Category: SARaaS

DATE November 24, 2020 11:53 am POSTED BY CATEGORY Blog

The Evolution of SARs

It’s funny how you remember the first Subject Access Request you ever worked on.  It’s like a rite of passage that leaves an indelible mark.  The first SAR in question was the first in a spate of inbound SARs back in 2007 when the Outsourced DPO was the outsourced DPO...
View Article »
DATE November 20, 2020 11:03 am POSTED BY CATEGORY Blog

Data Protection Post Brexit

The decision to leave the EU is causing a period of profound change and uncertainty for British businesses, as we near the end of the transition period, and many things remain unclear in the world of data protection. Next week DPPs consulting team will unpick the complex issues during a...
View Article »
DATE November 17, 2020 9:05 am POSTED BY CATEGORY Blog

The ICO’s monetary penalty notice issued to Ticketmaster

The ICO’s monetary penalty notice issued to Ticketmaster makes interesting if not worrying reading.  LOTS of buck passing preceded and arguably slowed identification of the compromise.  Indeed, a customer notified Ticketmaster via Twitter about the vulnerability 6 or 7 weeks before Ticketmaster and their incident response team identified it. It...
View Article »
DATE November 16, 2020 11:05 am POSTED BY CATEGORY Blog

Data Processor Agreements Post Brexit

The Outsourced DPO picked up an inbound support ticket this morning querying whether a data processor agreement was still relevant or required amending in light of Brexit and Schrems 2. The processor agreement in question was that issued by the Danish Data Protection Authority, Datatilsysnet which has taken some flak...
View Article »
DATE November 10, 2020 12:34 pm POSTED BY CATEGORY Blog

Outsourced DPO – ignore the ICO at your peril

Studios MG, a small software development company was issued with a monetary penalty notice in the sum of £40,000 last month for sending unsolicited direct marketing materials by email with out consent.  Reading the ICO’s report(https://ico.org.uk/media/action-weve-taken/mpns/2618388/studios-mg-limited-mpn.pdf), it seems that SMG were not readily forthcoming in engaging with the ICO during...
View Article »
DATE November 4, 2020 11:58 am POSTED BY CATEGORY Blog

The Outsourced DPO – how not to chat someone up in 2020

Yesterday, a colleague sent the Outsourced DPO this link https://metro.co.uk/2020/09/10/bar-worker-messaged-model-after-getting-number-from-test-and-trace-13250543/.  Sure it happened in September so it may already be old news.  It reminded me of a case way back in 2011 (sometimes it pays to have been working in the field of data protection for decades!) https://www.bbc.com/news/uk-scotland-edinburgh-east-fife-15885865 in which...
View Article »
DATE November 3, 2020 5:04 pm POSTED BY CATEGORY Blog

Outsourced DPO –Privacy by design and by default

Reading the ICO’s monetary penalty notice (MPN) served on Marriott one notes that the fine relates to infringements (Articles 32 and 5(1)(f)) of the GDPR between the dates of 25th May 2018 and 18th September 2018 despite the personal data breach occurring on-going from July 2014.  The MPN sets out...
View Article »
DATE November 2, 2020 11:41 am POSTED BY CATEGORY Blog

The Marriott Hotel Fined £18.4 Million

So, last week the ICO levied a fine of £18.4m on Marriott for a personal data breach affecting an estimated 339 million people over a 4-year period.  If you use the unorthodox method of evaluating monetary penalties of vP = n/F (the value of privacy is equal to the number...
View Article »