Categories
Articles

Federated Authentication and the GDPR Principles

The General Data Protection Regulation’s Article 4(1) establishes six principles for any processing of personal data. It’s interesting to compare how federated authentication – where a student authenticates to their university/college, which then provides relevant assurances to the website they want to access – performs against those principles when compared with traditional direct logins to […]

Categories
Publications

Why should non-EU organisations care about GDPR?

I was recently invited by EDUCAUSE to present a webinar on GDPR to their community of mostly North American universities and colleges. The number of participants indicates that European data protection law is a topic of interest. But the most common question was why, as non-EU organisations, they should care about GDPR. So I wrote […]

Categories
Articles

Helpdesks: how long to keep information?

I’ve had a number of questions recently about how long help desks should keep personal data about the queries they receive. The correct answer is “as long as you need, and no longer”. But I hope the following examples of why you might need to keep helpdesk tickets are more helpful than that bare statement: […]

Categories
Articles

Free Text and Data Protection

Collections of free text – whether in database fields, documents or email archives – present a challenge both for operations and under data protection law. They may contain personal data but it’s hard to find: whether you’re trying to use it, to ensure compliance with the data protection principles, or to allow data subjects to […]