Modernising Data Rules for Europe’s AI Future
The Cisco 2026 Data and Privacy Benchmark shows the urgent need to move towards agile data governance to meet the realities of AI and enable businesses to keep pace with rapid technological change.
GDPR
Carlsberg Event Wristband Leaked PII, Researcher Told Not to Disclose
A poorly secured wristband system used at a Carlsberg exhibition allowed access to visitor photos, videos, and full names. Attempts to report the issue were ignored for months.
UK’s ICO Fine LastPass £1.2 Million Over 2022 Security Breach
UK’s ICO fines LastPass £1.2M for the 2022 data breach that exposed 1.6 million users’ data. Learn how a flaw in an employee’s personal PC led to the massive security failure.
What 35 years of privacy law say about the state of data protection
Privacy laws have expanded around the world, and security leaders now work within a crowded field of requirements. New research shows that these laws provide stronger rights and duties, but the protections do not always translate into reductions in har…
The GDPR’s Six Lawful Bases For Processing – With Examples
Under the GDPR (General Data Protection Regulation), a lawful basis must be documented when organisations process personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are ‘legitimate interests’? We answer those questions and others in this blog. What is a lawful basis? According to Article 6 of the GDPR, a lawful basis is necessary whenever organisations process personal data. It outlines six bases that organisations can choose from, depending on the circumstances: 1) If the data subject gives their explicit consent or if the processing is
The post The GDPR’s Six Lawful Bases For Processing – With Examples appeared first on IT Governance Blog.
Thinking Beyond Price: What Tech Teams Should Look for in a Hosting Provider
Discover why reliability, scalability, and local support matter more than cost when choosing Australian web hosting for your tech stack.
European Commission accused of ‘massive rollback’ of digital protections
Proposed changes to AI Act would make it easier for tech firms to use personal data to train models without consentThe European Commission has been accused of “a massive rollback” of the EU’s digital rules after announcing proposals to delay central pa…
5 common GDPR mistakes – and how training can fix them
Most GDPR (General Data Protection Regulation) breaches arise from everyday slip-ups, such as missing DSAR (data subject access request) deadlines, picking the wrong lawful basis for processing, failing to enforce retention periods, keeping inadequate records or misreporting incidents. However, fall short of your compliance obligations – for whatever reason – and you face complaints, investigations, reputational harm, legal action and regulatory enforcement, including fines of up to £17.5 million under the UK GDPR or €20 million under the EU GDPR, or 4% of your annual global turnover – whichever is greater. This blog post sets out five common GDPR compliance
The post 5 common GDPR mistakes – and how training can fix them appeared first on IT Governance Blog.
A Guide to the EU GDPR’s Requirements for an EU Representative
This country’s post-Brexit data protection regime, the UK GDPR (General Data Protection Regulation), requires non-UK organisations that process UK residents’ personal data to appoint a representative in the UK. In the same way, the EU GDPR requires non-EEA organisations that process EU residents’ personal data to appoint a representative in the EU. This blog post explains who this requirement applies to – and what they need to do. Who does the EU GDPR apply to? When it took effect in 2018, the EU GDPR significantly reshaped European data protection law. One of the most notable changes it introduced is its
The post A Guide to the EU GDPR’s Requirements for an EU Representative appeared first on IT Governance Blog.
Who Needs ISO 27001 Foundation Training?
ISO 27001 training isn’t just for auditors or security consultants. Indeed, many roles need baseline knowledge of the Standard. If you help to protect information, support audits or manage suppliers, you will benefit. Foundation training teaches you the structure of an ISMS (information security management system), the core requirements in ISO/IEC 27001:2022 and what the Annex A controls cover in practice. It’s short, accessible and accredited, you can study in person or online, and there’s an exam and a recognised certificate on completion. What the Foundation course covers Outcomes Who needs ISO 27001 Foundation training? 1. IT administrators moving into
The post Who Needs ISO 27001 Foundation Training? appeared first on IT Governance Blog.