Categories
Publications

GDPR and “cyber security”

Education Technology have just published an article I wrote (though I didn’t choose the headline!) on how security and incident response fit into the General Data Protection Regulation. It aims to be an easy read: if you want something more challenging follow the “incident response protects privacy” link to get the full legal analysis.

Categories
Articles

GDPR – Privacy Notices

Although privacy notices are an important aspect of the General Data Protection Regulation, it seems unlikely that we will have final guidance from regulators for several months. Since we need to start rolling out GDPR-friendly privacy notices for Jisc services sooner than that, we’re using what information we have – the GDPR itself, the Information […]

Categories
Articles

GDPR: Data Protection Impact Assessments

The Article 29 Working Party of European data protection supervisors has published the final version of its Guidelines on Data Protection Impact Assessments (DPIAs). These build on the long-standing concept of Privacy Impact Assessments, being similar to normal risk assessments but looking at risks to the individuals whose data are being processed, rather than to […]