DATE November 24, 2020 11:53 am POSTED BY CATEGORY Blog

The Evolution of SARs

It’s funny how you remember the first Subject Access Request you ever worked on.  It’s like a rite of passage that leaves an indelible mark.  The first SAR in question was the first in a spate of inbound SARs back in 2007 when the Outsourced DPO was the outsourced DPO...
View Article »
DATE November 20, 2020 11:03 am POSTED BY CATEGORY Blog

Data Protection Post Brexit

The decision to leave the EU is causing a period of profound change and uncertainty for British businesses, as we near the end of the transition period, and many things remain unclear in the world of data protection. Next week DPPs consulting team will unpick the complex issues during a...
View Article »
DATE November 17, 2020 9:05 am POSTED BY CATEGORY Blog

The ICO’s monetary penalty notice issued to Ticketmaster

The ICO’s monetary penalty notice issued to Ticketmaster makes interesting if not worrying reading.  LOTS of buck passing preceded and arguably slowed identification of the compromise.  Indeed, a customer notified Ticketmaster via Twitter about the vulnerability 6 or 7 weeks before Ticketmaster and their incident response team identified it. It...
View Article »
DATE November 16, 2020 11:05 am POSTED BY CATEGORY Blog

Data Processor Agreements Post Brexit

The Outsourced DPO picked up an inbound support ticket this morning querying whether a data processor agreement was still relevant or required amending in light of Brexit and Schrems 2. The processor agreement in question was that issued by the Danish Data Protection Authority, Datatilsysnet which has taken some flak...
View Article »
DATE November 10, 2020 12:36 pm POSTED BY CATEGORY Uncategorized

Outsourced DPO – AI in retail environments

Outsourced DPO The BBC ran an interesting story today about AI in retail environments which makes for interesting reading but probably nothing of any particular surprise.  We have known for decades about the Club Card and similar initiatives amassing tons of data to try to predict shopping habits on...
View Article »
DATE November 10, 2020 12:34 pm POSTED BY CATEGORY Blog

Outsourced DPO – ignore the ICO at your peril

Studios MG, a small software development company was issued with a monetary penalty notice in the sum of £40,000 last month for sending unsolicited direct marketing materials by email with out consent.  Reading the ICO’s report(, it seems that SMG were not readily forthcoming in engaging with the ICO during...
View Article »