Under the UK General Data Protection Regulation (GDPR), the majority of organisations processing personal data are required to create and maintain a formal record of processing activities (ROPA). It is widely regarded as the core data protection compliance document. In this, the first of two blogs on ROPAs, we are going to address two fundamental questions.
PCI DSS v4 – Changes at a Glance After several years wait, and to surprisingly little fanfare, the Payment Card Industry Security Standards Council (PCI SSC) released the new version of the PCI Data Security Standard (DSS) on 31 March 2022. It has been 4 years since the last minor update (v3.2.1) and nearly 9 […]
Responding to Data Subject Access Requests (DSARs) Let’s face it. There is nothing straightforward or simple about responding to a data subject access request (DSAR). The words ‘I want all of my data’ equate to hours of trawling systems, reviewing content, redacting files, and collating information before any disclosure can take place. Dealing with DSARs […]
UK International Data Transfer Agreement On 2 February 2022, the Information Commissioner’s Office (ICO) laid before Parliament changes around restricted international personal data transfers. The international data transfer agreement (IDTA) and the UK Addendum to the current European Commission’s standard contractual clauses (SCCs) are the next steps in providing a transfer tool for complying with […]
PCI SSC Remote Assessment Guidelines and Procedures The PCI SCC has recently released a new remote assessment guidelines and procedures. Here we address a number of key questions: What are the Main Contents? A set of principles and procedures which govern how remote assessments of compliance with PCI SSC standards such as PCI DSS must […]
Cyber Essentials – (FAQs) What is Cyber Essentials? Cyber Essentials is a Government-backed scheme aimed at helping organisations protect themselves against common Internet-based cyber attacks. Certification to Cyber Essentials provides reassurance that your security controls will protect against the vast majority of common cyber attacks, and will act as a significant deterrent to cyber criminals. […]
Data Transfer Risk Assessment In our previous post on the Schrems II judgement, we explored the wider implications for transfering personal data between the EU and the US and the implications for the UK in a post-Brexit world. In this blog, we are focussing on transfer risk assessments (TRAs) and, having provided some of the […]
As more employees settle into the ‘new normal’ of home working, organisations need to be extra vigilant to the increase in cyber and other security-related risks attached to online and remote working. Whilst most home workers can use secure Wi-Fi connections, this is not the case for everyone. Some still need to use unsecured public […]
