GDPR

5 common GDPR mistakes – and how training can fix them

Most GDPR (General Data Protection Regulation) breaches arise from everyday slip-ups, such as missing DSAR (data subject access request) deadlines, picking the wrong lawful basis for processing, failing to enforce retention periods, keeping inadequate records or misreporting incidents. However, fall short of your compliance obligations – for whatever reason – and you face complaints, investigations, reputational harm, legal action and regulatory enforcement, including fines of up to £17.5 million under the UK GDPR or €20 million under the EU GDPR, or 4% of your annual global turnover – whichever is greater. This blog post sets out five common GDPR compliance

The post 5 common GDPR mistakes – and how training can fix them appeared first on IT Governance Blog.

October 6, 2025

0 comment

A Guide to the EU GDPR’s Requirements for an EU Representative

This country’s post-Brexit data protection regime, the UK GDPR (General Data Protection Regulation), requires non-UK organisations that process UK residents’ personal data to appoint a representative in the UK. In the same way, the EU GDPR requires non-EEA organisations that process EU residents’ personal data to appoint a representative in the EU. This blog post explains who this requirement applies to – and what they need to do. Who does the EU GDPR apply to? When it took effect in 2018, the EU GDPR significantly reshaped European data protection law. One of the most notable changes it introduced is its

The post A Guide to the EU GDPR’s Requirements for an EU Representative appeared first on IT Governance Blog.

October 1, 2025

0 comment

Who Needs ISO 27001 Foundation Training?

ISO 27001 training isn’t just for auditors or security consultants. Indeed, many roles need baseline knowledge of the Standard. If you help to protect information, support audits or manage suppliers, you will benefit. Foundation training teaches you the structure of an ISMS (information security management system), the core requirements in ISO/IEC 27001:2022 and what the Annex A controls cover in practice. It’s short, accessible and accredited, you can study in person or online, and there’s an exam and a recognised certificate on completion. What the Foundation course covers Outcomes Who needs ISO 27001 Foundation training? 1. IT administrators moving into

The post Who Needs ISO 27001 Foundation Training? appeared first on IT Governance Blog.

October 1, 2025

0 comment

Human Error and Accidental Data Breaches: Lessons from Recent Cases

According to Verizon’s 2025 DBIR (Data Breach Investigations Report), some 60% of data breaches now involve “the human element” – in other words, errors and non-malicious activity. Failing to use the bcc function when emailing groups of people, accidentally emailing spreadsheets full of unencrypted personal data to entire mailing lists without checking, mistakenly misconfiguring an AWS bucket… each of these simple errors can expose personal information and damage reputations. Recent years have seen several large–scale incidents where accidental disclosure has had significant consequences. These examples show how even organisations with extensive resources and responsibilities can fall victim to basic human

The post Human Error and Accidental Data Breaches: Lessons from Recent Cases appeared first on IT Governance Blog.

October 1, 2025

0 comment

GDPR Foundation vs Awareness Training: which is right for your team?

The GDPR (General Data Protection Regulation) requires organisations that process personal data to ensure staff are appropriately trained. But how do you know which training option you need? Choosing the wrong course inevitably leads to poor outcomes – overspend on certificates some staff don’t need or undertraining of those with real accountability. This guide explains the difference between Certified GDPR Foundation training and GDPR and Data Protection Act 2018 staff awareness e-learning, who each is for and how to choose with confidence. Who each course is for Most organisations need both. Awareness training builds everyday competence across the workforce, whereas

The post GDPR Foundation vs Awareness Training: which is right for your team? appeared first on IT Governance Blog.

September 25, 2025

0 comment

EU Data Act: Streamlined Data Laws Can Help Boost Europe’s AI and Digital Leadership

The EU Data Act introduces new requirements for data sharing. Cisco is ready for these changes, but recommends targeted regulatory simplification for Europe to fully seize the opportunities of data-driven innovation and AI.

September 11, 2025

0 comment

Data Protection Enforcement: Your Cookie Compliance Questions Answered

ICO cookie compliance crackdown Earlier this year, the ICO (Information Commissioner’s Office) announced its intention to tackle cookie compliance across the UK’s top 1,000 websites. We were subsequently contacted by a company that operates one of those websites and which the ICO had contacted about its cookie compliance. The ICO gave the company two weeks’ notice to rectify its cookie compliance before reviewing the site and, if necessary, taking action. So, we performed a cookie compliance assessment on the website to help the company ensure its compliance ahead of the ICO’s review. Our recent webinar Cookie Law in 2025: What

The post Data Protection Enforcement: Your Cookie Compliance Questions Answered appeared first on IT Governance Blog.

August 8, 2025

0 comment

A Guide to TOMs (technical and organisational measures) under the GDPR

The GDPR (General Data Protection Regulation) references “appropriate technical and organisational measures” nearly 100 times – yet it stops short of providing a precise definition of the term. This article examines what TOMs are, how they align with the GDPR’s overall objectives, what kinds of controls they typically involve, and how to ensure they’re “appropriate”. What are technical and organisational measures? The GDPR requires data controllers and processors to implement security controls to safeguard personal data against unauthorised access, alteration or destruction. These safeguards are known collectively as technical and organisational measures, or TOMs. TOMs are controls that reduce the

The post A Guide to TOMs (technical and organisational measures) under the GDPR appeared first on IT Governance Blog.

August 6, 2025

0 comment

Navigating Cybersecurity Risks in Crypto-Backed Lending

As crypto-backed lending gathers momentum among institutions and everyday users, cybersecurity shadows every new transaction. Billions in digital…

August 5, 2025

0 comment

The Six Data Processing Principles of the UK GDPR Explained

Article 5 of the UK GDPR (General Data Protection Regulation) sets out six key data processing principles – sometimes informally referred to as data protection principles. These underpin all personal data processing and serve as a practical framework for ensuring compliance. This blog post outlines each of the six principles, explains how they apply in practice and offers guidance on how to demonstrate compliance. What are the GDPR data processing principles? Lawfulness, fairness and transparency Organisations must process personal data in a way that is: These obligations require you to think about how you collect data, what individuals are told

The post The Six Data Processing Principles of the UK GDPR Explained appeared first on IT Governance Blog.

August 1, 2025

0 comment

1 2 3 … 7

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

MCYSEKA-Maritime Cyber Security Knowledge Archive

Global Cyber Security Educational Info Links – real-time news aggregation

GDPR