ISO 27701 privacy information management The need for guidance on how organisations should best to protect privacy and manage personal information has never been more pertinent. Fortunately, guidance has now arrived in the form of ISO/IEC 27701:2019 (ISO 27701*), a new International Standard, which sets out how organisations should manage personal information and demonstrate compliance […]
In December 2019, the European Data Protection Board (EDPB) approved new ‘template’ contract clauses for use by data controllers and processors. Proposed by Denmark and just approved by the EDPB, the UK’S Information Commissioner’s Office (ICO) has included references to these contract clauses in its UK guidance which can be found here. The clauses address […]
Subject to approval from the European Parliament, the UK will formally leave the EU on 31 January with a withdrawal deal and will enter a transition period until 31 December 2020. With this in mind, where does that leave the UK from a data protection perspective and what steps, if any, do organisations need to […]
Just before Christmas on 20 December 2019, the Information Commissioner’s Office (ICO) announced that it will be working with the UK Accreditation Service (UKAS) to deliver its GDPR-approved certification schemes. The short announcement can be found here. Whilst, as yet, there is no detail on what the schemes will entail, it is hoped that UKAS and […]
When Windows 7 was released on 22 October 2009, Microsoft committed to support this operating system for 10 years. The decade of support ends today and, as a result, Microsoft will no longer issue software updates via Window Update. Naturally, Microsoft has been urging Windows 7 users to upgrade their operating systems (OS) to […]
This week’s blog looks at software asset management (SAM). URM has been involved in delivering classroom-based training on SAM for 14 years and with a new syllabus being released by the BCS reflecting current challenges and disciplines, we thought it was the ideal time to provide our perspective on SAM. In particular, we want to […]
So, the new year had barely begun, when news of another ransomware attack broke (https://www.bbc.com/news/technology-50972890). This time, a US military base was compromised but there was a very familiar storyline with officials reporting that they believed the ransomware was sent in a malicious email link, clicked by an employee. For those of you who are not familiar with this specific type of malicious software, […]
This week’s blog takes a look at data protection officers (DPOs) and considers when to look in-house and when a virtual, external resource or hybrid resource may be a better option. So, let’s start by considering the requirement for a DPO. Under Article 37 of the General Data Protection Regulation (GDPR), certain organisations are required […]