This new 5 part series covers all aspects of data security for businesses where we discuss:  Ep 1: Strategy; Ep 2: Cloud Controls; Ep 3: People Risk; Ep 4: Using Tools you (already) have and Ep 5: Pulling IT security together in a coherent way.  The episodes feature Stuart and Darron from ProvisionIT who provide an invaluable range of tips and suggestions for setting up and maintaining data security in your organisation. 

We also provide a link to access a number of useful procedural templates to get you started!

Enjoy!!

Karen
Karen Heaton (Host)
Data Protection 4 Business

This new 5 part series covers all aspects of data security for businesses where we discuss:  Ep 1: Strategy; Ep 2: Cloud Controls; Ep 3: People Risk; Ep 4: Using Tools you (already) have and Ep 5: Pulling IT together in a coherent way.  The episodes feature Stuart and Darron from ProvisionIT who provide an invaluable range of tips and suggestions for setting up and maintaining data security in your organisation. 

Enjoy!!

Karen
Karen Heaton (Host)
Data Protection 4 Business

This new 5 part series covers all aspects of data security for businesses where we discuss:  Ep 1: Strategy; Ep 2: Cloud Controls; Ep 3: People Risk; Ep 4: Using Tools you (already) have and Ep 5: Pulling IT together in a coherent way.  The episodes feature Stuart and Darron from ProvisionIT who provide an invaluable range of tips and suggestions for setting up and maintaining data security in your organisation. 

Enjoy!!

Karen
Karen Heaton (Host)
Data Protection 4 Business

This new 5 part series covers all aspects of data security for businesses where we discuss:  Ep 1: Strategy; Ep 2: Cloud Controls; Ep 3: People Risk; Ep 4: Using Tools you (already) have and Ep 5: Pulling IT together in a coherent way.  The episodes feature Stuart and Darron from ProvisionIT who provide an invaluable range of tips and suggestions for setting up and maintaining data security in your organisation. 

Enjoy!!

Karen
Karen Heaton (Host)
Data Protection 4 Business

This new 5 part series covers all aspects of data security for businesses where we discuss:  Ep 1: Strategy; Ep 2: Cloud Controls; Ep 3: People Risk; Ep 4: Using Tools you (already) have and Ep 5: Pulling IT together in a coherent way.  The episodes feature Stuart and Darron from ProvisionIT who provide an invaluable range of tips and suggestions for setting up and maintaining data security in your organisation. 

Enjoy!!

Karen
Karen Heaton (Host)
Data Protection 4 Business

Andrew brings us up to date on the current cyber security issues affecting businesses and offers a range of easy to action steps businesses can take to protect their systems and data. He reminds us that the basic security steps, done well, can go a long way to preventing security issues. 

As always, we present affordable solutions that can be used for SME's and individuals as well as large organisations.

GDPR Now! Is brought to you by Data Protection 4 Business
**www.dpo4business.co.uk**

**Guest**
Andrew Alston
Founding Director
Breach Aware
Andrew@BITs.Company

In today's world of content creation, sharing, posting and blogging, it is more important than ever to be able to protect and control your online content. Whether you are a musician, artist, parent, small business or large organisation, your digital content is who you are as an individual, family, group or company.

This episode is a fantastic insight into the world of managing and controlling your online content with our guest, Adam Rumanek, Founder and CEO of Aux Mode, global specialists in digital rights management and revenue reporting.

We discuss: digital rights management - what is it? - how can you protect your online content; video privacy protection; audio privacy protection and understanding your rights on YouTube. Anyone with an online presence will learn from listening to this episode, so we are grateful to Adam for his advice.

Guest
Adam Rumanek, CEO
Aux Mode
https://auxmode.com/about-us or contact Adam Rumanek on adamr@auxmode.com

GDPR Now! Is brought to you by Data Protection 4 Business
www.dpo4business.co.uk

Special Guest: Adam Rumanek.

Our special guest, Tony Allen CEO of The Age Check Certification Scheme (ACCS) talks about the scope and applicability of the certification schemes and what technology companies need to consider. Tony also explains more about the ACCS which is a UKAS-accredited conformity assessment body, comprised of auditors, certification specialists, and data protection experts and how they independently test and certify online and offline systems that check age and identity, such as passport scanners, biometric technology, and age verification software.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk

Guest
Tony Allen
CEO of The Age Check Certification Scheme

Contact Tony Allen on:
Email: tony.allen@accscheme.com
Twitter: @agecheckcert
Linkedin: Tony Allen | LinkedIn

Special Guest: Tony Allen.

Our special guest is Ayisha Piotti, Co-Founder & Managing Partner of RegHorizons, a business decidated to helping build trust in emerging technologies through promoting policy solutions and by facilitating dialogue be-tween governments, academia, businesses and civil society.

To learn about the work that RegHorizon do, check out this link to their latest AI Policy event https://reghorizon.com/events/

GDPR Now! Is brought to you by Data Protection 4 Business.
www.dpo4business.co.uk

Guest
Ayisha Piotti

Contact Ayisha Piotti on:
Email: Ayisha.piotti@reghorizon.com
Twitter: @PiottiAyisha

Special Guest: Ayisha Piotti.

Our special guests, Khalid Maliki and Jimmy Snoek talk about decentralised identity, also known as Self Sovereign Identity (SSI), how it can be implemented, the benefits and in particular, how they created the awarding winning digital ID company Tykn. We talk about the growth of SSI and how they believe it will positively impact billions of peoples lives.

As we enter what is arguably, the start of our journey into a new era of digital innovation with huge benefits to individuals and businesses, we are excited to follow developments around the growth of digitial ID solutions such as decentralised identity.

GDPR Now! Is brought to you by Data Protection 4 Business
www.dpo4business.co.uk

Guest
Khalid Maliki & Jimmy Snoek
Co-Founders of Tykn

Contact Khalid on:
Email: khalid@tykn.tech
Twitter: @Khalidworks

Contact Jimmy on:
Email: jimmy@tykn.tech
Twitter: @idforgood

Website: https://tykn.tech/

Special Guests: Jimmy Snoek and Khalid Maliki.

Our special guest, Ben Malisow, is our 'privacy provocateur' on our show and talks about why he believes we are living an 'illusion of privacy'.

Ben has over 30 years experience in information security and education and is currently a professional certification training lead for SGS Cybersecurity Services, a multinational corporation involved in a wide range of product and process certification/validation.

Some of Ben’s roles have also included professor of English, a computer teacher for troubled teens as well as his extensive experience working with clients such as FedEx, US Special Forces Command, the United Nations, HSBC, and Barclays.

Ben is the author of ''Exposed: How Revealing Your Data and Eliminating Privacy Increases Trust and Liberates Humanity.''

GDPR Now! Is brought to you by Data Protection 4 Business.
www.dpo4business.co.uk

Guest
Ben Malisow
Professional Certification Training Lead for SGS
Website: https://www.securityzed.com/
Twitter: https://twitter.com/BenMalisow
LinkedIn: https://www.linkedin.com/in/malisow

Special Guest: Ben Malisow.

Our special guest, James Monaghan, talks about how Evernym provides solutions in the area of SSI for businesses today. We talk about what SSI means, how it works, the benefits for individuals and businesses and importantly, examples of how it is being used to great effect today.

For any businesses interested in learning more about how they could benefit from building an SSI or decentralised identity solution, please contact James directly.

As we enter what is arguably, the start of our journey into a new era of digital innovation with huge benefits to individuals and businesses, we are excited to follow developments around the growth of Self Soverign Identity.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk

Guest
James Monaghan
Vice President of Product Management at Evernym.

Contact James on:
Email: james.monaghan@evernym.com
Twitter: @james_monaghan
https://www.linkedin.com/in/jamesmonaghan/

World Web Consortium (W3C) specifications for existing SSI solutions:

• Decentralised Identifiers https://www.w3.org/TR/did-core/
• Verifiable Credentials https://www.w3.org/TR/vc-data-model/
• Simple explainer about how this all works https://www.evernym.com/blog/gentle-introduction-verifiable-credentials/

Relevant industry bodies include:

• The Decentralised Identity Foundation https://identity.foundation/
• Trust over IP Foundation https://trustoverip.org/
• Good Health Pass Collaborative https://www.goodhealthpass.org/

Special Guest: James Monaghan.

Our special guest, Ben, talks about the global context of regulations around AI and the complexity of the parallel 'race to AI' and 'race to regulation' . In particular we look at the proposed Artificial Intelligence Act from the European Union and consider the impact on innovation.

We explore what businesses and DPOs need to consider when building, using or deploying Machine learning or Artificial Intelligence systems.

As we enter what is arguably, the start of our journey into a new era of innovation with huge benefits to humankind, this podcast will follow developments in and around the regulation of future Artificial Intelligence and Machine Learning.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk

Guest
Benjamin Mueller
Ben is a senior policy analyst at the Center for Data Innovation, focusing on AI and technology governance.

Read Ben's note on: AI Act Explainer is here: https://datainnovation.org/2021/05/the-artificial-intelligence-act-a-quick-explainer/

Special Guest: Benjamin Mueller.

As we did in Episodes 24 & 25, we look at the significant practical, technical and privacy issues surrounding how nation states and governments want to use technology to prove human beings can travel internationally, cross borders in the EU and get access to domestic venues, events, retail outlets and much more besides. Arguably a more complex problem to solve than tracking and tracing individuals.

We consider the lack of effectiveness of the Track and Trace apps in the UK & EU and wonder how acceptable solutions can be found for Vaccine Passports and Certificates - a wider problem involving citizens, businesses, medical records and often new and emerging technology.

Again, we find ourselves asking the same question: how do we find a rapid and effective way to discuss and agree the extended use of our data to manage this pandemic and halt the damage from lockdowns? We urgently need a forum to be able to have these discussions. As Privacy, Legal and Techology professionals we must contribute to solutions to help support governments to enable better pandemic management.

There are far more questions than answers, so this episode will be the start of our journey to keep up to date with developments.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guests
Roger Marlow
Roger has worked in software for over 30 years with experience in building software for the finance, retail, automative and government sectors. He has been involved in the creation of several companies including a healthcare technology company that works for the NHS.

Special Guest: Roger Marlow.

But how workable are they for businesses in practise??

Join me, Karen Heaton and guest Mark Sherwood-Edwards, lawyer, data protection specialist and founder of Clearview Legal to discuss the latest pronouncements from the EC, on a revision of the Standard Contractual Clauses, Safeguards for transfers to the US (and other third countries) and of course, the impact of Brexit and what this will mean if the EC does not grant adequacy status to the UK.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest
Mark Sherwood-Edwards
Founder
www.clearviewlegal.co.uk

Check out some great resources:
FieldFisher Lawyer - Phil Lee on the revised SCCs
https://www.fieldfisher.com/en/services/privacy-security-and-information/privacy-security-and-information-law-blog/first-impressions-new-eu-standard-contractual-clauses

Tools to help with assessing data transfers
Proteus-Cyber
https://proteuscyber.com/Schrems-II-Automatic-SCC-contracts

Special Guest: Mark Sherwood-Edwards.

We discuss the take up of Track and Trace apps in the EU and find it is mostly 30% of the population and lower. Data privacy when using apps has been protected due to EU GDPR, however, other basic freedoms have been taken from us and our way of life severely impacted over the course of 2020. Track and trace apps have not had the hoped-for beneficial impact in the EU. Had we taken a different approach to using more data and made the apps mandatory, could the outcomes have been different?

What does this mean in practise for track and trace apps as future solutions to help governments manage pandemics? Compare and contrast to other Asian countries.

If 70 - 80% app usage is realistically needed to be effective, then why did we not make track and trace apps mandatory? What are we to learn from countries in Asia?

How do we find a rapid and effective way to discuss and agree the extended use of our data to improve outcomes, rapidly, either during pandemics or outside of them? As Privacy, Legal and Tech professionals we must continue this conversation and find a framework for agreeing the greater use of data in a mandatory way to support better pandemic and health outcomes.

The economic costs of lockdowns are extremely high and have a direct effect on a nation's ability to provide future healthcare. Our short term fix to today's problem could cause many more problems for the future.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guests
Roger Marlow
Roger has worked in software for over 30 years with experience in building software for the finance, retail, automative and government sectors. He has been involved in the creation of several companies including a healthcare technology company that works for the NHS.

Guests
Mark Sherwood-Edwards
Mark helps CEOs negotiate smarter, more profitable, contracts. During his time spent working in law firms and also as in-house counsel he specialised in contracts as well as sales-contracting transformation, in organisations across the fintech, adtech, tech and outsourcing sectors.

Founder
Clearview Legal
https://clearviewlegal.co.uk/

Special Guests: Mark Sherwood-Edwards and Roger Marlow.

In our discussion we first talk about the NHS Track and Trace app and ask "how did we get here?" with app #2 being released five months after app #1.

We then explore whether track and trace apps are prevented from being successful due to privacy and practicality issues and whether this is a worldwide problem.

During our discussion, I recommend a very important film "The Social Dilemma" which is available on Netflix. This is an must-watch film for everyone, especially parents with teenagers, pre-teens and young adults.

Given some of the important issues raised in this episode, we will be recording Part 2, where we bring in a panel of specialists to start the discussions on how to address the practicality and privacy issues which can prevent track and trace apps from being effective during a pandemic.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest
This episode features a software professional with 30 years experience in software projects across a multitude of industries including retail, banking, defence and automotive and for the last 10 years, the NHS. David founded a successful IT company which provides services to the NHS and writes for https://lockdownsceptics.org/ a blog founded by Toby Young, where a range of pandemic related data is analysed and presented.

The decision by the ECJ on 16th July 2020, to invalidate the EU - US Privacy Shield has sent shockwaves across organisations in the EU and US.

We are joined by fellow host, Mark Sherwood-Edwards, lawyer, data protection specialist and founder of ThisisDPO. Mark has read the judgement and is going to talk to us today about what it means for data protection, for businesses and for DPO’s.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest
Mark Sherwood-Edwards
Founder
ThisisDPO
www.thisisdpo.co.uk

In this episode we are delighted to have Andrew Alston, founding director at Breach Aware and Business intelligence Theoroms.

Andrew talks to us about Breach Aware which is a data breach monitoring and reporting application designed to help organisations detect and prevent crime, as part of their system of risk management. The solution can be used for SME's and individuals as well as large organisations. Andrew and his team pride themselves in offering this solution at affordable rates for SME's.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest
Andrew Alston
Founding Director
Breach Aware
Andrew@BITs.Company

Special Guest: Andrew Alston.

In this episode, we are going discuss personal data in detail and explore the question of: whose data is it anyway? And what are we prepared to tolerate regarding track and trace programmes as governments around the world implement track and track apps. To discuss this we are delighted to have Phil Brown, The Norfolk Data Protection Mardler, who advices clients in Norfolk on data protection.

_Please note: Phil makes reference to the need for self reporting but would like to clarify that in the NHS Test and Trace scheme, an NHS Tracker will only contact individuals who have tested positive for Covid19. Whether someone should be tested at all is heavily dependent on self reporting. Furthermore, responses to a possible request to us to identify those with whom we may have had recent close contact is based on our ‘civic duty’ rather than a legal requirement - so it’s very much down to our willingness or judgment to do so.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest/s
Phil Brown
Data Protection Consultant
pa@datamardler.co.uk

Phil is an independent data protection consultant based in North Norfolk and has provided data protection advice and support to a wide variety of industries across Norfolk and beyond, mostly to small businesses. Prior to that, Phil had a 20 year career as a military communications officer which was then followed by 12 years in the world of mobile phone standardisation, mostly consulting for a Japanese mobile phone operator.

During the latter phase, he chaired an international working group that developed mobile phone conformance tests and also chaired the Global Certification Forum when is became a legal entity in 2008. Such work has seen him travel widely and has, at various times, studied French, German, Japanese and Mandarin Chinese none of which prepared him for life in Norfolk when he moved there in 2016!

He has a Masters degree in Design of Information Systems and his currently trading as Norfolk’s Data Protection Mardler.

Special Guest: Phil Brown.

In this episode, we start our series of discussions on track and trace apps from around the world.

Today, we are are discovering how track and trace is being managed in Australia. To discuss this with us, we are delighted to have Katherine Sainty and Belyndy Rowe from Sainty Law, a boutique law firm specialising in privacy, big data, technology & cybersecurity in Sydney. Katherine and Belyndy are going to talk to us about what is happening in Australia.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest/s
Katherine Sainty
Director
Katherine is the founder and team leader at Sainty Law. Katherine is a corporate and commercial lawyer who specialises in digital, technology and media law.
http://www.saintylaw.com.au/

Belyndy Rowe
Senior Associate
Belyndy advises commercial and creative industry clients in commercial transactions, intellectual property and technology law.
Email: belyndy.rowe@saintylaw.com.au
http://www.saintylaw.com.au/

Special Guests: Belyndy Rowe and Katherine Sainty.

gdpr, privacy, data security, cyber crime, data protection, SME
In this episode, we are going to talk about the exponential rise of cyber crime as a business, the need to understand the risks and the security challenges for SME's. This episode is part of our series of updated podcasts addressing security & privacy concerns resulting from the coronavirus pandemic and the shift in working practises for millions of businesses across the UK and the world.

We are delighted to have Zohar Rozenberg (Col. Ret.) who is the Chief Security Officer at Elron, a leading Israeli holding company dedicated to building technology companies.

Aside from an impressive career in Israeli defence and cyber security, Zohar has written a number of recent articles on cyber issues:

https://www.cisomag.com/cyber-startup-hub-in-israel-declines-as-global-competition-rises-elron-vp/
https://www.theepochtimes.com/coronavirus-hackers-try-to-take-advantage-of-people-working-from-home_3275525.html
https://siliconangle.com/2020/03/13/coronavirus-offers-golden-opportunity-evolve-security-architecture/
https://www.jpost.com/middle-east/cyber-attacks-new-maritime-threat-warns-former-idf-cyber-head-599165
https://www.helpnetsecurity.com/2020/03/11/coronavirus-evolve-security-architecture/

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest/s
Zohar Rosenberg
Chief Security Officer & Board Member
Elron Electronic Industries (TASE: ELRN)
www.elron.com
adir@davidmalits.com

Special Guest: Zohar Rosenberg.

We continue our series of podcasts addressing concerns resulting from the coronavirus pandemic, such as increases in data breaches arising from IT security issues and the increased risks resulting from the huge shift to remote working for 100,000s businesses across the UK and the world.

In the studio today we are delighted to have Kingsley Hayes, Managing Director of Hayes Connor Solicitors based in Widnes, Cheshire. In this second episode, we are going to talk about Group Action lawsuits, what they are, how they operate and the British Airways case. For anyone who wants to join the BA data breach action if they have been affected - the link is here.

If you missed it, Kingsley and I discussed COVID19 and the impact on Data Protection in Episode 17.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest/s
Kingsley Hayes
Managing Director
Hayes Connor Solicitors
www.hayesconnor.co.uk
@HayesConnorSol
0330 107 5165

Special Guest: Kingsley Hayes.

Regular listeners will have already heard our episodes on what DPOs need to know about cyber security, for those that missed them, they are episodes 7 & 15. Today, we start a series of podcasts addressing concerns resulting from the coronavirus pandemic and the shift in working practises for 100,000s businesses across the UK and the world.

In the studio today we are delighted to have Kingsley Hayes, Managing Director of Hayes Connor Solicitors based in Widnes, Cheshire. In this first of two episodes, we are going to talk about Covid 19 and the impact on data protection.

In our second episode, Kingsley and I will be discussing data breach Group Action law suits in general, and the BA action in particular. We cover the reputational and financial risks businesses need to be aware of when Group Actions, are filed as a result of data breaches.

GDPR Now! Is brought to you by Data Protection 4 Business & This Is DPO.
www.dpo4business.co.uk
www.thisisdpo.co.uk.

Guest/s
Kingsley Hayes
Managing Director
Hayes Connor Solicitors
www.hayesconnor.co.uk
@HayesConnorSol
0330 107 5165

Host
Karen Heaton
info@dpo4business.co.uk
www.dpo4business.co.uk

This podcast is brought to you by thisisdpo.co.uk and Data Protection 4 Business. For more information, go to thisisdpo.co.uk or dpo4business.co.uk.

All suggestions for topics, improvement etc are gratefully received or if you want to appear on the podcast, please contact us at info@dpo4business.co.uk.

Special Guest: Kingsley Hayes.

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest/s
Abigail Dubiniecki
Data Protection Specialist
My Inhouse Lawyer
https://www.linkedin.com/in/abigaild/

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Materials
Competition and Markets Authority (UK competition regulator) report on digital advertising
https://www.gov.uk/government/news/cma-lifts-the-lid-on-digital-giants

Links to PETs
(Privacy Enhancing Tech) and resources mentioned in the podcast (and more!)
Disclaimer – not endorsing any PET in particular, just sharing info.

Want a pretty version or more explanation? Check out my LinkedIn profile for a Slideshare of a presentation and handy Infographic – available next week. Let’s help build this list.

Which PETs are you using or curious to try? If they’re not here, let Abigail know via contact details in the show notes so I can update my list.

Inform yourself, update software, adjust privacy settings, use 2FA!

Privacy Analyzer
(https://privacy.net/analyzer): Analyses your browser to reveal what can be learned about you and recommend actions you can take

DuckDuckGo Device Privacy Tips
https://spreadprivacy.com/tag/device-privacy-tips/
‘Learn’ tab in the DisconnectMe Privacy Pro VPN (iOS only) – ‘learn’ materials available without paying. Just download the app and click!: https://apps.apple.com/us/app/disconnect-privacy-pro-entire/id1057771839?ls=1

Consumer Reports articles & videos with quick-fixes in bite-sized pieces: https://www.consumerreports.org/privacy/linkedin-privacy-settings/
www.consumerreports.org/video/view/electronics/news/6050416388001/protecting-your-online-privacy/

Terms of Service, Didn’t Read (TOSDR https://tosdr.org/): one-stop shop for digested Ts & Cs of most popular online providers, including score cards. Brilliant browser add-on offers automatic assessment of pages you access. Addresses privacy notices & terms e.g. cancellation, etc.

Ghostery
(www.ghostery.com) lets you block ads and trackers, watch the watchers, and speed up your browser with a suite of products, some of which are free, others reasonably privacy. A new product – Ghostery Midnight (www.ghostery.com/midnight) – claims to protect your entire device while giving granular preference management at the app-by app level. Sounds like having your own personal privacy watchdog on your device. Extension is free!! But some of the other products are paid.

Baycloud (https://baycloud.com) was one of the early champions of privtech, starting in the DNT space. They offer B2C and B2B resources. Baycloud Bouncer let reveals who’s tracking you and gives you a handy dashboard to adjust your preferences (https://baycloud.com/bouncer). You can also pre-scan websites you’d like to visit from the comfort of Baycloud’s site. Try before you buy (so to speak, with your data I mean). Free!!

Have I been pwned?(https://haveibeenpwned.com) will help you check whether your account or credentials has been compromised based on research into the (sigh) multitudinous data breaches. Free!!

DuckDuckGo privacy report card for websites (https://duckduckgo.com/app): instantly evaluates and remediates websites you visit to give you a before and after score. Browser add-on for various browser types on desktop but only available for iOS on mobile. Free!!

Deseat.Me (www.deseat.me) : Helps you clean up your online presence by instantly getting a list of all your accounts, allowing you to sort through and delete them / unsubscribe.

Personal Data.io: A self-named “integrated toolbox addressing surveillance capitalism”. This advocacy group goes beyond providing tools for e.g. filing DSARs, there is a forum (https://forum.personaldata.io) and a number of chat groups for trouble-shooting, contributing, advocacy and knowledge-exchange) You can share your experience or tap into people’s expertise, commiserate or find journalists to raise awareness about your experience or discoveries. This is the group that helped journalist Judith Duportail, who was researching dating apps, learn that Tinder had over 800 (disturbing) pages of data on her. Worth a read here: https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold

My Permissions(https://mypermissions.com): app that does a privacy scan (Privacy Cleaner) of your social media / collaboration apps to help you identify who can access your data. It identifies your current permissions and let’s you quickly and efficiently manage them all from one place. A small fee required to manage permissions, but there is a free tier.

Princeton IoT Inspector (https://iot-inspector.princeton.edu/) let’s you watch your smart devices back. Automatically discovers IoT devices and analyzes their network traffic to identify security and privacy issues. Currently only available on MacOS High Sierra or Mojave (waitlist for Windows, Linus and MacOS Catalina).

PiHole for Raspberry Pi (https://pi-hole.net): Protect your entire network from ads and targeting. Block in-app and SmartTV ads. Free!! but powered by donations. You need a supported OS and hardware (Raspberry Pi).

Strong Passwords: NCSC ‘3 random words’ guidance:

https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/use-a-strong-and-separate-password-for-email.

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest/s
Andy Larkum
CEO of ADL Consulting
https://adlconsulting.co.uk
andy@adlconsulting.co.uk

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Materials
You can try ADL Consulting’s "Introduction to Cyber Security" module for free here:
https://adlconsulting.teachable.com/p/an-introduction-to-cyber-security

From previous episode on cyber security
Cyber Essentials self-assessment questionnaire:
https://adlconsulting.co.uk/getting-help-cyber-essentials - see heading "What's Involved"

ISO 27001
https://adlconsulting.co.uk/iso27001-consultancy

Training:
https://adlconsulting.co.uk/staff-training
https://adlconsulting.teachable.com

Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk

Special Guest: Andy Larkum.

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest
Sam Bouso, Founder and CEO of Precognitive Inc.,
sbouso@precognitive.io
https://precognitive.com/

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Materials

Recommended By Sam Bouso
Article
“Privacy By Design Is Important For Every Area Of Your Business” is a good general intro

Book
“The Ultimate GDPR Practitioner Guide: Demystifying Privacy & Data Protection”
Especially Chapter 11 which has solid examples and areas of focus for those trying to implement PbD.

Ann Cavoukian’s 7 principles of PbD

Proactive not reactive; preventive not remedial
The privacy by design approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. Privacy by design does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent them from occurring. In short, privacy by design comes before-the-fact, not after.

Privacy as the default
Privacy by design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system, by default.

Privacy embedded into design
Privacy by design is embedded into the design and architecture of IT systems as well as business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system without diminishing functionality.

Full functionality – positive-sum, not zero-sum
Privacy by design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by design avoids the pretense of false dichotomies, such as privacy versus security, demonstrating that it is possible to have both.

End-to-end security – full lifecycle protection
Privacy by design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved — strong security measures are essential to privacy, from start to finish. This ensures that all data are securely retained, and then securely destroyed at the end of the process, in a timely fashion. Thus, privacy by design ensures cradle-to-grave, secure lifecycle management of information, end-to-end.

Visibility and transparency – keep it open
Privacy by design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify.

Respect for user privacy – keep it user-centric
Above all, privacy by design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric.

See also:
https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf

https://iapp.org/resources/article/privacy-by-design-the-7-foundational-principles/

Looking for something long and technical?
"Privacy and Data Protection by Design – from policy to engineering". ENISA

Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk

Special Guest: Sam Bouso.

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest
James Leaton Gray, Director of The Privacy Practice.
http://www.privacypractice.co.uk/
Email: jlg@leatongray.com
Telephone: +44 7740 818036

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Materials
None relevant

Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk

Special Guest: James Leaton Gray.

At the time this podcast was recorded, a hard Brexit is scheduled for October 31st

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest
Oana Dolea
GDPR Practice Lead, D2 Legal Technology
Email: oana.dolea@d2legaltech.com
Website: www.d2legaltech.com

D2 Legal Technology LLP
Level 39
One Canada Square
London E14 5AB
Telephone: +44 737 747 2019

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Materials

The Data Protection Implications of a 'No-Deal Brexit', Douwe Korff
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3441617

EDPB Information note on data transfers under the GDPR in the
event of a no-deal Brexit
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb-2019-02-12-infonote-nodeal-brexit_en.pdf

EDPB view on Article 49 derogations
https://edpb.europa.eu/our-work-tools/our-documents/nasoki/guidelines-22018-derogations-article-49-under-regulation-2016679_en

Questions, ideas, appearing
Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk

Special Guest: Oana Dolea.

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest
Karen Heaton
Director, Data Protection 4 Business
karen.heaton@dpo4business.co.uk
www.dpo4business.co.uk

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Corrections & Clarifications

Cookie Control from Civic UK:
-Cookie Control supports an unlimited number of categories. The categories can be updated/added at any point.
-Cookie Control allows the user to define the time period that the consent is valid for. Also Cookie Control can be configured to request user consent if there is a change in the privacy policy of the website.
-All Cookie Control Licences have no page limits including the free one. The Pro version simply offers more features like unlimited subdomains geolocation, multilingual support, integration with IAB and branding.
-All licence costs are annual.

Materials
If you would like copies of the completed questionnaires, please email your requests to:
karen.heaton@dpo4business.co.uk
or
info@thisisdpo.co.uk

The three cookie consent tools reviewed are:
Cookiebot
https://www.cookiebot.com/
Contact: mail@cookiebot.com

Cookie Control
https://www.civicuk.com/cookie-control
Contact: info@civicuk.com

CookiePro
https://www.cookiepro.com
Contact: sales@cookiepro.com

Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk

Special Guest: Karen Heaton.

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest
Karen Heaton
Director, Data Protection 4 Business
karen.heaton@dpo4business.co.uk
www.dpo4business.co.uk

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Corrections & Clarifications

Cookie Control from Civic UK
-Cookie Control supports an unlimited number of categories. The categories can be updated/added at any point.
-Cookie Control allows the user to define the time period that the consent is valid for. Also Cookie Control can be configured to request user consent if there is a change in the privacy policy of the website.
-All Cookie Control Licences have no page limits including the free one. The Pro version simply offers more features like unlimited subdomains geolocation, multilingual support, integration with IAB and branding.
-All licence costs are annual.

Materials
If you would like copies of the completed questionnaires, please email your requests to:
karen.heaton@dpo4business.co.uk
or
info@thisisdpo.co.uk

The three cookie consent tools reviewed are:
Cookiebot
https://www.cookiebot.com/
Contact: mail@cookiebot.com

Cookie Control
https://www.civicuk.com/cookie-control
Contact: info@civicuk.com

CookiePro
https://www.cookiepro.com
Contact: sales@cookiepro.com

Questions
Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk

Special Guest: Karen Heaton.

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Materials
You can try ADL Consulting’s "Introduction to Cyber Security" module for free here:
https://adlconsulting.teachable.com/p/an-introduction-to-cyber-security

Fashion ID
ECJ Judgement: http://curia.europa.eu/juris/document/document.jsf;jsessionid=CF6549B82743BAC9782DB7D41AD478DF?text=&docid=216555&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=14417748

Advocate General’s Opinion:
http://curia.europa.eu/juris/document/document.jsf?text=&docid=209357&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=14418147

Related documents
Update Report Into Adtech And Real Time Bidding, ICO. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/06/blog-ico-adtech-update-report-published-following-industry-engagement/

Guidance On The Use Of Cookies And Similar Technologies, ICO. https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/

Délibération N° 2019-093 Du 4 Juillet 2019 Portant Adoption De Lignes Directrices Relatives À L'application De L'article 82 De La Loi Du 6 Janvier 1978 Modifiée Aux Opérations De Lecture Et Écriture Dans Le Terminal D'un Utilisateur (Notamment Aux Cookies Et Autres Traceurs), CNIL. https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000038778053&dateTexte=&categorieLien=id

Opinion 5/2019 On The Interplay Between The Eprivacy Directive And The Gdpr, in particular regarding the competence, tasks and powers of data protection authorities, adopted on 12 March 2019, EDPB.
https://edpb.europa.eu/sites/edpb/files/files/file1/201905_edpb_opinion_eprivacydir_gdpr_interplay_en_0.pdf

Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk

Cyber security isn’t usually the primary responsibility of the DPO, but you can’t be an effective DPO if you don’t understand the security regime in your organisation and the trade-offs behind them. In this episode, we look at cyber security: what does it really consist of? how best to think about it? and what are the most common areas of vulnerability?

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest/s
Andy Larkum
CEO of ADL Consulting
https://adlconsulting.co.uk
andy@adlconsulting.co.uk

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Materials

Breaking News!
You can try ADL Consulting’s "Introduction to Cyber Security" module for free here:
https://adlconsulting.teachable.com/p/an-introduction-to-cyber-security

Cyber Essentials self-assessment questionnaire:
https://adlconsulting.co.uk/getting-help-cyber-essentials - see heading "What's Involved"

ISO 27001
https://adlconsulting.co.uk/iso27001-consultancy

Training:
https://adlconsulting.co.uk/staff-training
https://adlconsulting.teachable.com

Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk

Special Guest: Andy Larkum.

GDPR Now! Is brought to you by This Is DPO.
www.thisisdpo.co.uk.

Guest/s
Richard Spragg
Richard.spragg@rfib.co.uk
www.rfib.co.uk

Host
Mark Sherwood-Edwards
info@thisisdpo.co.uk

Materials
2018 Cost of a Data Breach Study: Global Overview
Ponemon Institute
www.ibm.com/security/data-breach

On breach and planning for breach, see also:
https://thisisdpo.co.uk/2019/02/04/preparing-to-deal-with-a-data-breach-the-role-of-the-dpo/

Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk

Special Guest: Richard Spragg.

*Cookies and the GDPR– ICO v CNIL. *

About this episode:
Both the UK’s ICO and France’s CNIL have issued updated guidance on cookies. You would have thought that this is all old stuff, but the ICO’s paper comes hot on its Adtech paper where it stated that the UK industry does not understand the rules around cookies, nor the interrelationship between cookies and the GDPR. In this podcast, we take a look at the eprivacy directive and see to what extent it makes sense and can be reconciled with the GDPR. There are some surprises as it turns out that the CNIL has invented a new legal type of cookie. This podcast is essential listening for anyone who wants to use cookies, whether first party or third party.

Host: Mark Sherwood-Edwards of This Is DPO.
www.thisisdpo.co.uk
Email: mse@thisisdpo.co.uk
Telephone: 07748 761972

Material referred to:

Here’s the important paragraph from the ICO’s Guidance on the use of cookies and similar technologies (bottom of page 46):

The ICO cannot exclude the possibility of formal action in any area. However, it is unlikely that priority for any formal action would be given to uses of cookies where there is a low level of intrusiveness and low risk of harm to individuals. The ICO will consider whether you can demonstrate that you have done everything you can to clearly inform users about the cookies in question and to provide them with clear details of how to make choices. For example, the ICO is unlikely to prioritise first party cookies used for analytics purposes where these have a low privacy risk, or those that merely support the accessibility of sites and services, for regulatory action.

Guidance on the use of cookies and similar technologies, ICO
https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/

Délibération n° 2019-093 du 4 juillet 2019 portant adoption de lignes directrices relatives à l'application de l'article 82 de la loi du 6 janvier 1978 modifiée aux opérations de lecture et écriture dans le terminal d'un utilisateur (notamment aux cookies et autres traceurs), CNIL
https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000038778053&dateTexte=&categorieLien=id

Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities, adopted on 12 March 2019, EDPB.
https://edpb.europa.eu/sites/edpb/files/files/file1/201905_edpb_opinion_eprivacydir_gdpr_interplay_en_0.pdf

Contact details
You can contact the show at info@thisisdpo.co.uk.
If you have questions, comments, suggestions for topics, or would like to appear on the show, please contact us on the email above.

Disproportionate, intrusive and unfair – the ICO report on ad tech and real time bidding – Part 2.

This is part 2 of a two-parter.

About this episode:
In its recent paper, Update report into adtech and real time bidding, the ICO has set out a biting criticism of how real time bidding (RTB) currently operates in the UK. The phrase disproportionate, intrusive and unfair occurs three times, and intrusive on its own is used an additional three times. The paper is not intended as formal guidance, but it gives a clear sense of direction. The ICO also adds that the issues it raises in this paper are not the only concerns it has with programmatic advertising.
Although the ICO has stated that it will take another six months to investigate further, it is already clear that the ICO will intervene. The ICO’s paper, and its forthcoming intervention, are likely to have a substantial impact in the programmatic industry in the EU and the US. It is no exaggeration to say that the ICO’s intervention is likely to have a bigger impact on this industry than the GDPR. To give some idea of scale: the worldwide spend of on digital advertising is expected to reach US$98bn in 2020. In Europe, the UK is by far the largest market, followed by Germany and then France (approx. US$15bn, US$8bn, US$4bn, respectively, in 2018).

In this episode, three luminaries from digital advertising get together to discuss the ICO’s report and the possible ways forward.

Guests:
Andy Houston
Product Director, Crimtan
https://crimtan.com/
ahoustoun@crimtan.com

Omar Oakes
Global Technology Director, Campaign.
https://www.campaignlive.co.uk/
omar.oakes@haymarket.com

John Mitchison
Director of Policy and Compliance
Data & Marketing Association
http://www.dma.org.uk
john.mitchison@dma.org.uk

Host: Mark Sherwood-Edwards of This Is DPO.
www.thisisdpo.co.uk
Email: mse@thisisdpo.co.uk
Telephone: 07748 761972

Material referred to:
Update report into adtech and real time bidding, ICO.
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/06/blog-ico-adtech-update-report-published-following-industry-engagement/

Crimtan’s ActivID
https://crimtan.com/activeid/

Contact details
You can contact the show at info@thisisdpo.co.uk.
If you have questions, comments, suggestions for topics, or would like to appear on the show, please contact us on the email above.

Special Guests: Andy Houston, John Mitchison, and Omar Oakes.

Disproportionate, intrusive and unfair – the ICO report on ad tech and real time bidding (Part 1).
This episode is Part 1 of two parts.

About this episode:
In its recent paper, Update report into adtech and real time bidding, the ICO has set out a biting criticism of how real time bidding (RTB) currently operates in the UK. The phrase disproportionate, intrusive and unfair occurs three times, and intrusive on its own is used an additional three times. The paper is not intended as formal guidance, but it gives a clear sense of direction. The ICO also adds that the issues it raises in this paper are not the only concerns it has with programmatic advertising.

Although the ICO has stated that it will take another six months to investigate further, it is already clear that the ICO will intervene. The ICO’s paper, and its forthcoming intervention, are likely to have a substantial impact in the programmatic industry in the EU and the US. It is no exaggeration to say that the ICO’s intervention is likely to have a bigger impact on this industry than the GDPR. To give some idea of scale: the worldwide spend of on digital advertising is expected to reach US$98bn in 2020. In Europe, the UK is by far the largest market, followed by Germany and then France (approx. US$15bn, US$8bn, US$4bn, respectively, in 2018).

In this episode, three luminaries from digital advertising get together to discuss the ICO’s report and the possible ways forward.

Guests:

Andy Houston
Product Director, Crimtan
https://crimtan.com/
ahoustoun@crimtan.com

Omar Oakes
Global Technology Director, Campaign.
https://www.campaignlive.co.uk/
omar.oakes@haymarket.com

John Mitchison
Director of Policy and Compliance
Data & Marketing Association
http://www.dma.org.uk
john.mitchison@dma.org.uk

Host: Mark Sherwood-Edwards of This Is DPO.
www.thisisdpo.co.uk
Email: mse@thisisdpo.co.uk
Telephone: 07748 761972

Material referred to:

Update report into adtech and real time bidding, ICO.
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/06/blog-ico-adtech-update-report-published-following-industry-engagement/

Crimtan’s ActivID
https://crimtan.com/activeid/

Contact details

You can contact the show at info@thisisdpo.co.uk.
If you have questions, comments, suggestions for topics, or would like to appear on the show, please contact us on the email above.

Special Guests: Andy Houston, John Mitchison, and Omar Oakes.

Subject access requests, personal data and the case of Rudd v Bridle with Ashley Winton and Laura Scaife.

About this episode:
Dr Rudd served a subject access request on Mr Bridle, and was not satisfied with the information he received back. Amongst allegations of fraud and conspiracy, the issue went to court. Who was the controller, and did the journalism and regulatory exemptions apply? One of the key issues was – what is personal data? The judge reached a conclusion, but was he right?

Guests:
Ashley Winton, McDermott, Will & Emery
London: +44 20 7577 6939
https://www.mwe.com/people/winton-ashley/

Dr. Laura Scaife, McDermott, Will & Emery
London: +44 20 7577 6934
https://www.mwe.com/people/dr-laura-scaife/
http://www.privacypractice.co.uk/

Host: Mark Sherwood-Edwards of This Is DPO.
www.thisisdpo.co.uk
Email: mse@thisisdpo.co.uk
Telephone: 07748 761972

Material referred to:
Rudd v Bridle https://www.bailii.org/ew/cases/EWHC/QB/2019/893.html.

For a written analysis of the case: https://thisisdpo.co.uk/2019/07/12/durant-rides-again-subject-access-requests-and-personal-data-revisited-in-rudd-v-bridle/

Contact details
You can contact the show at info@thisisdpo.co.uk.
If you have questions, comments, suggestions for topics, or would like to appear on the show, please contact us on the email above.

Special Guests: Ashley Winton and Laura Scaife.

Episode 1 – GDPR One Year On.

About this episode:
One year on, what’s GDPR looking like inside most companies. Is an ongoing thing, or is privacy a one-off? What’s the most effective form of governance, and what’s the role of DPOs in that mix? Plus lots of related issues.

Guest: James Leaton Gray, Director of The Privacy Practice.
http://www.privacypractice.co.uk/
Email: jlg@leatongray.com
Telephone: +44 7740 818036

Host: Mark Sherwood-Edwards of This Is DPO.
www.thisisdpo.co.uk
Email: mse@thisisdpo.co.uk
Telephone: +44 7748 761972

Material referred to:

Tim Berners Lee’s company
www.inrupt.com
https://www.wired.co.uk/article/inrupt-tim-berners-lee

The Furman report
The Economic Value of Data: Discussion Paper, HM Treasury, August 2018, and Unlocking Digital Competition: Report of the Digital Competition Expert Panel March 2019.
https://www.gov.uk/government/publications/unlocking-digital-competition-report-of-the-digital-competition-expert-panel

Contact details
You can contact the show at info@thisisdpo.co.uk.
If you have questions, comments, suggestions for topics, or would like to appear on the show, please contact us on the email above.