Bobs Business have a great set of e-Learning modules. DPOrganizer stuff is good too and you can customise and do your own courses in there. Chris Roberts of Cybata is good at F2F training and custom course and games
Bobs Business have a great set of e-Learning modules.
DPOrganizer stuff is good too and you can customise and do your own courses in there.
Chris Roberts of Cybata is good at F2F training and custom course and games
In simple terms, personal data is an EU term and is far wider in scope due to the direct and indirect aspects of identification, than PII which is a US term. Personal Data means: "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural persoRead more
In simple terms, personal data is an EU term and is far wider in scope due to the direct and indirect aspects of identification, than PII which is a US term.
Personal Data means: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
In my experience, there is a split in what you are asking for here , and indeed how the market solution vendors approach this area of consent . 1. Website Cookie consent and management.(All pretty much miss all the other consent requirements of trackers such as scripts, tracking pixels, font librariRead more
In my experience, there is a split in what you are asking for here , and indeed how the market solution vendors approach this area of consent .
1. Website Cookie consent and management.(All pretty much miss all the other consent requirements of trackers such as scripts, tracking pixels, font libraries etc etc)
2. Point In Time Notice and User Consent collection and management and other omni “Consent ” points across business (email, social media, phone, door entry, apps etc etc)
There is one solution in my opinion is the most powerful to handle the omni channel consent and that is PrivacyCheq / ConsentCheq by Roy Smith and his team but unfortunately it does not do the cookie bit 🙂
In terms of the cookie side of things, there are a few solutions to have a look at:
Cookiebot
Cookiescan
CookiePro
Didomi
Agnostic.io
Signatu
Baycloud
dataskydd : https://webbkoll.dataskydd.net/
For me the reporting dashboard that come with ANY of the solutions on the market are a secondary feature that enhances the primary reason for buying them in the first place; data discovery, mapping, ROPA, DSAR's, Incidents and breach management, Privacy office / Data Protection programme / project tRead more
For me the reporting dashboard that come with ANY of the solutions on the market are a secondary feature that enhances the primary reason for buying them in the first place; data discovery, mapping, ROPA, DSAR’s, Incidents and breach management, Privacy office / Data Protection programme / project task management etc etc
In that regard the cost is zero as it is a by product of other functionality you are paying for.
That being said you could always use other reporting platforms such as Power BI and expose via the platforms API’s and pull stuff out. I know of DPOrganizer clients that do exactly this to enhance the reporting aspects, especially in large “federated” type of instances and indeed other platforms offer the same potential.
Smaller companies are often Excel based for mapping so a logical use case, before they to the Paper to SaaS migration route, would be to natively leverage the Excel Reporting features or indeed use Power BI ..
I would strongly suggest reading this: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/exemptions/
As a follow up to the above also look at the new shortly to become available UK international Data Transfer Agreement and Guidance ... https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidanceRead more
As a follow up to the above also look at the new shortly to become available UK international Data Transfer Agreement and Guidance …
“On 2 February 2022, the Secretary of State laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (Addendum) and a document setting out transitional provisions. This final step follows the consultation the ICO ran in 2021. The documents are issued under Section 119A of the Data Protection Act 2018.
If no objections are raised, they come into force on 21 March 2022. Exporters will be able to use the IDTA or the Addendum as a transfer tool to comply with Article 46 of the UK GDPR when making restricted transfers.”
The time line should be at least as long as it would be required of the controller to be able to undertake and interact with the processor about the new sub-processor of the controller; like reviewing the VDD they have done and any or all of the DPIA's / LIA's etc as part of that exercise so they caRead more
The time line should be at least as long as it would be required of the controller to be able to undertake and interact with the processor about the new sub-processor of the controller; like reviewing the VDD they have done and any or all of the DPIA’s / LIA’s etc as part of that exercise so they can amend their own records and make the decision if they are happy with the risk change.
I have seen time periods in Controller to Processor agreements that vary from a minimum of 30 days to 90 day for changes in processing supply chain scope within the DSA (Data Sharing Agreements)
It also depends how much the Processor (Controller in their own right) has their own house in order with respect to Vendor due diligence and notification to parties that they process on behalf of .. but as you mention they should be taking a risk based approach to the activities of the new processor … more lead time for more risk and sensitive personal data sets .. that are in scope.
I would suggest pitching this question at Tim Turner of 2040training who is very knowledgeable on all aspects of FOI. Sadly i am not much of an expert in this area. Sorry.
I would suggest pitching this question at Tim Turner of 2040training who is very knowledgeable on all aspects of FOI.
Sadly i am not much of an expert in this area. Sorry.
How do you get your training content?
Dave_Wylie
Bobs Business have a great set of e-Learning modules. DPOrganizer stuff is good too and you can customise and do your own courses in there. Chris Roberts of Cybata is good at F2F training and custom course and games
Bobs Business have a great set of e-Learning modules.
See lessDPOrganizer stuff is good too and you can customise and do your own courses in there.
Chris Roberts of Cybata is good at F2F training and custom course and games
PII v PI
Dave_Wylie
In simple terms, personal data is an EU term and is far wider in scope due to the direct and indirect aspects of identification, than PII which is a US term. Personal Data means: "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural persoRead more
In simple terms, personal data is an EU term and is far wider in scope due to the direct and indirect aspects of identification, than PII which is a US term.
Personal Data means: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
PII is described by Department of Homeland security as per this: https://www.dhs.gov/privacy-training/what-personally-identifiable-information
On the face of it it seems to becoming more aligned with the EU may of thinking …
See lessCookies consent and contact form consent
Dave_Wylie
In my experience, there is a split in what you are asking for here , and indeed how the market solution vendors approach this area of consent . 1. Website Cookie consent and management.(All pretty much miss all the other consent requirements of trackers such as scripts, tracking pixels, font librariRead more
In my experience, there is a split in what you are asking for here , and indeed how the market solution vendors approach this area of consent .
1. Website Cookie consent and management.(All pretty much miss all the other consent requirements of trackers such as scripts, tracking pixels, font libraries etc etc)
2. Point In Time Notice and User Consent collection and management and other omni “Consent ” points across business (email, social media, phone, door entry, apps etc etc)
There is one solution in my opinion is the most powerful to handle the omni channel consent and that is PrivacyCheq / ConsentCheq by Roy Smith and his team but unfortunately it does not do the cookie bit 🙂
In terms of the cookie side of things, there are a few solutions to have a look at:
Cookiebot
Cookiescan
CookiePro
Didomi
Agnostic.io
Signatu
Baycloud
dataskydd : https://webbkoll.dataskydd.net/
Hope that helps a little
See lessDave
I am curious – has anyone found dashboard type software to build a privacy programme like OneTrust/CyberComply etc for smaller organisations, has anyone found that they’re really are worth the cost?
Dave_Wylie
For me the reporting dashboard that come with ANY of the solutions on the market are a secondary feature that enhances the primary reason for buying them in the first place; data discovery, mapping, ROPA, DSAR's, Incidents and breach management, Privacy office / Data Protection programme / project tRead more
For me the reporting dashboard that come with ANY of the solutions on the market are a secondary feature that enhances the primary reason for buying them in the first place; data discovery, mapping, ROPA, DSAR’s, Incidents and breach management, Privacy office / Data Protection programme / project task management etc etc
In that regard the cost is zero as it is a by product of other functionality you are paying for.
That being said you could always use other reporting platforms such as Power BI and expose via the platforms API’s and pull stuff out. I know of DPOrganizer clients that do exactly this to enhance the reporting aspects, especially in large “federated” type of instances and indeed other platforms offer the same potential.
Smaller companies are often Excel based for mapping so a logical use case, before they to the Paper to SaaS migration route, would be to natively leverage the Excel Reporting features or indeed use Power BI ..
See lessCold Prospecting
Dave_Wylie
I would strongly suggest reading this: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/exemptions/
I would strongly suggest reading this:
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/exemptions/
See lessGDPR Compliance
Dave_Wylie
As a follow up to the above also look at the new shortly to become available UK international Data Transfer Agreement and Guidance ... https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidanceRead more
As a follow up to the above also look at the new shortly to become available UK international Data Transfer Agreement and Guidance …
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/
“On 2 February 2022, the Secretary of State laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (Addendum) and a document setting out transitional provisions. This final step follows the consultation the ICO ran in 2021. The documents are issued under Section 119A of the Data Protection Act 2018.
If no objections are raised, they come into force on 21 March 2022. Exporters will be able to use the IDTA or the Addendum as a transfer tool to comply with Article 46 of the UK GDPR when making restricted transfers.”
See lessGDPR Compliance
Dave_Wylie
Pretty much most of what you need to demonstrate EU GDPR compliance; with a few exceptions !
Pretty much most of what you need to demonstrate EU GDPR compliance; with a few exceptions !
See lessNature of Relationship
Dave_Wylie
This is definitely an area of expertise of @chrrob who specialises in the GDPR implications of sporting institutions and their supply chains !
This is definitely an area of expertise of Chris Roberts who specialises in the GDPR implications of sporting institutions and their supply chains !
See lessNotification of changes to data processors
Dave_Wylie
The time line should be at least as long as it would be required of the controller to be able to undertake and interact with the processor about the new sub-processor of the controller; like reviewing the VDD they have done and any or all of the DPIA's / LIA's etc as part of that exercise so they caRead more
The time line should be at least as long as it would be required of the controller to be able to undertake and interact with the processor about the new sub-processor of the controller; like reviewing the VDD they have done and any or all of the DPIA’s / LIA’s etc as part of that exercise so they can amend their own records and make the decision if they are happy with the risk change.
I have seen time periods in Controller to Processor agreements that vary from a minimum of 30 days to 90 day for changes in processing supply chain scope within the DSA (Data Sharing Agreements)
It also depends how much the Processor (Controller in their own right) has their own house in order with respect to Vendor due diligence and notification to parties that they process on behalf of .. but as you mention they should be taking a risk based approach to the activities of the new processor … more lead time for more risk and sensitive personal data sets .. that are in scope.
Hope that helps.
See lessUnder a FOI request? Please can someone show me in the legislation where the “less than 5” rule applies?
Dave_Wylie
I would suggest pitching this question at Tim Turner of 2040training who is very knowledgeable on all aspects of FOI. Sadly i am not much of an expert in this area. Sorry.
I would suggest pitching this question at Tim Turner of 2040training who is very knowledgeable on all aspects of FOI.
Sadly i am not much of an expert in this area. Sorry.
See less