Blackbaud has informed its clients of a security incident. Protecture’s initial thoughts are: Blackbaud has taken the security incident seriously, and have taken significant measures in response. They have some assurance from the hacker that they have deleted the data …
Category Archives: Breach
Delayed Flight? Easyjet and When to Report a Breach
Categories: Breach, GDPR, Guidance, ICO, Public InformationProtecture often get asked, “When should I report a breach?” The Easyjet incident highlights that the risk to individuals’ rights and freedoms and the potential significance of even basic data must always be at the forefront of your assessment. When …
Five Lessons to Learn From the First GDPR Fine
Categories: Breach, Fines, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorisedSo we’ve finally entered the brave new world. The first GDPR fine has arrived, just the 571 days since the GDPR came into force(!) Those desperate for the era of loud headlines about massive fines will be disappointed. The initial …
How to get the most out of your DPIA process
Categories: Breach, Data Protection Act 2018, Data Sharing, GDPR, Guidance, ICO, Public Information, UncategorisedIf your heart says yes, can your DPIA say it too? We wrote back in March about the common mistakes organisations make with Data Protection Impact Assessments (DPIAs). The importance of DPIAs can be seen in three recent cases. In the True Visions Productions (under the DPA 1998) the lack of DPIAs was seen by the Information Commissioner Office (ICO) as one of …
GDPR: the seven principles to follow
Categories: Breach, Consent, Data Protection Act 2018, GDPR, ICOLeading up to May 2018 there was a lot of coverage of the incoming GDPR Data Protection (DP) legislation. Organisations of all sorts knew that something needed to be done but weren’t always sure what it was. Consequently, as a …
Business Altering: what the BA fine means for you
Categories: Breach, Fines, GDPR, Security£183m for BA – under the GDPR. £0.5m for Facebook – under the old DPA 1998. The difference between the previous maximum fine and the headlines on BA’s GDPR fine are startling. The first point: BA has only been issued …
Facebook CA – Controversy Alert!
Categories: Breach, Consent, GDPR, GuidanceBack in April 2018 we published an insight piece on the lawful basis for using Facebook’s Custom Audiences tool, in which we concluded that relying on legitimate interests as a lawful basis for the use of this feature was unlikely …
5 common mistakes made with DPIAs
Categories: Breach, Consent, Data Protection Act 2018, Data Sharing, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorizedWe have outlined 5 common mistakes made with DPIAs. With the GDPR, a DPIA, or ‘Data Protection Impact Assessment’ has moved from being a good practice recommendation to being a mandatory activity for some kinds of personal data processing. The …
5 Tips for Incident Management
Categories: Accuracy, Breach, Brexit, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, DFE, Fines, Fundraising, GDPR, Guidance, ICO, Public Information, Security, Transparency, UncategorizedThis article is not a guide about how to handle a notifiable breach. By now, you’re all familiar with the ICO Guidance on that. This piece is about the day to day handling of incidents based on over a decade …
We all know about PECR, right?
Categories: Accuracy, Breach, Charities, Charities: ICO, Consent, Data Protection Act 2018, Data Sharing, Events, Fines, Fundraising, GDPR, ICO, Security, TransparencyAt the Protecture seminar on e-Privacy at the end of November, Rowenna Fielding reminded us that PECR is about more than just consent for electronic direct marketing. I don’t think that Rowenna meant to alarm anyone, just a gentle poke …