Data protection principles: GDPR v DPA 1998


Number of principles: DPA = 8, GDPR = 6. 

Despite their ‘numerical’ differences, the principles for data protection cover the same ground: with the ‘missing' 2 principles being absorbed within GDPR, so all the requirements are still there! Additionally, GDPR enhances many principles by providing finer detail than the DPA and, importantly, a new accountability requirement. Finer details and points can be found in GDPR’s 99 Articles. 

Breached? It will cost more thank you think!

In 2014, the Department for Business Innovation & Skills (BIS) reported a decrease in information security breaches, but a doubling of the costs associated with investigating and remediating consequences.  Organisations are often blinkered to the actual breaches rather than the ‘collateral damage' caused as a result of a data security attack. Instead they should be cognisant of the increasingly sophisticated methods used by the many threat actors out there, and how unprepared we are to respond to such attacks. 

Unsurprisingly, cyber breaches (as they are now wont to be called) have increased in number and sophistication since the report was published: this increases the actual (true) cost of breaches, as the inability to detect, identify and respond increases exponentially

GDPR – get your boots on, you’re selected!

The arrival of the 25th May 2018, to have fully implemented all your GDPR obligations, doesn’t leave you much time to identify what personal data, including ‘special’ types you have, analyse what security and organisational controls and measures are in place, how effective they are, how cyber savvy your staff are and what, if any, current and practised incident response plans exist.  So much to do, so little time and do you have the necessary expertise on tap…?

Prepared for GDPR?

Prepared for GDPR?

So, is your data protection team sheet completed yet? With a ¼ of the 2-year timeframe before the implementation of the EU General Data Protection Regulation (GDPR) already used up, time is running out for organisations to be match fit, and kitted up to meet the requirements and obligations to protect EU citizens’ personal data.