UK’s ICO Fine LastPass £1.2 Million Over 2022 Security Breach
UK’s ICO fines LastPass £1.2M for the 2022 data breach that exposed 1.6 million users’ data. Learn how a flaw in an employee’s personal PC led to the massive security failure.
GDPR
What 35 years of privacy law say about the state of data protection
Privacy laws have expanded around the world, and security leaders now work within a crowded field of requirements. New research shows that these laws provide stronger rights and duties, but the protections do not always translate into reductions in har…
The GDPR’s Six Lawful Bases For Processing – With Examples
Under the GDPR (General Data Protection Regulation), a lawful basis must be documented when organisations process personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are ‘legitimate interests’? We answer those questions and others in this blog. What is a lawful basis? According to Article 6 of the GDPR, a lawful basis is necessary whenever organisations process personal data. It outlines six bases that organisations can choose from, depending on the circumstances: 1) If the data subject gives their explicit consent or if the processing is
The post The GDPR’s Six Lawful Bases For Processing – With Examples appeared first on IT Governance Blog.
Thinking Beyond Price: What Tech Teams Should Look for in a Hosting Provider
Discover why reliability, scalability, and local support matter more than cost when choosing Australian web hosting for your tech stack.
European Commission accused of ‘massive rollback’ of digital protections
Proposed changes to AI Act would make it easier for tech firms to use personal data to train models without consentThe European Commission has been accused of “a massive rollback” of the EU’s digital rules after announcing proposals to delay central pa…
5 common GDPR mistakes – and how training can fix them
Most GDPR (General Data Protection Regulation) breaches arise from everyday slip-ups, such as missing DSAR (data subject access request) deadlines, picking the wrong lawful basis for processing, failing to enforce retention periods, keeping inadequate records or misreporting incidents. However, fall short of your compliance obligations – for whatever reason – and you face complaints, investigations, reputational harm, legal action and regulatory enforcement, including fines of up to £17.5 million under the UK GDPR or €20 million under the EU GDPR, or 4% of your annual global turnover – whichever is greater. This blog post sets out five common GDPR compliance
The post 5 common GDPR mistakes – and how training can fix them appeared first on IT Governance Blog.
A Guide to the EU GDPR’s Requirements for an EU Representative
This country’s post-Brexit data protection regime, the UK GDPR (General Data Protection Regulation), requires non-UK organisations that process UK residents’ personal data to appoint a representative in the UK. In the same way, the EU GDPR requires non-EEA organisations that process EU residents’ personal data to appoint a representative in the EU. This blog post explains who this requirement applies to – and what they need to do. Who does the EU GDPR apply to? When it took effect in 2018, the EU GDPR significantly reshaped European data protection law. One of the most notable changes it introduced is its
The post A Guide to the EU GDPR’s Requirements for an EU Representative appeared first on IT Governance Blog.
Who Needs ISO 27001 Foundation Training?
ISO 27001 training isn’t just for auditors or security consultants. Indeed, many roles need baseline knowledge of the Standard. If you help to protect information, support audits or manage suppliers, you will benefit. Foundation training teaches you the structure of an ISMS (information security management system), the core requirements in ISO/IEC 27001:2022 and what the Annex A controls cover in practice. It’s short, accessible and accredited, you can study in person or online, and there’s an exam and a recognised certificate on completion. What the Foundation course covers Outcomes Who needs ISO 27001 Foundation training? 1. IT administrators moving into
The post Who Needs ISO 27001 Foundation Training? appeared first on IT Governance Blog.
Human Error and Accidental Data Breaches: Lessons from Recent Cases
According to Verizon’s 2025 DBIR (Data Breach Investigations Report), some 60% of data breaches now involve “the human element” – in other words, errors and non-malicious activity. Failing to use the bcc function when emailing groups of people, accidentally emailing spreadsheets full of unencrypted personal data to entire mailing lists without checking, mistakenly misconfiguring an AWS bucket… each of these simple errors can expose personal information and damage reputations. Recent years have seen several large–scale incidents where accidental disclosure has had significant consequences. These examples show how even organisations with extensive resources and responsibilities can fall victim to basic human
The post Human Error and Accidental Data Breaches: Lessons from Recent Cases appeared first on IT Governance Blog.
GDPR Foundation vs Awareness Training: which is right for your team?
The GDPR (General Data Protection Regulation) requires organisations that process personal data to ensure staff are appropriately trained. But how do you know which training option you need? Choosing the wrong course inevitably leads to poor outcomes – overspend on certificates some staff don’t need or undertraining of those with real accountability. This guide explains the difference between Certified GDPR Foundation training and GDPR and Data Protection Act 2018 staff awareness e-learning, who each is for and how to choose with confidence. Who each course is for Most organisations need both. Awareness training builds everyday competence across the workforce, whereas
The post GDPR Foundation vs Awareness Training: which is right for your team? appeared first on IT Governance Blog.