441617 EDPB Information note on data transfers under the GDPR in the event of a no-deal Brexit https://edpb.europa.eu/sites/edpb/files/files/file1/edpb-2019-02-12-infonote-nodeal-brexit_en.pdf EDPB view on Article 49 derogations https://edpb.europa.eu/ou

Managing consent for cookies has become a key issue. In this two-parter, we look at what the regulators (and in particular the UK ICO) require in relation to cookies (Part 1) and then – in an industry first - review three industry leading consent management tools: Cookie Control, Cookiebot, and Cookie Pro (Part 2). GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest Karen Heaton Director, Data Protection 4 Business karen.heaton@dpo4business.co.uk www.dpo4business.co.uk Host Mark Sherwood-Edwards info@thisisdpo.co.uk Corrections & Clarifications Cookie Control from Civic UK: -Cookie Control supports an unlimited number of categories. The categories can be updated/added at any point. -Cookie Control allows the user to define the time period that the consent is valid for. Also Cookie Control can be configured to request user consent if there is a change in the privacy policy of the website. -All Cookie Control Licences have no page limits including the free one. The Pro version

Managing consent for cookies has become a key issue. In this two-parter, we look at what the regulators (and in particular the UK ICO) require in relation to cookies (Part 1) and then – in an industry first - review three industry leading consent management tools: Cookie Control, Cookiebot, and Cookie Pro (Part 2). GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest Karen Heaton Director, Data Protection 4 Business karen.heaton@dpo4business.co.uk www.dpo4business.co.uk Host Mark Sherwood-Edwards info@thisisdpo.co.uk Corrections & Clarifications Cookie Control from Civic UK -Cookie Control supports an unlimited number of categories. The categories can be updated/added at any point. -Cookie Control allows the user to define the time period that the consent is valid for. Also Cookie Control can be configured to request user consent if there is a change in the privacy policy of the website. -All Cookie Control Licences have no page limits including the free one. The Pro version s

In the Fashion ID case, the European Court of Justice decides that website owners are now joint controllers with the provider of the third-party cookie, and that website owners are responsible for issuing the privacy notices for third party cookies and for collecting any consents that are required. And, to make things a bit more complicated, the ECJ comes up with a new approach to analysing the data journey and who is the controller! All this and more in this episode of GDPR Now! GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Host Mark Sherwood-Edwards info@thisisdpo.co.uk Materials You can try ADL Consulting’s "Introduction to Cyber Security" module for free here: https://adlconsulting.teachable.com/p/an-introduction-to-cyber-security Fashion ID ECJ Judgement: http://curia.europa.eu/juris/document/document.jsf;jsessionid=CF6549B82743BAC9782DB7D41AD478DF?text=&docid=216555&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=14417748 Advocate Gen

Cyber security for DPOs. Cyber security isn’t usually the primary responsibility of the DPO, but you can’t be an effective DPO if you don’t understand the security regime in your organisation and the trade-offs behind them. In this episode, we look at cyber security: what does it really consist of? how best to think about it? and what are the most common areas of vulnerability? GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest/s Andy Larkum CEO of ADL Consulting https://adlconsulting.co.uk andy@adlconsulting.co.uk Host Mark Sherwood-Edwards info@thisisdpo.co.uk Materials Breaking News! You can try ADL Consulting’s "Introduction to Cyber Security" module for free here: https://adlconsulting.teachable.com/p/an-introduction-to-cyber-security Cyber Essentials self-assessment questionnaire: https://adlconsulting.co.uk/getting-help-cyber-essentials - see heading "What's Involved" ISO 27001 https://adlconsulting.co.uk/iso27001-consultancy Training: https://adlconsulting.co.uk/staff-tr

About this episode. Cyber insurance is key to managing data protection risks. In this episode, we take a look at how cyber insurance works, what risks it covers, and how best to buy it. GDPR Now! Is brought to you by This Is DPO. www.thisisdpo.co.uk. Guest/s Richard Spragg Richard.spragg@rfib.co.uk www.rfib.co.uk Host Mark Sherwood-Edwards info@thisisdpo.co.uk Materials 2018 Cost of a Data Breach Study: Global Overview Ponemon Institute www.ibm.com/security/data-breach On breach and planning for breach, see also: https://thisisdpo.co.uk/2019/02/04/preparing-to-deal-with-a-data-breach-the-role-of-the-dpo/ Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.ukSpecial Guest: Richard Spragg.

GDPR Now! is brought to you by This is DPO, www,thisisdpo.co.uk. *Cookies and the GDPR– ICO v CNIL. * About this episode: Both the UK’s ICO and France’s CNIL have issued updated guidance on cookies. You would have thought that this is all old stuff, but the ICO’s paper comes hot on its Adtech paper where it stated that the UK industry does not understand the rules around cookies, nor the interrelationship between cookies and the GDPR. In this podcast, we take a look at the eprivacy directive and see to what extent it makes sense and can be reconciled with the GDPR. There are some surprises as it turns out that the CNIL has invented a new legal type of cookie. This podcast is essential listening for anyone who wants to use cookies, whether first party or third party. Host: Mark Sherwood-Edwards of This Is DPO. www.thisisdpo.co.uk Email: mse@thisisdpo.co.uk Telephone: 07748 761972 Material referred to: Here’s the important paragraph from the ICO’s Guidance on the use of cookies and similar technologie

GDPR Now! brought to you by This is DPO. www. thisisdpo.co.uk Disproportionate, intrusive and unfair – the ICO report on ad tech and real time bidding – Part 2. This is part 2 of a two-parter. About this episode: In its recent paper, Update report into adtech and real time bidding, the ICO has set out a biting criticism of how real time bidding (RTB) currently operates in the UK. The phrase disproportionate, intrusive and unfair occurs three times, and intrusive on its own is used an additional three times. The paper is not intended as formal guidance, but it gives a clear sense of direction. The ICO also adds that the issues it raises in this paper are not the only concerns it has with programmatic advertising. Although the ICO has stated that it will take another six months to investigate further, it is already clear that the ICO will intervene. The ICO’s paper, and its forthcoming intervention, are likely to have a substantial impact in the programmatic industry in the EU and the US. It is no exag

GDPR Now! brought to you by This is DPO. Disproportionate, intrusive and unfair – the ICO report on ad tech and real time bidding (Part 1). This episode is Part 1 of two parts. About this episode: In its recent paper, Update report into adtech and real time bidding, the ICO has set out a biting criticism of how real time bidding (RTB) currently operates in the UK. The phrase disproportionate, intrusive and unfair occurs three times, and intrusive on its own is used an additional three times. The paper is not intended as formal guidance, but it gives a clear sense of direction. The ICO also adds that the issues it raises in this paper are not the only concerns it has with programmatic advertising. Although the ICO has stated that it will take another six months to investigate further, it is already clear that the ICO will intervene. The ICO’s paper, and its forthcoming intervention, are likely to have a substantial impact in the programmatic industry in the EU and the US. It is no exaggeration to say

GDPR Now! brought to you by This is DPO. Subject access requests, personal data and the case of Rudd v Bridle with Ashley Winton and Laura Scaife. About this episode: Dr Rudd served a subject access request on Mr Bridle, and was not satisfied with the information he received back. Amongst allegations of fraud and conspiracy, the issue went to court. Who was the controller, and did the journalism and regulatory exemptions apply? One of the key issues was – what is personal data? The judge reached a conclusion, but was he right? Guests: Ashley Winton, McDermott, Will & Emery London: +44 20 7577 6939 https://www.mwe.com/people/winton-ashley/ Dr. Laura Scaife, McDermott, Will & Emery London: +44 20 7577 6934 https://www.mwe.com/people/dr-laura-scaife/ http://www.privacypractice.co.uk/ Host: Mark Sherwood-Edwards of This Is DPO. www.thisisdpo.co.uk Email: mse@thisisdpo.co.uk Telephone: 07748 761972 Material referred to: Rudd v Bridle https://www.bailii.org/ew/cases/EWHC/QB/2019/893.html. For a

GDPR Now! brought to you by This is DPO. Episode 1 – GDPR One Year On. About this episode: One year on, what’s GDPR looking like inside most companies. Is an ongoing thing, or is privacy a one-off? What’s the most effective form of governance, and what’s the role of DPOs in that mix? Plus lots of related issues. Guest: James Leaton Gray, Director of The Privacy Practice. http://www.privacypractice.co.uk/ Email: jlg@leatongray.com Telephone: +44 7740 818036 Host: Mark Sherwood-Edwards of This Is DPO. www.thisisdpo.co.uk Email: mse@thisisdpo.co.uk Telephone: +44 7748 761972 Material referred to: Tim Berners Lee’s company www.inrupt.com https://www.wired.co.uk/article/inrupt-tim-berners-lee The Furman report The Economic Value of Data: Discussion Paper, HM Treasury, August 2018, and Unlocking Digital Competition: Report of the Digital Competition Expert Panel March 2019. https://www.gov.uk/government/publications/unlocking-digital-competition-report-of-the-digital-competition-expert-panel Contact deta