Life with GDPR

A Compliance Roadmap for ADS/ADMT - Part 2: Understanding Opt-In and Opt-Out Requirements

Tue, 14 Oct 2025 04:00:00 -0000

Welcome to a special series on Life with GDPR. Over the next five episodes, Tom Fox and Alyssa DeSimone, a legal/compliance & risk management expert, with an extensive background in HR, will discuss the complex topic of a Compliance Roadmap for ADS/ADMT.

In this second episode, Tom Fox and Alyssa DeSimone review the opt-in and opt-out requirements introduced in the recent updates to the California Consumer Privacy Act (CCPA). They discuss what opting in and out entails, the concept of anti-retaliation in this context, and how disparate impact analysis can help regulators assess compliance. Additionally, they explore the importance of clear communication and training for HR departments on the use of AI in hiring, as well as the role of vendors in ensuring compliance. The episode wraps up with a discussion on the ambiguous term 'significant decision making' and its potential for litigation.

Key highlights:

Understanding Opt-In and Opt-Out Requirements
Anti-Retaliation Measures
Disparate Impact Analysis
Applicant Rights and Training
Vendor Collaboration and Compliance
Significant Decision Making

Resources:

Connect with Tom Fox

Connect with Alyssa DeSimone

Life with GDPR was recently honored as a Top Data Security Podcast

Learn more about your ad choices. Visit megaphone.fm/adchoices

A Compliance Roadmap for ADS/ADMT - Part 1: Introduction & Jurisdiction

Mon, 13 Oct 2025 10:23:00 -0000

Welcome to a special series on Life with GDPR. Over the next five episodes, Tom Fox and Alyssa DeSimone, a legal/compliance & risk management expert with an extensive background in HR, will discuss the complex topic of a Compliance Roadmap for ADS/ADMT.

In this first episode, we break down the essentials of ADS/ADMT, focusing on who is covered, the nuances of jurisdiction, and the broader business implications of evolving employment laws. ADS is an automated decision system, and ADMT is an automated decision-making technology. Whether you are an HR professional, compliance professional, or legal eagle, this discussion will help you navigate the complexities of compliance in a changing legal landscape.

Key highlights:

What is ADS/ADMT?
Applies to 5+ employees (including part-time/out-of-state).
Coverage limits for out-of-state conduct.
Jurisdiction can reach beyond California.
Risk mitigation tips for businesses.

Resources:

Connect with Tom Fox

Connect with Alyssa DeSimone

Website

Life with GDPR was recently honored as a Top Data Security Podcast

Learn more about your ad choices. Visit megaphone.fm/adchoices

Endpoint Security and Data Protection: Uncovering the Hidden Compliance Risks in Printer Security with Jim LaRoe

Thu, 09 Oct 2025 04:00:00 -0000

Jonathan Armstrong remains on assignment. Today, Tom Fox visits with fellow Texan Jim LaRoe, CEO of Symphion, to discuss data privacy, data protection, and compliance related to printer security in one of the most interesting podcasts Tom has done in some time.

Jim provides insight into how 20-30% of network endpoints are printers, and alarmingly, 99% of these are unprotected. Printers, despite being integral to business functions, are typically left vulnerable, making them prime targets for sophisticated phishing and cyber-attacks. Jim shares his journey from a trial lawyer to founding Symphion in 1999 and explains Symphion’s groundbreaking work in developing comprehensive security software for printers. Jim highlights the importance of a culture of compliance in managing endpoint security and the multifaceted challenges that come with securing printers. He emphasizes the collaborative effort needed among GRC compliance teams, IT, and supply chain departments to manage printer security effectively, and offers actionable steps for businesses to mitigate these risks.

Learn more about your ad choices. Visit megaphone.fm/adchoices

From IT to Total Compliance Tracking with Adam Goslin

Thu, 02 Oct 2025 04:00:00 -0000

Jonathan Armstrong remains on assignment. Today, Tom visits with Adam Goslin, founder of Total Compliance Tracking, to discuss his journey from IT development and management to becoming a leader in the security and compliance sector.

Adam shares his professional background, the challenges he faced with achieving PCI compliance, and the insights that led him to create a system to streamline compliance management. He details how his company, TCT, helps organizations efficiently manage various certifications and compliance standards. Adam also discusses the unique, direct marketing approach TCT employs and shares the philosophy behind providing accessible compliance resources. This conversation offers valuable insights into the importance of pragmatic, user-friendly compliance solutions.

Key takeaways:

Adam Goslin’s Professional Journey
Founding Total Compliance Tracking
Marketing Strategy and Philosophy
Future of TCT and Industry Insights

Resources:

Connect with Tom Fox

Connect with Adam Goslin

Connect with Total Compliance Tracking

Life with GDPR was recently honored as a Top Data Security Podcast.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Navigating GDPR in Global Outsourcing with Inge Zwick

Thu, 24 Jul 2025 04:00:00 -0000

Tom Fox takes a solo turn as Jonathan Armstrong is on assignment. Today, Tom visits with Inge Zwick, Executive Director, Head of Europe, and ESG Lead at Emapta Global, a global outsourcing company.

They discuss the company’s operations, with a particular focus on managing GDPR compliance within the outsourcing framework. They also discuss common misconceptions about outsourcing under the GDPR, risk assessment processes, handling data subject access requests, and integrating compliance into business operations. Zwick also shares insights into how EMAPTA collaborates with clients to ensure compliance and offers advice to business leaders on future-proofing their outsourcing strategies in light of GDPR requirements. Additionally, the discussion explores the integration of ESG initiatives within the company’s operations.

Key takeaways:

Outsourcing and GDPR Compliance
Risk Assessment and Data Security
Subject Access Requests (SAR)
Outsourcing Contracts and GDPR Obligations
Integrating Compliance into Operations

Resources:

Connect with Tom Fox

Connect with Inge Zwick

Connect with Emapta Global

Life with GDPR was recently honored as a Top Data Security Podcast.

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI in Recruitment: Navigating GDPR Compliance and Challenges

Thu, 10 Apr 2025 05:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned cybersecurity experts, co-host the award-winning Life with GDPR. This episode explores the complex intersection of AI and recruitment, focusing on compliance challenges under GDPR and potential risks.

Jonathan highlights that AI is often more prevalent in recruitment processes than many compliance officers realize, often through third-party vendors. He discusses the regulatory landscape in the UK and EU, sharing insights on recent cases related to automated decision-making and the transparency required for such systems. Jonathan offers a seven-point plan for organizations that use or are considering using AI in recruitment, covering provider selection, due diligence, transparency obligations, and mechanisms for handling data subject requests. The conversation underscores the need for proactive engagement between data protection officers, compliance teams, and recruiters to ensure that AI tools are used responsibly and transparently.

Key takeaways:

AI in Recruitment: An Overview
Legal and Ethical Concerns
Transparency and Fairness in AI Decisions
Practical Steps for Companies
Future of AI in Recruitment

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Life with GDPR was recently honored as a Top Data Security Podcast.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cookie Compliance

Thu, 27 Mar 2025 05:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they discuss Cookie Compliance Under GDPR.

Their discussion highlights the increasing enforcement actions surrounding website cookies, emphasizing that this is a data protection issue and a broader compliance challenge. Specific case studies, such as the Dutch regulator’s fine against Pool Blue and fines in other EU countries, illustrate the significant financial penalties companies can face for non-compliance. Jonathan outlines an eight-point plan to help organizations ensure their cookie practices are current, including regular checks, proper configuration of cookie banners, and transparency about data retention periods.

The episode also touches on the role of third-party cookies, potential litigation, and regulatory actions. Compliance with cookie regulations is becoming increasingly important, with groups like NOYB driving many complaints and regulatory bodies across Europe ramping up enforcement efforts. Listeners are encouraged to assess their cookie practices and make necessary adjustments to avoid fines and maintain compliance.

Key takeaways:

The Rise of Cookie Enforcement
Global Fines and Consequences
Practical Compliance Tips
Challenges with Cookie Banners
Understanding Your Own Cookies
Guidelines for Cookie Retention

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Life with GDPR was recently honored as a Top Data Security Podcast.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Navigating CCO and CISO Liability Trends

Thu, 06 Feb 2025 13:15:00 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. This episode discusses the complex topic of liability for the Chief Compliance Officer (CCO) and Chief Information Security Officer (CISO).

Tom and Jonathan begin by examining notable cases like Joe Sullivan, the former CISO at Uber, who faced prosecution for mishandling a ransomware threat. They also cover other significant cases like Carlos Abarca from TSB Bank and Tim Brown from SolarWinds, highlighting the increasing trend towards personal liability among high-ranking compliance and security officers. Jonathan points out that prosecutors and legislators focus more on individual accountability, driven by the belief that this approach will encourage others to adhere to standards more rigorously. They explore the implications of misleading LinkedIn profiles and the importance of thorough due diligence when taking on new roles. The episode provides practical advice for C-suite executives to protect themselves, including negotiating indemnity clauses and ensuring accurate job descriptions.

Key takeaways:

Chief Compliance Officer Liability Overview
Case Studies: Joe Sullivan and Uber, Carlos Barker and TSB Bank and Tim Brown and SolarWinds
Legislation and Trends in Personal Liability
SEC Formula for CCO Liability

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Life with GDPR was recently honored as a Top Data Security Podcast

Learn more about your ad choices. Visit megaphone.fm/adchoices

Navigating the EU AI Act

Thu, 09 Jan 2025 06:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. In this episode, they discuss a pressing deadline for compliance officers: the February 2nd enforcement of the EU AI Act’s prohibitions on unacceptable AI risk.

Tom and Jonathan look at the phased implementation of this complex legislation, detailing the obligations of businesses using AI in their EU operations. Jonathan emphasizes the importance of identifying ‘shadow AI’ within organizations, from HR recruitment tools to consumer applications, and the substantial penalties for non-compliance, which can reach up to $35 million or 7% of global annual revenue. They also cover a practical five-step plan to help companies move towards compliance, involving board awareness, an AI inventory, assessment of AI tools, contract reviews, and transparency measures. Tune in to understand the nuances of this legislation and how to prepare your organization before the rapidly approaching deadline.

Key takeaways:

Understanding the EU AI Act
Prohibited AI Applications
Corporate and Personal Liability
Steps to Compliance

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Learn more about your ad choices. Visit megaphone.fm/adchoices

Understanding the UK’s Failure to Prevent Fraud

Thu, 21 Nov 2024 06:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. This episode delves into the UK’s Failure to Prevent Fraud guidance.

The podcast spans the initial implications and conflicts these new provisions present, especially in the context of GDPR and compliance with bribery investigations. Jonathan explains the concept of ‘failure to prevent fraud,’ drawing parallels with the 2010 UK Bribery Act, and outlines six key principles organizations must adhere to to demonstrate compliance. Additionally, the episode delves into specific steps compliance professionals should take before the new provisions come into force by July 2025, including gap analysis, policy updating, training, and more.

Key takeaways:

Failure to Prevent Bribery and Fraud
New Legislation and Its Implications
Reasonable Procedures Under the Failure to Prevent Fraud Act
Comparing Fraud and Bribery Compliance
Steps for Compliance Professionals

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI Regulation in The EU

Thu, 15 Aug 2024 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR.

In this episode, we delve into the complex provisions of the new EU AI Act, exploring its global effects and extraterritorial implications similar to the GDPR.

Tom, Jonathan and a few friends discuss the multifaceted regulatory framework, which combines elements from EU antitrust law, GDPR, and EU medical device rules, and highlight the need for transparency and compliance for AI developers and corporations using AI. We also address enforcement timelines, the importance of an AI inventory, and practical steps for compliance officers to ensure adherence to the new regulations.

Key Takeaways:

Overview of the EU AI Act
Enforcement and Compliance
Corporate Responsibilities and Compliance Strategies
Enforcement Mechanisms and Penalties
Practical Steps for Organizations
Challenges and Governance

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Learn more about your ad choices. Visit megaphone.fm/adchoices

What Does The UK Election Mean for Compliance?

Thu, 11 Jul 2024 05:00:00 -0000

Tom Fox and Jonathan Armstrong, a renowned expert in cybersecurity, co-host the award-winning “Life with GDPR.” Jonathan has returned from his hiatus, and in this episode, we examine the UK election results and their potential impact on compliance.

The recent UK election has significant implications for compliance, particularly concerning the dynamics between the UK’s Serious Fraud Office (SFO) and the new government. Jonathan Armstrong, an expert on bribery enforcement, anticipates that the new administration under Keir Starmer will focus on high-profile issues like the PPE scandal while maintaining robust enforcement actions, including dawn raids.

Armstrong and Fox bring deep insights into the potential compliance landscape, shaped by their extensive backgrounds: Armstrong’s expertise in corruption investigations and Fox’s experience with the criminal justice system.

Fox highlights the impact of the new Prime Minister’s legal background in bolstering enforcement efforts and contemplates the future governance of AI under this administration. Both experts foresee a political shift, with Armstrong expecting the Conservative Party to lean rightward yet occupy the political center, and Fox emphasizing the continuity and experience the new government brings to compliance and enforcement issues.

Key Takeaways:

Heightened Bribery Enforcement Under New Government
Russian Sanctions and Uighur Import Regulations
Data Protection Bill Changes Post-UK Election
UK’s New Administration Faces Challenges and Changes
Center-Ground Positioning in UK Politics

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Learn more about your ad choices. Visit megaphone.fm/adchoices

Karen Moore on The EU, Corporate Sustainability Due Diligence Directive

Thu, 18 Apr 2024 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. Jonathan is on a short hiatus and in this episode, we have a special guest, Karen Moore who discusses the EU’s Corporate Sustainability-Due Diligence Directive.

Karen Moore is a well-versed professional in the area of impact assessments and due diligence, with a particular focus on human rights and environmental issues to prevent and address potential harm. Her perspective, shaped by her extensive experience, is that impact assessments and due diligence are key indicators of a corporation’s commitment to preserving the environment and upholding human rights.

Moore emphasizes the importance of these processes not only within a company’s own activities, but also within those of its suppliers and indirect suppliers. She stresses the need for a robust due diligence process, including tracking progress, publishing annual statements, implementing complaints procedures, and involving all employees.

Additionally, she highlights the challenges of managing these processes, such as complex questionnaires for third-party suppliers and the need for streamlined assessments. She believes in a proactive approach to corporate responsibility, going beyond regulatory requirements to foster sustainable practices and ethical decision-making.

Key Takeaways:

Ethical and Sustainable Business Practices Compliance Guidelines
Ethical Evaluation for Data Privacy Compliance in the US
Ethical Data Handling for GDPR Compliance
Ethical Business Practices in Supply Chains

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Connect with Karen Moore

Learn more about your ad choices. Visit megaphone.fm/adchoices

NIS2 Balancing Obligations and Challenges for Compliance

Thu, 28 Mar 2024 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. Today we consider the NIS2 Directive, which is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.

Cybersecurity regulations are reshaping the landscape, demanding swift action and accountability from organizations and individuals. The NIS2 Directive tightens reporting deadlines, putting pressure on organizations to comply with cybersecurity incidents. This means that organizations need to be prepared to act quickly and efficiently in the event of a cyber incident to avoid penalties and maintain trust with their stakeholders. Management faces increased personal liability under the NIS 2 Directive, highlighting the need for proactive cybersecurity measures. This emphasizes the importance of implementing strong cybersecurity protocols and staying ahead of potential threats to protect both the organization and individual leaders from legal and financial repercussions.

Regulatory bodies advocate for a shift towards prevention in cybersecurity to combat rising cyber threats. This shift in focus underscores the importance of investing in proactive cybersecurity measures rather than simply reacting to incidents after they occur, ultimately leading to a more secure and resilient digital environment. Join Tom Fox and Jonathan Armstrong as they delve deeper into this topic on this episode of the Life with GDPR podcast.

Key Takeaways:

NIS Two Directive: Stricter Reporting and Jurisdiction
NIS Two Directive: Management’s Cybersecurity Liability
Operational Resilience: Proactive Cybersecurity Measures

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Twitter

Learn more about your ad choices. Visit megaphone.fm/adchoices

Solar Winds and Your Mother - Tell The Truth

Thu, 08 Feb 2024 05:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they look at the continued fallout from the Solar Winds data breach.

In the complex world of data protection, the General Data Protection Regulation (GDPR) has placed a spotlight on the importance of transparency, honesty, and corporate responsibility. Experts Tom Fox and Jonathan Armstrong bring their unique perspectives to this topic, shaped by their extensive experience in compliance and data protection. Fox emphasizes the potential legal consequences for corporate leaders who fail to disclose vulnerabilities or engage in dishonest practices, while Armstrong highlights the increasing pressure on individuals and corporations to disclose data breaches, with regulators focusing more on individual liability. Both stress the importance of transparency, the potential for litigation, and the role of whistleblowers.

Join Fox and Armstrong as they delve deeper into these issues on this episode of the Life with GDPR podcast.

Key Takeaways:

The Importance of Truthfulness in GDPR
The Importance of Transparency in Data Breaches
Legal risks in data breaches and cybersecurity
The Impact of Budget Constraints on Vulnerability Fixes

Resources:

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here. Check out the Cordery Data Breach Academy here.

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Critical Perspectives on Big Law Firm Cybersecurity

Thu, 25 Jan 2024 05:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they look at a breach of a big law.

In the wake of a recent spearphishing attack and data breach at a UK law firm, the legal community is abuzz with discussions on the responsibility of lawyers to prevent such attacks. Tom Fox, known for his critical perspective on big law firms, highlights the mistakes made by the firm in question, emphasizing the increasing concern over cyber-attacks targeting law firms and the need for timely reporting to regulatory authorities. Jonathan Armstrong, on the other hand, underscores the importance of proactive cybersecurity measures and timely reporting, commending the firm for taking immediate action but criticizing the delay in reporting the breach. Both Fox and Armstrong bring their unique perspectives shaped by their experiences in the field. Join them on this episode of the Life with GDPR podcast as they delve deeper into this topic.

Key Takeaways:

A spearphishing Attack Leads to Data Breach
Cybersecurity Measures for Law Firms
The Power of Dedicated Data Protection Training

Resources:

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here.

Also, check out the GDPR Navigator, one of the top resources for GDPR compliance, by clicking here. Check out the Cordery Data Breach Academy here.

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Lessons Learned from The Singtel Opus Data Breach

Thu, 16 Nov 2023 05:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they look at litigation over a data breach against Singtel Opus in Australia and the fallout from an investigation report.

The recent data breach at Intel Optus, affecting 1.2 million individuals, has brought to light the critical role of strategic communication in managing cybersecurity breaches. Tom and Jonathan Armstrong, offer their unique perspectives on this issue. Fox emphasizes the inevitability of cybersecurity breaches and the need for a comprehensive strategy, including effective communication, to manage them. He warns against the potential consequences of mishandling communication during a breach, such as jeopardizing insurance coverage.

Armstrong highlights the complexity of maintaining privilege in a global corporate structure and the importance of careful language to avoid invalidating insurance or causing unnecessary speculation. He also underscores the need for a holistic approach to cybersecurity, encompassing prevention, detection, remediation, and crisis communication. Join Tom Fox and Jonathan Armstrong as they delve deeper into this topic in the latest Life with GDPR podcast episode.

Key Takeaways:

Implications of Language in Data Breach Reporting
Navigating CEO Communication and Insurance Coverage
Navigating Insurance Coverage in Data Breaches

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go to their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here. Check out the Cordery Data Breach Academy here.

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Hidden Dangers of CEO Behavior: Patterns and Consequences

Thu, 02 Nov 2023 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. We take things in a different direction today as we discuss the somewhat lurid allegations around former Abercrombie & Fitch CEO Mike Jeffries. This matter illustrates the need for robust background checks and support of those who bring forward complaints against top management.

The topic of CEO risk, specifically the importance of accountability and investigations in corporate compliance, is a critical issue in today’s business world. It explores the potential dangers CEOs can pose to corporations and the necessity of holding them accountable for compliance initiatives. Tom Fox, a renowned compliance expert, emphasizes the importance of conducting thorough due diligence on individuals, particularly at the senior executive level, to mitigate risks. He believes that behavior patterns often exist before public scandals occur and that it is crucial to identify these patterns through deep investigations. On the other hand, Jonathan Armstrong highlights the challenge of pushing compliance up the organization and the need for thorough due diligence when hiring senior executives. He also stresses the importance of accountability and investigations in addressing misconduct allegations, even if they are historic. Join Tom Fox and Jonathan Armstrong as they delve deeper into this topic on this episode of the Life with GDPR podcast.

Key Takeaways:

CEO Accountability and Risk Exposure
Allegations of Sex Trafficking and Abuse
The Significance of Investigating Past Misconduct

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Connect with Tom Fox

● LinkedIn

● Twitter

● YouTube

● Facebook

● Instagram

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

WhatsApp Breach: Hospital's GDPR Failures Exposed

Thu, 14 Sep 2023 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. The recent controversy surrounding Nigel Farage’s banking situation highlights the risks and compliance challenges faced by the banking industry in relation to data protection. In this episode, Tom and Jonathan discuss a data breach in a Scottish hospital during the COVID-19 pandemic.

The breach occurred when hospital staff shared patient details on WhatsApp, raising concerns about GDPR compliance. The hospital informed the ICO about the breach but chose not to notify affected patients, highlighting the need for appropriate advice and support when making such decisions. The conversation also explores communication challenges in internal investigations and the privacy and security risks of platforms like WhatsApp. It emphasizes the importance of organizations adapting to the preferences of digital native employees and conducting data protection impact assessments. The podcast also highlights the importance of effective policies, training, and proactive phishing training to prevent cyber-attacks and protect sensitive information.

Key Takeaways:

· Data breach in Scottish hospital

· The Challenges of Communication in Internal Investigations

· Importance of Policies and Training

· Phishing Training Effectiveness

Resources:

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Exposed: The Shocking PSNI Data Release

Thu, 31 Aug 2023 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. In this episode, Tom and Jonathan discuss a troubling inadvertent data release by the Police Service of Northern Ireland (PSNI).

The release occurred when a document containing sensitive information about PSNI employees was mistakenly uploaded to a public site, putting officers at risk. The document, inadvertently released based upon a valid FOIA request, wrongfully included the names, ranks, locations, and even surveillance and intelligence details from the Northern Ireland constabulary. This inadvertent release highlights how the bypassing of security checks the caused the breach, emphasizing the real-world impact of data breaches on individuals. Tom and Jonathan also discuss the use of spreadsheets in data breaches and express frustration with the lack of attention given to these incidents. Overall, the conversation stresses the importance of data protection and compliance, and the urgent need for improved measures to address this issue.

Key Takeaways:

· Data release at PSNI

· Data release implications

· Regulator's Call for Improved Data Protection

· Spreadsheets are evil

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Farage's Account Closure & the Risks of Data Breach

Thu, 17 Aug 2023 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. The recent controversy surrounding Nigel Farage's banking situation highlights the risks and compliance challenges faced by the banking industry in relation to data protection.

In this episode, Tom and Jonathan discuss the closure of Farage's bank account with Coutts, a high-end bank owned by NatWest, and the potential data breach that ensued. They discuss the risks of internal emails being exposed through subject access requests (SARs) and emphasize the importance of caution in email communication. The conversation also explores the cost and consequences of non-compliance with GDPR obligations, particularly in relation to SARs. The potential legal implications for banks that violate their own policies or delete data that should be provided in response to a SAR are highlighted. Overall, the episode underscores the need for banks to prioritize data protection, compliance, and proper decision-making in the financial industry.

Key Takeaways:

· Nigel Farage's Banking Controversy

· Data Protection Risks in Banking

· The Cost and Consequences of Subject Access Requests

· Serious concerns about data protection and access to banking

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Joe Sullivan Sentence

Thu, 22 Jun 2023 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. Matt Kelly and Jonathan Marks join Tom and Jonathan Armstrong on this episode, as they explore the case of former Uber CISO Joe Sullivan and the lessons compliance officers can learn from his lenient sentence. From growing trends of personal accountability to conflict of interests, the hosts provide six tips for chief compliance officers to protect themselves, including rehearsing responses and seeking external advice when necessary. This eye-opening episode also delves into the challenges faced by compliance officers in situations like Etsy's ransomware scheme and how they must be cautious with threat actors' demands. Don't miss out on this insightful episode that will leave you questioning whether Sullivan was unfairly punished and whether executives' remuneration packages will receive greater scrutiny going forward. Tune in now to Life With GDPR.

Key Takeaways:

· The Joe Sullivan Uber Case and Lessons Learned

· Individual Liability in Corporate Malpractice

· Compensation and Conflicts of Interest

· The Challenges of Compliance Officers in Wrongdoing Incidents

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

$1 Billion Fine: Meta's GDPR Violation

Thu, 08 Jun 2023 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. In this episode, they discuss the recent billion-dollar fine imposed on Meta (formerly Facebook) for violating data protection laws. They break down the significance of this ruling which limits the use of standard contractual clauses and requires due diligence checks when transferring data from the EU to the US. Discover the consequences and potential appeal arguments of the European Court of Justice's ruling on data privacy. They delve into the challenges of harmonizing data protection authorities in the EU and how this affects corporations. Find out why the lack of consistency among regulators cannot be fixed overnight. Don't miss out on the engaging and informative discussion that can help organizations navigate the complex landscape of GDPR and data privacy. Tune in to "Life with GDPR" now!

Key Takeaways:

· Facebook fined $1 billion for data transfer

· Meta's GDPR Noncompliance and Data Transfer Suspension

· Irish Data Protection decision overruled by EDPB

· Challenging GDPR court order in Ireland

· Data Transfer from EU to US: Safe or Unsafe?

· GDPR differences in privacy enforcement

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Class Action Update

Thu, 25 May 2023 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. Join them in this episode as they discuss the recent court decision in the Austrian case and its implications on GDPR claims. Discover the guidelines for GDPR damage compensation, assessment of damages, liability provisions, and how businesses can make themselves more robust to avoid such claims. They also delve into the importance of acting quickly in the event of a breach and insurers’ sophistication in cyberattack policies. Tune in to learn more, and check out the article on the quarterly compliance website. Don’t miss out on their engaging conversation and valuable insights!

Key Takeaways:

Understanding GDPR compensation claims
Insurance Claims and Breach Response Strategy
Cyber insurance is becoming more selective in writing cover

Notable Quotes:

“I would say when you have a title like that, you get the attention of many class action lawyers.”

“Not every infringement of GDPR automatically gives rise to compensation.”

“The right to compensation under GDPR needs 3 things. Firstly, an infringement of GDPR; secondly, material damage resulting; and thirdly, a causal link between the damage and the infringement.”

“If you haven’t got the right team in place, Even on New Year’s Day or Christmas day, Easter or Passover or, you know, during fasting, then that’s your fault, not ours, and regulators are not forgiving.”

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Data Transfer Update

Thu, 11 May 2023 15:43:07 -0000

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. Join them in this episode as they delve into the hot-button issue of data transfers from the EU to the US. With potential new rulings looming, the replacement for privacy shield is said to be doomed to fail. The European data protection board is investigating complaints against Google and Facebook that could affect up to 95% of US corporations using Google Analytics! How can your organization comply with GDPR regulations while avoiding the nearly €3 billion in fines levied since 2018, including practical tips such as conducting compliance checks and due diligence? Don't miss the explosive potential of this episode and what it could mean for businesses around the world.

Key Takeaways:

· Data transfers from the EU to the US and privacy concerns

· Data Transfer Regulations & Compliance

· Data Protection Compliance for Business Websites

· Impending Large GDPR Fine

Notable Quotes:

"It is not going to get any easier anytime soon, unfortunately."

"This case is likely to affect, I think, 95% of corporate America."

"Regulators definitely have an appetite to investigate this."

"I expect that the find that I'm hearing rumors of will tip us over the €300MM level."

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

DPO Update

Thu, 23 Mar 2023 04:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, host the award-winning Life with GDPR. In this episode, Tom and Jonathan discuss the role of the Data Protection Officer (DPO) in light of GDPR - an important requirement outlined in Article 37. They discuss how the European Court of Justice views the role, how Germany had a DPO system in place prior to GDPR and the fact that DPOs should be supported by their employer and protected against any potential conflicts of interests. They touch on the shortage of suitable DPOs due to the price and resource requirements of the role, as well as the example of a data protection authority showing up to an organization and finding a person who had been recently trained. Tune in to discover more key insights about the role of the DPO as you stay knowledgeable on GDPR compliance with Live with GDPR.

Key Takeaways:

European Court of Justice and the GDPR System [00:05:46]

DPO Roles and Responsibilities [00:10:50]

Data Protection Authority Visit to an Organization [00:15:26]

Notable Quotes:

1. “The Role of a DPO in simple terms is to sort of act as a sort of police officer to police the organization's handling of data.”

2. “If you look at GDPR article 37 5, it says that a data protection officer must be designated on the basis of professional qualities. In particular, expert knowledge of data protection law and practices, and there's a number of duties in Article 39 they have to be able to perform.”

3. “Regulators will expect to see competency. And it's probably easier for a regulator to judge competency than it is to judge conflict of interest.”

4. “I think it is definitely worthwhile putting resources in training and also currency.”

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

SARs Update

Thu, 09 Mar 2023 05:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, host the award-winning Life with GDPR. In this episode, Jonathan Armstrong shares that SARs remain a significant area of concern for businesses. He joins Tom to discuss a recent individual’s complaint with the Austrian DPA, in which the response was incomplete and the individual took their case to an Austrian Federal Administrative Court. Jonathan shares that this tactic is being used by those under regulatory and governmental investigation. Tom and Jonathan's insight is invaluable for staying informed of the most up-to-date news on SARs.

Key Highlights

· Challenges of Filing Data Protection Complaints in Austria [00:057]

· Legal Implications of Acquiring a Business Under Regulatory or Governmental Investigation [00:11:03]

· Ending a Podcast[00:15:50]

Notable Quotes

1. "We know that SARS are onerous, and it may be that the GIST route might be a way of saving some of the effort involved, not in searching for data necessarily, but in the whole redaction task, which is substantial because obviously you have to redact records so as not to expose the data of other individuals in many cases."

2. "And the officer stream result also seems to be in accordance with guidance from other DPAs as well. So probably the right decisions in both cases but obviously still some complexity involved in dealing with hours."

3. "We've definitely seen [SARs] in the context of regulatory or other governmental investigation. There are the cases in the public domain, for example, which is a case, which involves Russian oligarchs battling it out in the UK courts after group a investigated group b."

4. "And as I say, we've used the gist route previously. We know that people have complained to the ICR to other regulators but so far, that hasn't been anything that regulators criticized in the cases that we've been involved with.""

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian Cyber Attack Gangs Sanctioned

Thu, 02 Mar 2023 05:00:00 -0000

Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the podcast Life with GDPR. In the most recent episode, they review the recent sanctions the UK and US have imposed on seven Russia-based individuals linked to ransomware. They explain that there are around 20-30 known vulnerabilities in software that could be responsible for the majority of ransomware attacks, and if these are taken care of, individuals and organizations are less likely to become susceptible. Finally, the host delve into how some ransomware attackers may become public about their actions in order to try and make those affected pay up. Listen to Life with GDPR for the most up-to-date and helpful advice about cyber security and ransomware.

Key Highlights

· Sanctions levied against Russian cyber-attack gangs [00:01:28]

· Steps to take to Protect Against Ransomware Attacks [00:06:12]

· The Dangers of Ransomware Attacks [00:10:49]

Notable Quotes

1. "Sanctioning ransomware gangs is not especially new. The US has done it before, but this is a move that's a giant move from the UK and the US to sanction 7 Russia based individuals."

2. "It's good business sense to payers because x is less than y. So just because GDPR is on the agenda of ransomware gangs, it obviously means that organizations have to take that much more seriously because ransomware gangs trying to push GDPR figures."

3. "Have a plan to deal with ransomware. It is inevitable a ball that somebody will target you. Maybe create a playbox so that you can work through key considerations in add advance."

4. "You're only as strong as your weaker link. And oftentimes, it is suppliers, HR providers, payroll providers, outsourced sales solutions that are a real area of vulnerability.""

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

NIS II

Thu, 16 Feb 2023 05:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we take up NIS II and are pleased to be joined by Jonathan Marks and Matt Kelly for a robust conversation.

Highlights include:

What is NIS II and how does it differ from NIS I?
NIS II governs by sectors.
What are the implications for global companies?
Where can you go for more information.

Resources

Connect with Tom Fox

Connect with Jonathan Armstrong

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cookies, Cookies & More Cookies

Thu, 02 Feb 2023 05:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. Data protection has become a priority for many authorities with the French regulator, CNIL, recently issuing fines and penalties to Microsoft for not complying with the data protection laws. Changes were made to their practices in March 2022, and similar action was taken against Google and Amazon.

In this episode, we discuss the regulatory landscape for cookies which has become difficult for businesses to maneuver, requiring board-level oversight of data privacy, data protection, and data security. Together, these measures are deemed necessary in order to mitigate the biggest risks to organizations. Max Schrems and his pressure group were two of the key adjutants and had filed a substantial number of complaints. This eventually led to a large fine at the end of 2022, announced this month, from CNIL, the French Data Protection Regulator, against Microsoft, for €60 million. This fine highlighted the fact that cookies had been on the agenda for many Data Protection Authorities and the severity of the consequences for not following GDPR requirements. The implications of this case will have a lasting effect on the relations between European Data Protection Authorities and corporations, as well as the resources necessary to stay compliant.

Highlights include:

· [00:04:16] Microsoft's Changes to Cookie Practices

· [00:09:21] Navigating Regulatory Landscapes for Businesses

· [00:14:21] The Importance of Data Privacy Board Oversight

Resources

Connect with Tom Fox

● LinkedIn

Connect with Jonathan Armstrong

● Twitter

● LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Meta Fined In Ireland

Thu, 19 Jan 2023 05:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we discuss the recently released find by the Ireland Data Protection Commission against Meta for two legacy companies, €210m for its Facebook operation and €180m for Instagram for GDPR breaches. The DPC also ordered Meta to change its data protection practices within three months. Those changes may have more lasting effect on Meta than the fines. The two fines come in at fifth and sixth places respectively in the largest GDPR fines of all time . Some of the highlights include:

1. What were the facts?

2. Why this matter has far wider implications that simply Big Tech.

3. Max Schrems says this is a huge blow for Meta.

4. The convoluted appeal process going forward.

5. Lessons learned.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

The ABB Enforcement Action from a UK Perspective

Thu, 05 Jan 2023 05:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we discuss the recent ABB Foreign Corrupt Practices Act resolution. Jonathan considers the ABB enforcement action from the UK perspective and opines how a UK judge might consider the company’s recidivism differently than the DOJ did. He rants about ongoing tech scams. Some of the highlights include:

1. What were the facts?

2. How would UK court’s view recidivist behavior under the UK Bribery Act?

3. Where was the SFO?

4. What is the status of the investigation in Germany?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Sullivan Conviction from GDPR Perspective

Thu, 15 Dec 2022 05:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we discuss the recent conviction of Joe Sullivan former CISO at Uber for his role in hiding a data breach which hit the company. Sullivan was convicted in the US in October 2022 in connection with an investigation into a ransomware attack on Uber in 2016. However, we look at the conviction from the GDPR and UK perspective and ask does it portend potential liability for CISOs and CCOs in the EU and UK. For instance, does this mean that there are likely to be more prosecutions against executives? And could we see similar prosecutions in Europe? For a more detailed discussion and links to the case, check out the Cordery Compliance News Alert on the case, which you can find in the link below. Some of the highlights include:

1. What were the facts?

2. Was Sullivan guilty of negligence or intentional conduct?

3. Why were prior Uber convictions so significant?

4. What happens next?

5. Could this lead to more prosecutions of executives?

6. What does this mean under GDPR and in the UK?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

ICO Gets Serious About Subject Access Requests

Thu, 27 Oct 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we discuss the recent action by the ICO against seven UK organizations that failed to respond to Subject Access Requests (SAR), which follows a trend across Europe of more enforcement action on SAR. Some of the highlights include:

1. What is a Subject Access Request (SAR)?

2. Why are these companies in the ‘Naughty Corner.’

3. How does this follow a trend across Europe of more enforcement action on SAR?

4. What happens next?

5. Who is the constituency for change in the SAR process in the UK?

6. What are the lessons learned?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Meta Fined €405 million by Irish Data Protection Commission

Thu, 20 Oct 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we discuss the recent fine by the Irish Data Protection Commission levied against Meta for €405 million for Instagram Data Protection Infringements. Some of the highlights include:

1. What is the background to the case?

2. What was the basis for the fine?

3. What happens next?

4. What did other national agencies and commission, particularly the EDPB say?

5. What are the lessons learned?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

US Response to GDPR Data Flow Protections

Thu, 13 Oct 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we discuss the US/EU/UK agreement for data transfer from the EU/UK to the United States under the Data Protection Framework. Some of the highlights include:

1. What is the Data Protection Framework?

2. How will the Data Protection Review Court work?

3. What dare the safeguards around the US national security review be?

4. What happens next?

5. What are the views of Max Schrems?

6. Will there be an EU/UK split?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Changes to UK Data Protection Regime

Thu, 29 Sep 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we discuss the changes in the UK Data Privacy regime currently proposed in the wake of Brexit. Some of the highlights include:

Why these changes are so significant.
Are things really more complicated now?
What does it mean for compliance?
What happens next?
Will the new PM request any changes?
Practical steps you can take now.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Changes to Cyber-Breach Insurance

Thu, 15 Sep 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we discuss Lloyd’s of London announcement of its coverages for cyber-breaches by state actors. Some of the highlights include:

1. Why this change is so significant.

2. What does it mean for compliance?

3. What happens next?

4. Practical steps you can take now.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Update on Cookie Banners

Thu, 18 Aug 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we discuss the NOYB announcement that it had filed an additional 226 complaints to Data Protection Authorities in 18 countries over the use of OneTrust cookie banners. Some of the highlights include:

Previous enforcement actions on cookie banners.
The NOYB campaign.
What happens next?
Practical steps you can take now.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Boris Johnson Announces Resignation

Wed, 13 Jul 2022 10:11:06 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we discuss British Prime Minster Boris Johnson’s recent announcement that he will be resigning as British PM when his successor is announced. Some of the highlights include:

Reasons for the resignation.
Candidates for the PM role going forward.
Key compliance and related issues for the new PM going forward .
Lessons learned from the Pincher Affair and the BoJo resignation.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

GDPR Draft Guidance on Fines Calculation

Thu, 30 Jun 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we review the recently released European Data Protection Board (EDPB) draft guidance on calculating fines entitled “Guidelines 04/2022 on the calculation of administrative fines under the GDPR”. Some of the highlights include:

1. There have been just under 1.5 billion in overall fines under GDPR.

2. Spain has the largest number of fines but the smallest monetary amount of fines.

3. The five-step calculation methodology.

4. What are the aggravating and mitigating factors.

5. Key takeaways from the draft guidance.

Resources

For more information on the draft guidance, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

FRC Report on Compliance with the UK Modern Slavery Act Update

Thu, 23 Jun 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we review the recently released Financial Reporting Council (FRC), the UK Anti-Slavery Commissioner, and Lancaster University (Management School) report on a sample of a hundred major companies’ modern slavery statements and their strategic and governance reports. Some of the highlights include:

1. Why the Report?

2. Some successes but much criticism.

3. Public responses when slavery issues are uncovered.

4. Why contracts are a part of the solution.

5. Key takeaways from the Report.

Resources

For more information on the FRC Report, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Clearview AI Fine by the ICO

Thu, 16 Jun 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we take up a fine in the UK by the ICO against Clearview AI. We have discussed other EU countries’ fines against Clearview previously. Some of the highlights include:

What is this case all about?
What did the ICO decide?
Why is AI under the spotlight again?
Other actions and penalties against Clearview?
Key takeaways.

Resources

For more information on the Clearview AI fine by the ICO, check out the Cordery Compliance client alert on this topic; click here. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

André Paris on the Brazilian GDPR

Thu, 26 May 2022 04:00:00 -0000

Tom Fox returns for another episode of Life with GDPR. Jonathan Armstrong is on assignment this week, so we are joined by our colleague André Paris, a Brazilian Privacy and Compliance Consultant, Professor and Lawyer. Andre is the author of the book "Ethics and Transparency - A Path to Compliance". He is a specialist in building a Corporate Culture based on Ethics, Transparency and Respect. Experienced in Corporate Risk Analysis and Management, as well as in Protecting Corporate Reputation and Crisis Management. He is also an enthusiast on building a more ethical and transparent business environment.

In this episode, we take up the Brazilian national GDPR-like data privacy law. Some of the issues we consider include:

1. What is the Brazilian law?

2. Who does it apply to?

3. What does a compliance program look like?

Resources

Check out Andre’s book, ETHICS & TRANSPARENCY: A Path To Compliance.

Andre Paris on LinkedIn

Learn more about your ad choices. Visit megaphone.fm/adchoices

Data Transfers from EU/UK to US

Thu, 12 May 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we take up the proposed agreement for data transfers from the EU (and UK) to the US. Some of the issues we consider in the myriad of questions around this latest version of Privacy Shield include:

1. Is this simply an agreement to agree?

2. Who will populate the independent court review in the US?

3. Will US spy agencies ever comply?

4. Will there be a real deal by the end of 2022?

5. Is this simply a temporary solution.

Resources

For more information on the new data transfer agreement, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Clearview AI Redux

Thu, 28 Apr 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we consider the Italian Data Protection Authority (the Garante) fine against Clearview AI €20m for GDPR violations. It is the latest in a series of regulatory actions in Europe and in Australia against Clearview AI and it also continues a trend of AI enforcement in Italy.

1. Who is Clearview AI?

2. What is this matter about?

3. The background facts and the Italian investigation.

4. What did the Garante say?

5. Lessons learned and next steps.

Resources

For more information on the Italian Clearview AI enforcement action, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Tuckers Enforcement Action

Thu, 14 Apr 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we consider the UK Data Protection Authority, the Information Commissioners Office (ICO) recent announcement that it had fined a law firm, Tuckers Solicitors LLP for GDPR breaches. Tuckers was fined £98,000 after being hit by a ransomware attack.

1. Law firms are not unique.

2. What about other legal regulations and regulatory bodies?

3. The background facts.

4. What did the ICO say?

5. Lessons learned.

Resources

For more information on the Tuckers enforcement action, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Privacy Shield 3

Thu, 31 Mar 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, consider the recently announced EU/US resolution to allow data transfer from the EU to the United States through the mechanism of Privacy Shield 3. Some of the issues we consider include:

1. Is it Déjà vu all over again?

2. What about consent and standard contractual clauses as a basis for data transfer?

3. What was the court’s ruling?

4. Why double due diligence will be required going forward?

5. What about the UK?

6. What does Max Shrems have to say?

Resources

Check out the Cordery Compliance, client alert on this topic, click here and here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Case of the Rogue Employee

Thu, 17 Mar 2022 04:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In the 2020 Morrisons case the UK Supreme Court ruled that an employer can be legally responsible for data breaches caused by their employees, although in the particular situation in that case the court ruled that Morrisons (the employer) was not liable for the actions of their rogue employee. In this episode, Tom and Jonathan look at the more recent case of Isma Ali v. Luton Borough Council where the High Court ruled that in committing the data security breach actions the rogue employee undertook, she had solely pursued her own interests and so the employer was not liable for her conduct. Some of the issues we consider include:

1. What were the underlying facts of the case?

2. What was the court’s ruling?

3. Key Takeaways for the data privacy, data protection practitioner, including:

· Take a close look at security measures and ensuring that access rights are policed. Data loss prevention and monitoring systems should also be in place to check for large data files leaving the organization - depending on the circumstances, a rogue employee might be after a lot of data;

· Put in place appropriate policies and procedures to make sure that data protection principles like data security and data minimization are properly understood;

· Perform a Data Protection Impact Assessment for new processes;

· Make sure that employees in trusted roles are reliable and that their access rights are reviewed.

· Put in place and rehearse a data breach notification procedure, including detection and response capabilities;

· Training staff on all of the above; and,

· Check existing insurance or taking out new insurance to cover the range of potential risks from "innocent" errors to the actions of a rogue employee.

Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Case of the Smart TV

Thu, 03 Mar 2022 05:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, dissect the case of the Smart TV and considers its implications for de minimis cases brought under GDPR. Some of the issues we consider include:

1. What were the underlying facts of the case?

2. Was the case filed in the correct court (High Court)? If not, why not?

3. What was the court’s ruling?

4. What is the viability of a de minimums claim going forward?

5. When dealing with data protection infringement compensation claims, look to cases from other jurisdictions.

6. No matter how seemingly trivial, organizations should be prepared for them and manage them with care.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

GDPR-10 Years After Original Proposal

Thu, 24 Feb 2022 05:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we celebrate the 10-year anniversary of the initial proposal of the law which became GDPR. Some of the issues we consider include:

What was in the original proposal that did not become enacted in the final law?
Reduction in costs-what happened?
Right to be Forgotten, morphed into something very different than intended.
Fines, Fines, Fines.
Evolution of regulatory sophistication.
Criticism of regulators.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Class Action Update

Thu, 10 Feb 2022 05:00:00 -0000

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we take a deep dive into class action litigation in the UK and EU around data privacy and data protection. Some of the issues we consider include:

1. Has the tide turned in favor of defendants in class action litigation in the UK?

2. Are actual damages now required to receive damages after a data breach?

3. How can a company manage a regulatory investigation of a data breach during a class action litigation?

4. What about suits against Boards of Directors?

Resources

Life with GDPR named one of the top 30 Data Security Podcasts you must follow in 2022.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Update on Blackbaud

Thu, 03 Feb 2022 05:00:00 -0000

Jonathan Armstrong returns from assignment to take on a potpourri of issues with co-host Tom Fox. In this episode, we consider some of the issues from the Blackbaud data breach enforcement action. Some of the issues we consider include:

Does this matter signal a priority in risk shifting by the regulators?
Implications for class actions involving customers.
Hardening of the insurance market regarding data breaches.
More due diligence coming in the B2B arena.
Steps your organization should take now.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Potpourri Edition

Thu, 02 Dec 2021 05:00:00 -0000

Jonathan Armstrong returns from assignment to take on a potpourri of issues with co-host Tom Fox. We use the recent speech by Deputy Attorney General Lisa Monaco as a jumping off point to discuss how this change in DOJ enforcement policy and focus will be impacted by GDPR, the new EU Whistleblower Directive and how increased international cooperation around international anti-corruption compliance may play out. Some of the issues we consider include:

Data protection issues under the new DOJ FCPA enforcement policy?
Monitorships outside the US.
Data privacy and investigations.
Class actions in the UK going forward.
Increased cooperation between the DOJ/SEC and the UK Serious Fraud Office.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

EU Whistleblower Directive-Part 2

Thu, 04 Nov 2021 04:00:00 -0000

Jonathan Armstrong is on assignment in Cornwall so for this episode Cordery Compliance co-founder Andre Bywater joins Tom Fox to discuss issues relating to the upcoming EU Whistleblower Directive, with a go live date of December 17. This is Part 2 of a special 2-part episode. Some of the questions we consider include:

What about whistleblowing and data protection issues?
Are individuals subject to whistleblowing allegations also protected?
Subject Access Requests.
False whistleblowing.
Sanctions for non-compliance.
Bounties for whistleblowing.
When must the EU whistleblowing rules be implemented?
Post-Brexit, how will the UK be implementing these rules?
What are Andre’s three takeaways?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

EU Whistleblower Directive-Part 1

Wed, 27 Oct 2021 04:00:00 -0000

Jonathan Armstrong is on assignment in Cornwall so for this episode Cordery Compliance co-founder Andre Bywater joins Tom Fox to discuss the upcoming EU Whistleblower Directive go live date of December 17. This is Part 1 of a special 2-part episode. Some of the questions we consider include:

1. Why is the EU tackling whistleblowing & what EU areas fall in scope?

2. Who can be a whistleblower?

3. What about anonymity and confidentiality?

4. Which whistleblowing route should a whistleblower follow?

5. Are there any record-keeping obligations?

6. Is retaliation prohibited?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

EU Whistleblower Update

Thu, 21 Oct 2021 04:00:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode we take up a recent decision from Luxembourg which would seem antithetical to good whistleblower practices. We also consider the upcoming EU Whistleblower Directive go live date of December 17. Some of the questions we consider include:

1. What are the facts of the enforcement actions?

2. When should company harm outweigh public good from whistleblowers?

3. What lessons can companies learn from this matter in conjunction with the EU whistleblower directive?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jonathan’s Favorite Enforcement Action

Thu, 30 Sep 2021 04:00:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode we take up Jonathan’s (current) favorite GDPR enforcement action, involving the food deliver services Deliveroo and Foodinho, who ran afoul of the Italian data protection authority.

Some of the questions we consider include:

What are the facts of the enforcement actions?
What do these cases tell us about the use of AI and data privacy?
What lessons can companies that use algorithmic management of staff learn?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

To Pay or Not to Pay

Thu, 16 Sep 2021 04:00:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode the always difficult decision of whether to pay or not to pay a ransomware demand. Some of the questions we consider include:

1. How does a ransomware attack occur?

2. What are the potential legal and commercial risks of paying ransoms?

3. What about specific new laws to ban ransomware payments?

4. What should you do if your organization is faced with a ransomware attack?

5. What can you do to guard against a ransomware attack?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Due Diligence in M&A for Data Protection

Thu, 02 Sep 2021 04:00:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode we consider due diligence in mergers and acquisitions from the data privacy/data protection perspective. What should you review? Who should you talk to? What reps and warranties should you consider? These questions and much more on this edition of Life with GDPR.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Happy Birthday GDPR, Part 2

Thu, 03 Jun 2021 04:02:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today we conclude a special two-part episode in honor of the 3rd anniversary of the go-live of GDPR. We review five key developments in GDPR review, regulation and enforcement over the past 3 years. In Part 1, we looked at the increased militancy in GDPR enforcement, both from regulators and in private actions and enforcement trends over the past 3 years. In this Part 2, we consider the where of doing business, data security and customers issues as they have evolved over the past 3 years.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Happy Birthday GDPR, Part 1

Thu, 27 May 2021 04:04:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today we begin a special two-part episode in honor of the 3rd anniversary of the go-live of GDPR. We review five key developments in GDPR review, regulation and enforcement over the past 3 years. In this Part 1, we look at the increased militancy in GDPR enforcement, both from regulators and in private actions and enforcement trends over the past 3 years.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Trade Sanctions, AML and Export Control after Brexit

Thu, 18 Mar 2021 04:04:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we conclude a 3-part series on issues relating to GDPR after Brexit. They include data protection, data transfer and issues related to trade sanctions, AML and export control. In this episode we consider trade sanctions, anti-money laundering and export control after Brexit.

Resources

Check out the Cordery Compliance Client alert on the data transfer after Brexit here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Data Transfers After Brexit

Thu, 11 Mar 2021 05:06:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we continue our 3-part series on issues relating to GDPR after Brexit. The topics we discuss include data protection, data transfer and issues related to trade sanctions, AML and export control. In this episode we consider data privacy and data transfers after Brexit.

Resources

Check out the Cordery Compliance Client alert on the data transfer after Brexit here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Data Protection After Brexit

Thu, 04 Mar 2021 05:03:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we begin a 3-part series on issues relating to GDPR after Brexit. They include data protection, data transfer and issues related to trade sanctions, AML and export control. In this episode we consider data protection. Highlights include:

Does GDPR still exist in the UK?
Does pre-Brexit case law still matter in the UK?
What is the temporary data protection deal between the EU & UK all about?
How will extra-territorial reach work for the EU & the UK?
Will I need a Data Protection Representative?
Will I need a new Data Protection Officer

Resources

Check out the Cordery Compliance Client alert on the data transfer after Brexit here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The KBR Document Production Decision

Thu, 25 Feb 2021 05:03:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we take a look at the recent UK Supreme Court decision in the KBR document production case. KBR succeeded in its UK Supreme Court battle with the Serious Fraud Office (SFO). The case is interesting both in connection with the seizure of documents in SFO investigations and the sometimes criticized Section 2 notice procedure, which the UK Supreme Court held was unlawful in this case.

Highlights Include:

· What was this case about?

· Why was it so important?

· What is a Section 2 Notice?

· What about extra-territoriality?

· What was the Court’s decision based on?

· Lessons for the compliance professional.

· Wither the SFO?

Resources

Check out the Cordery Compliance Client alert on the KBR decision here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Looking Back and Looking Forward

Thu, 07 Jan 2021 05:07:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we take a look back at some of Jonathan’s most significant cases, enforcement actions and events in data privacy/data protection in 2020. We also consider the potential impact of Brexit on data transfers between the UK and the EU and how this will impact data transfers between the UK and US.

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

Reduction to GDPR Fines by EU Courts and SARs

Fri, 18 Dec 2020 11:14:41 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider EU courts reducing fines and penalties assessed by data protection regulators. The case reminds us that, as we said before, data protection authorities are likely to face challenges to high fines in the courts. In some respects, the fine mechanism in GDPR is based on the system in use in competition law cases where the success rate in appeals has been high. Some of the highlights are:

Background to several cases.
What did the court say?
What did the regulators say?
What are the lessons learned for the data protection/data privacy compliance specialist?
What steps can your organization take?

Resources

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Experian Enforcement Notice Case

Thu, 10 Dec 2020 05:02:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the Experian enforcement action. Recently, the UK Data Protection Authority, the Information Commissioner’s Office (ICO), slapped Experian with an enforcement notice requiring the company to make major changes to how it processes personal data in its UK marketing services business. The main themes in the investigation, which targeted various players in the credit referencing industry, centered on “invisible processing”, “over processing”, providing insufficiently clear privacy information and using certain lawful bases incorrectly for processing people’s data. Some of the highlights are:

Background to the case.
Why did the other credit rating agencies agree to the ICO terms?
This matter is about the Enforcement Notice and not fines and penalties.
Why is transparency essential in data processing?
How does big data make all this more difficult?
What are ‘legitimate interests’?

Check out the Cordery Compliance, client alert on the Experience matter, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

SARS and Liability Issues under GDPR

Sun, 06 Dec 2020 17:19:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the increase in subject access requests (SARs) and other liability issues under GDPR. Recently, the UK Data Protection Authority, the Information Commissioner’s Office (ICO), issued new guidance on handling SARs. The guidance follows responses from organization of all shapes and sizes however and is clearly an indication of what the ICO is thinking. Cordery also took part in the consultation process for this new guidance.

Learn more about your ad choices. Visit megaphone.fm/adchoices

H&M Fined €35.2 for Data Privacy Breaches

Thu, 08 Oct 2020 04:01:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode, we consider recent decision by the Hamburg Data Protection Authority which fined H&M Germany €35.2m for GDPR violations. The case concerned excessive use of employee data and is the largest fine so far imposed by regulators for the handling of employee data. We are likely to see more pressure on employers to justify the handling of employee data as a result of today’s fine. Some of the highlights are:

What did the regulator say?
What did H&M do after the investigation began?
What about the current pandemic?
What are the implications going forward?
What is this decision’s precedential value?
What are some practical tips for compliance?

Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Schrems III-Impact on the Transatlantic Digital Trade

Thu, 06 Aug 2020 04:03:00 -0000

In this episode, I am joined by Jed Gardner of Linedata to discuss some of the practical aspects the Schrems III case, where the Court invalidated Privacy Shield. Some of the highlights are:

Why was this and what are the wider impacts to transatlantic digital trade?
When does this come into effect? Is there any grace period?
Let’s look at a transatlantic organization (Investment Firm). What risks are they now dealing with?
What should businesses be doing with their technology to address the ruling and ensure they can meet the EU GDPR data privacy regulations?

Check out the Linedata on their homepage here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Emergency Podcast on Schrems III

Fri, 17 Jul 2020 04:07:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we do our first emergency podcast based upon the European Court of Justice’s decision handed down July 16 on the Schrems III case, where the Court invalidated Privacy Shield. Some of the highlights are:

What were the issues involved in this case?
What did the Court find wanting in Privacy Shield?
What are the differences in the European and American approach that led to this result?
What was the ruling around standard contract clauses for data transfer?
What are the implications going forward?

Learn more about your ad choices. Visit megaphone.fm/adchoices

Duty of Data Processor to Report Data Breach

Thu, 02 Jul 2020 04:06:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Swedish Data Protection Authority recently imposed a fine of 200,000 Swedish kronor (approximately €18,700 or $21,320) on the Swedish National Government Service Centre (“the NGSC”) for failing to notify both the Data Protection Authority and others about a personal data breach in sufficient time. Some of the highlights are:

What were the issues and interests involved in this case?
What are the requirements for a reporting of a data breach under GDPR?
What are the differences in duties of the Data Processor and Data Controller?
What are the implications going forward?
What is this decision’s precedential value?
Is the decision Kafkaesque in its reasoning?

Learn more about your ad choices. Visit megaphone.fm/adchoices

Requirements for the DPO

Thu, 18 Jun 2020 04:03:00 -0000

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Belgian Data Protection Authority which imposed a fine of €50,000 ($54,203) on an un-named organization for non-compliance with the GDPR conflict of interest requirement; in the selection of its Data Protection Officer. Some of the highlights are:

What were the issues and interests involved in this case?
What are the requirements for a DPO under GDPR?
How and why was the company ‘seriously negligent’?
What are the implications going forward?
What is this decision’s precedential value?
How much expertise, authority and autonomy must a DPO have going forward?

Learn more about your ad choices. Visit megaphone.fm/adchoices

Verbal Reporting under GDPR

Thu, 14 May 2020 04:03:00 -0000

In this episode I visit with Jonathan Armstrong are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the issue of verbal reporting under GDPR, in the context of the case of Scott v. LGBT Foundation. Some of the highlights are:

What were the issues and interests involved in this case?
What is a relevant filing system for automated data under GPDR?
When does the public health and safety outweigh data privacy?
Was Scott’s data processed by the LGBT Foundation?
What is the necessity test?

Check out the Cordery Compliance, client alert on the case of Scott v. LGBT Foundation, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CCTV and Data Privacy

Thu, 07 May 2020 04:03:00 -0000

In this episode I visit with Jonathan Armstrong are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the intersection of Closed Circuit Television (CCTV) and data privacy. Some of the highlights are:

CCTV is ubiquitous in the UK. Why is a DPIA so critical in GDPR compliance around this issue?
What about the safety implications for CCTV?
What about Subject Access Requests?
Transparency is critical. This means full notice to all employees.
What should be your retention policy?

Check out the Cordery Compliance, client alert on the CCTV and data privacy, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Morrisons at the UK Supreme Court

Thu, 30 Apr 2020 04:03:00 -0000

In this episode I visit with Jonathan Armstrong are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the recent decision by the UK Supreme Court on the Morrisons case. Some of the highlights are:

What were the background facts of the case and the trial court ruling?
What did the UK Supreme Court rule?
Does the SCt ruling leave the door open for subsequent class actions?
What are the differences between primary liability and vicarious liability?
What steps should a company take in response to the Morrisons ruling?
What does all of this mean for US companies, trying to get data out of the UK and EU?

Check out the Cordery Compliance, client alert on the Morrisons decision, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cathay Pacific Enforcement Action

Thu, 09 Apr 2020 04:08:00 -0000

In this episode of Life with GDPR, Jonathan Armstrong and Tom Fox consider the recently released UK Information Commissioner’s Office (ICO) Cathay Pacific Airways Limited fine of £500,000 for failing to protect the security of its customers’ personal data. This is a pre-GDPR case and the fine represents the maximum fine under the ICO’s pre-GDPR powers. The ICO took into particular account the fact that Cathay Pacific failed to follow its own policies and ignored fundamental best practices.

Some of the highlights in this episode include:

What were the background facts of the enforcement action?
What are the implications of a pre-GDPR enforcement action?
Why was the maximum fine levied?
What were the regulators findings?
What are the lessons learned for the data protection practitioner?
Where listeners can go for more information.

Resources

Cordery Breach Navigator

Cordery Client Alert “Client Alert: ICO Fines Cathay Pacific £500k for Data Security Breach”

Learn more about your ad choices. Visit megaphone.fm/adchoices

Coronavirus and GDPR

Thu, 02 Apr 2020 04:11:00 -0000

In this episode of Life with GDPR, Jonathan Armstrong and Tom Fox consider the multiple data privacy/data protection risks which have arisen under the coronavirus health crisis.

Some of the highlights in this episode include:

How does coronavirus impact GDPR compliance?
What issues arise with working from home?
What is consent and why is it so critical now?
What is the role of a DPIA in this process and why is it so critical?
Can you monitor employees working from home?
What about customer communications?
What are some basic best practices to minimize risk at this point?
What does this mean for companies and clients going forward?

Resources

Cordery Breach Navigator

Cordery Client Alert “Coronavirus and Data Protection”

Learn more about your ad choices. Visit megaphone.fm/adchoices

Special Valentine’s Day Edition-Facebook Dawn Raid in Ireland

Fri, 14 Feb 2020 05:08:00 -0000

In this episode of Life with GDPR, Jonathan Armstrong and Tom Fox have their first emergency podcast. Earlier this week, the Irish Data Protection Commission raided Facebook in Ireland over the company’s announced plan to begin a dating service on Valentine’s Day.

Some of the highlights in this episode include:

What is the to-do all about?
Do European data protection authorities have dawn raid powers?
What might the Irish Data Protection Commission have been looking for in this raid?
What is the role of a DPIA in this process and why is it so critical?
When should a DPIA be carried out?
How can a DPIA a mitigating or aggravating factor?
What is the importance of training around DPIAs?
What does this mean for companies and clients going forward?

Resources

Cordery Breach Navigator

Cordery Client Alert “Ireland’s Data Protection Authority Halts Facebook Dating Service”

Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 36- Extension of BA Response Time

Thu, 06 Feb 2020 05:03:00 -0000

In this episode of Life with GDPR, Jonathan Armstrong and Tom Fox are back to discuss the recent ICO announcement that it was extending the time for British Airways and Marriott to respond to its proposed fine and penalty. Some of the highlights in this episode include:

What makes the background of the case so complex?
What did the ICO say and why did they extend the deadline for BA to respond?
What are some of the possible reasons for the delay?
What if anything does Brexit have to do with this?
In view of Brexit, will the EU be watching the ICO in this matter?
What might be the relationship between the ICO and EU on data privacy going forward?
Background of British Airways (BA) enforcement action.

Resources

Is the BA Fine in the Departure Lounge?

Cordery Breach Navigator

Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 35- What does Brexit Mean for GDPR?

Mon, 21 Oct 2019 10:34:41 -0000

In this episode Jonathan Armstrong and I consider the implications of GDPR enforcement going forward after Brexit. Recognizing the situation is incredibly fluid, there are nevertheless some areas of risk management that you can begin to prepare for in the event of a deal for an orderly Brexit, a no-deal Brexit or an extension of the deadline Some of the highlights in this episode include:

What does Brexit mean for GDPR enforcement?
How will the UK-ICO move forward after Brexit?
What are the implications of a no-deal Brexit? What can a company do to prepare at this point?
How will the Irish regulators react to Brexit?
What will Brexit mean for internal investigations, both in the UK and EU?
What happens if there is an extension?

Learn more about your ad choices. Visit megaphone.fm/adchoices

Role of Vendors in Data Breaches

Thu, 10 Oct 2019 04:00:00 -0000

In this episode of Life with GDPR, Jonathan Armstrong and Tom Fox are back to discuss the role of vendors in data breaches and the corporate response thereto. Some of the highlights in this episode include:

How much due diligence did you perform on your vendors from the data protection risk perspective?How much due diligence did you engage in for any M&A activity or acquisitions?Do you have the full cooperation of your vendors in any data breach?What is the role of a vendor in responding to a data breach?Does your risk management strategy have a fall back if you have to terminate a vendor over a data breach?For more information on vendor data breaches, check out the following resource on the Cordery Compliance website, https://www.corderycompliance.com/dealing-with-a-data-breach/ . Also if you have not done so, check out the Cordery Breach Navigator here, https://www.corderycompliance.com/solutions/breach-navigator/

Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 33- Lessons Learned in Year 1 of GDPR, Part 3

Thu, 19 Sep 2019 04:00:00 -0000

Remediate then report. The remediation of an issue before reporting can be the key issue for regulators on whether they will move forward with a more public spanking. It is important to show that you have learned lessons and applied them to the facts of your data breach. Don’t try and cheat the victims by imposing new contractual terms such as Equifax did in its recent settlement. Think of the simple way for a data breach to occur, a briefcase left on the Tube.

Don’t Diss the DPA. Why would a company take on the regulator? You must respect the regulator even if you disagree with them. You can make a bad situation worse by attacking the regulators. This does not mean you cannot forcefully argue you position or zealously represent you client but calling regulators idiots in public filings will not help you position or your case.

Keep logs. This is important in case you need to revisit a decision later. Regulators can ask to see these logs at any time, not simply during an investigation or enforcement action. A compliance officer should be involved in the maintenance of the log system. Document Document Document. Unannounced inspections are beginning to occur.

Debrief and Learn. Revisit the facts to see what lessons are to be learned. Continuous improvement. Even on a journey of 1000 miles, it is important to look back. Once again if you make a change due to a breach or other event, document what you have done so you can show the regulators.

For more information on Cordery Compliance, go their website here.

For more information on data breaches, see here.

Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 32- Lessons Learned in Year 1 of GDPR, Part 2

Thu, 05 Sep 2019 04:00:00 -0000

DPIA Everything. It’s mandatory under GDPR. It is a process analysis so you will need Subject Matter Expertise. How often do you revisit DPIA? Regulators are beginning to look at the process of your DPIA. When new process comes into play, you should do a new DPIA. Do you require DPIA when you hire 3rdparty vendor or in the M&A situation? If not you should do so moving forward.

Do SARs and DSRs are real good.How do you deal with these types of request? More importantly do you have a centralized team to understand the reason behind the request. Who could make that analysis? Is it a work in progress for your organization? Robust response to SARs is critical, as they are here to stay as core component of GDPR.

Respect the time. Time limits are much more generous in the US. Some regulators suggest not to be obsessed with time. Will courts allow ‘reasonable delay’? Corporations trying to extend the 72 hour by time zone arguments and other ridiculous argument by US corporations. (Listen for the Thanksgiving Weekend exemption) Regulators can fine you for being late. Are US companies getting the message? It’s a mixed bag, some are not doing so.

For more information on Cordery Compliance, go their website here.

For more information on data breaches, see here.

Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 31-Lessons Learned in Year 1 of GDPR, Part 1

Thu, 22 Aug 2019 04:00:00 -0000

Do you have a plan? You need to have a plan for a data breach because it is not if but when you will be hacked. Armstrong advises you can be two plans; one for all employees which is straight-forward so that all employees will be able to understand it. You should have a second plan, which you rehearse which is for all compliance/IT/data security. It should be process driven so it allows flexibility for those responding.

Know your data and know your third parties. Many companies have disaggregated data because they have so many vendors and platforms where data is stored. You must know who has your data. Do you have visibility into 3rd, 4thand 5thparties from the data perspective? You should also capture where data is going in an organization, particularly customer and employee data. Finally, and sadly overlooked by many US companies is the question of data protection of a US parent when a UK/EU sub is audited?

Assemble your data response team now and practice, practice, practice.You need to look at your data security response. What does the A Team teach you about data response? You should strive for strength in diverse skills and practice your response. Look at PR rapid response, your compliance, your legal response all in addition to your IT/data security response. Regulators looking at share price drop off, this shows the need for a rapid, practiced response.

For more information on Cordery Compliance, go their website here.

For more information on data breaches, see here.

Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 30- British Airways GDPR Enforcement Action

Thu, 11 Jul 2019 04:00:00 -0000

Some of the highlights in this episode include:This proposed fine represents the largest GDPR fine in the UK.As the fine is now open to comment by BA and other national data protection regulators, the amount of the final fine may change.The BA CEO comes out swinging against this fine.What was the role of the ICO as ‘lead regulator’?Will BA’s tone-deaf posturing hurt or help it with the final penalty?What did BA know and when did they know (yes that is the famous Watergate question) will be a critical analysis.What remedial measures did BA engage in after it became aware of the breach?What are the lessons to be learned by the data privacy officer?For more information on Cordery Compliance, go their website here.

For additional reading see the Cordery Compliance article, “UK Data Protection Regulator Announces Intention to Fine BA after Data Breach”.

Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 29- GDPR Year 1 Review-Part II, the Issues

Thu, 06 Jun 2019 04:03:00 -0000

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. This episode is the first of a two-part series where Jonathan Armstrong and myself consider some of the highlights from the first year of GDPR implementation and enforcement. In this Part I we considered some of the enforcement numbers. In this Part II, we discuss some of the substantive issues. Some of the highlights in this episode include: Security issues-multiple regulators for large breaches and questions of whether TOMs are adequate. 6 Principles of GDPR-highest is around transparency.Data Subject Rights are seen as the biggest corporate pain points.DPIAs have been embraced by many companies and are seen by regulators as the backbone of a corporate compliance program around data security/data privacy. Industry sweeps are beginning to occur. Mixed quality of legal advice is hurting many companies in their compliance efforts. Some significant cases are headed to trial and then appeal. GDPR is here to stay. For more information on Cordery Compliance, go their website here.For additional reading see the Cordery Compliance article, “GDPR One Year On”.Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 28- GDPR Year 1 Review-Part I, the Numbers

Thu, 30 May 2019 04:10:00 -0000

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. This episode is the first of a two-part series where Jonathan Armstrong and myself consider some of the highlights from the first year of GDPR implementation and enforcement. In this Part I of this two-part series we consider some of the enforcement numbers. In Part II, we will consider some of the substantive issues. Some of the highlights in this episode include: EDPB says just over 150,000 complaints files EU under GDPR. Robust enforcement by both regulators and private bodies/citizens.UK leads with the largest number of complaints filed, followed by Germany then France.Around 950 complaints have reach courts. Italy is the country which has seen the largest number of court cases. Several countries are increasing inspections which could lead to enforcement actions. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 27- BountyUK Ltd. Notice of Monetary Penalty

Thu, 16 May 2019 04:06:00 -0000

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 26- The Importance of Passwords

Thu, 02 May 2019 05:03:00 -0000

In this episode, I visit with Jonathan Armstrong a topic which does not seem to garner the attention that it deserves in data protection; that being passwords. Some of the issues and highlights are: What is two-factor authentication? How, when and where should your use it?What are the most common passwords still in use?Why are passwords one of the most basic forms of data security protection?What are the lessons to be learned? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 25- Data Breach=Deadly Consequences

Thu, 18 Apr 2019 05:05:00 -0000

In this episode, I visit with Jonathan Armstrong to consider the recent regulatory fine leveled against London Borough of Newham £145,000 for a data breach involving the data of more than 200 people. It presents a situation where a data breach was literally a matter of life and death. Some of the issues and highlights are: What was the data and why was it so sensitive? How was the data leaked?How did the authorities determine the data breach?What as the basis of the Information Commissioner’s Office (ICO) fine?What are the lessons to be learned? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 24- Phishing

Thu, 28 Mar 2019 05:00:00 -0000

In this episode, I visit with Jonathan Armstrong consider the increasing business risk around phishing. There have recently been some multi-million-dollar losses around phishing so you need to be prepared. Some of the issues and highlights are: What is phishing? The largest number of data breach have come through phishing. Why has it become such a business risk?What are the requirements a company take against phishing under GDPR?What are the three key concepts in data protection?Modern phishing attacks are very sophisticated.What are some of the most intricate frauds seen in this area? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 23- Looking into the 2019 Crystal Ball

Thu, 21 Mar 2019 05:00:00 -0000

In this episode, I visit with Jonathan Armstrong consider some of his predictions for the rest of 2019. Even if these predictions do not become fully formed, you should consider them in light of your data privacy/data protection policies and protocols. Some of the issues and highlights are: Drones-what are the GDPR implications. The number of data breach notifications under GDPR. Through the end of January there were over 42,000 in the EU alone.Will AI and self-driving cars follow the rules on safe driving standards, or will there be new rules for the road? What will be the effects of data, big data and AI in elections going forward? What will be the fallout from Cambridge Analytica going forward?How will businesses respond to the industrialization of internet crime? What happens when there is a Zero-Day exploit?Cybersecurity insurance. Will standard insurance rules and regulations apply, or will new policy language be drafted for such coverage? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 22- Morrisons’ and vicarious liability

Thu, 14 Feb 2019 06:00:00 -0000

In this episode, I visit with Jonathan Armstrong on the recent UK court of appeals decision in the Morrisons’ case. This decision stretched the limits of vicarious liability for a corporation to the absolute breaking point and has significant implications in the broader data privacy-data protection space. Jonathan and I go full lawyer-geek to discuss the legal theories, underlying facts and what it all may mean. Some of the issues and highlights are: The case is instructive for how to do (or perhaps not do) regular business under GDPR on data privacy. If a file is too large to email, it presents a higher data protection risk and must be so managed.Should you do risk assessments on individual employees around data privacy-data protection? How can vicarious liability exist for ultra vires conduct by an employee?How do you properly scope an investigation to ascertain an individual’s mindset?A company must require its vendors to exercise appropriate data protection and control. Will Morrisons apply to the UK Supreme Court for relief? For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 21- Cambridge Analytica Subject Access Case

Thu, 31 Jan 2019 06:00:00 -0000

In this episode I visit with Jonathan Armstrong on the recent fine levied by British regulators against the insolvent institution Cambridge Analytica for violations of the British privacy law which was in place before GDPR went live. The case involved Cambridge Analytica denying aggrieved parties subject access requests and associated rights. Some of the issues and highlights are: The case demonstrates how not to interact with regulators as Cambridge Analytica’s pleadings were unnecessarily demeaning. The settlement with the company left open the possibility of criminal charges against individuals.How wide is the jurisdiction of the ICO? This case tested the limits. Always remember data subjects have rights.What are the key takeaways on the case?A vigorous defense of a civil action can lead to higher regulatory fines. What does a corporate regime change mean for regulatory enforcement? For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 20-Google Fined €50 for GDPR Violations

Fri, 25 Jan 2019 06:00:00 -0000

In this episode I visit with Jonathan Armstrong and André Bywater on the recent fine levied by the French Data Privacy regulator CNIL against Google for violations under GDPR. Some of the highlights are: The case is the first major GDPR fine against a US company.It demonstrates the lack of forum shopping available to US companies which are looking for a softer regulatory approach.How did the regulators investigate, review and assess a fine and penalty so quickly as GDPR only came into effect last May?What were the two basis of legal violations under GDPR?What are the key takeaways on the case?How was the quantum amount determined? Is it reasonable? Will Google appeal to the European Court of Justice? For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 15

Thu, 30 Aug 2018 16:00:00 -0000

The Administration’s attacks on allies, perhaps former allies and other in the area of trade and sanctions has not occurred in vacuum. Many other countries and groups such as the EU have retaliated with counter-sanctions. One area that the current administration does not seem to have considered too well is EU data privacy and data protection. In this episode of Life with GDPR we explore this issue in the age of trade policy as conflict.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life with GDPR-Episode 14

Thu, 23 Aug 2018 16:00:00 -0000

The recent case involving the Jehovah's Witnesses and data privacy in the UK raised some very interesting legal issues. It also demonstrated just how broad the reach of GDPR could be. In this podcast Jonathan Armstrong and I unpack the case, detailing the underlying facts, the Court's rationale behind its decision and conclude with some of the implications for not only corporations but also individuals and data privacy practitioners.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDPR: Episode 13

Thu, 09 Aug 2018 16:00:00 -0000

The General Data Protection Regulation (GDPR) which went live on May 25, 2018. What has happened since then in the data privacy and data protection world? In this episode, Jonathan Armstrong, partner at Cordery Compliance and I explore what is going on publicly and what has been going on behind the scenes as well. Armstrong provides his thoughts, reflections and observations on the activity which have and will impact companies and individuals going forward.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life After GDPR: Episode 11

Wed, 27 Jun 2018 23:00:00 -0000

How does a company transfer data from the European Union (EU) to the US under the General Data Protection Regulation (GDPR) which went live on May 25, 2018? I recently had the opportunity to visit Jonathan Armstrong, partner at Cordery Compliance in London and an internationally renowned data privacy/data protection expert on this topic. Armstrong noted there have been some changes which may significantly impact this issue going forward. There are basically four ways to affect such a transfer.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Life With GDRP-Epiosde 10

Thu, 21 Jun 2018 16:00:00 -0000

While most practitioners focused on the heavy fines and penalties available under GDPR of up to 4% of total global revenues or other very large fines, there are other remedies that each EU and UK data regulator can levy or put into place that may require considerable corporate cost and effort.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Countdown to GDPR-Episode 5

Thu, 12 Apr 2018 16:00:00 -0000

In this episode of Countdown to GDPR, Jonathan Armstrong, a partner at Cordery Compliance in London and I consider the roles of vendors in GDPR. These roles are both in complying with GDPR and substantively following the regulation itself. The first area is a vendor which is a subject matter expert in the areas of data protection and data privacy. The second is in managing vendor risk under GDPR.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Countdown to GDPR-Episode 4

Thu, 29 Mar 2018 16:00:00 -0000

In this episode, we take up a key element in the upcoming General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018, that being the issue of the Data Protection Impact Assessment.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Countdown to GDPR-Episode 3

Wed, 07 Mar 2018 17:00:00 -0000

In this episode we explore the basic policies and procedures that you need to have in place to comply with the General Data Protection Regulation or GDPR.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Countdown to GDPR-Episode 2

Wed, 28 Feb 2018 17:00:00 -0000

In today’s episode of Countdown to General Data Protection Regulation (GDRP), Jonathan Armstrong, a partner at Cordery Compliance Ltd in London, and myself consider the role of the Data Protection Officer (DPO) in complying with the new regulations which go live on May 25, 2018.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Countdown to GDPR-Episode 1

Tue, 20 Feb 2018 17:00:00 -0000

Whether you are ready or not, the EU General Data Protection Regulation (GDPR) goes live on May 25, 2018. It will impact companies doing business in London as much as any other EU legislation. To help US companies prepare, Jonathan Armstrong and myself have started a countdown to GDPR podcast. In this premier episode we discuss what is GDPR and why it is so important that you begin preparing now.

Learn more about your ad choices. Visit megaphone.fm/adchoices