EU’s Article 29 Working Party publishes consent guidance

EU GDPR

EU guidance on the consent rules in GDPR have now been published by the Article 29 Working Party. The guidance covers how consent works from a GDPR perspective including how to interpret “freely given”, “specific”, “informed” and “detriment”. It also adds some clarity about how to collect explicit consent is required. There’s not much in here that should come as a surprise, but hopefully the fact this is now published, should hopefully be an indication that the ICO’s own consent […]

WordPress 4.9.5 security release

wordpress

On April 3rd WordPress released a security update to the WordPress core. Described as “the core team’s ongoing commitment to security hardening” the new released, 4.9.5, fixes three security issues. You are strongly urged to make sure you update to this latest version, which you may have to do manually if: You don’t have automatic updates turned on (your web developer may have turned it off) You have a problem with auto-updates caused by the v4.9.3 bug (fixed by 4.9.4) […]

Highly critical Drupal code security alert

Drupal Notice

The Drupal team have published a highly critical update to the Drupal core which they say plugs a vulnerability that “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.” The vulnerability is within multiple subsystems of Drupal 7.x and 8.x and is severe enough that patches have been released for some unsupported versions. If you’re running Drupal for your website you are strongly urged to upgrade or patch […]

Now with added GDPR policies

policies

We have for sometime been offering some GDPR policies for members to adapt for their own needs. Now that suite has been updated with even more. Now you can download policy templates for: Data Protection Policy Data Protection Marketing Compliance Policy Data Protection Breach Policy Subject Access Request Policy GDPR & IT Security Policy Privacy Notice All the policies are free to Hub subscribers, but you will need to have been using the Hub for at least 14 days before […]

Legitimate Interest guidance published

legitimate interest

The Information Commissioners’ Office (ICO) has published detailed guidance on the use of legitimate interests as the lawful basis for processing. The guidance sets out details about legitimate interest, when you can use it and how to use a legitimate interest impact assessment (LIA) to determine whether it is lawful for you to process data as a legitimate interest. Fundamentally there is little change under GDPR in terms of legitimate interest but the GDPR’s principles of transparency and accountability mean […]

ICO Publishes DPIA Guidance consultation

GDPR transparency

The ICO has published draft guidance on the use of Data Protection Impact Assessments (DPIA), a tool used to assess the risks of processing personal data. The UK has had Privacy Impact Assessments (PIA) for some time as best practice but the GDPR enforces the need for DPIA in certain circumstances. The draft guidance: Covers what’s expected when you carry out a DPIA as well as information about what they are and in what circumstances you would use them How […]

Draft Data Protection (Charges and Information) Regulations 2018

Regulation

Draft Regulations on the ICO registration fees were laid before Parliament on the 20th February. These draft regulations will come into force on 25th May (to coincide with the General Data Protection Regulation (GDPR)). The new Regulations set out the ICO registration fee scheme including the fee structure: Tier 1 – micro organisations You have a maximum turnover of £632,000 for your financial year or no more than 10 members of staff. The fee for tier 1 is £40. Tier […]

WordPress 4.9.2 security release & YITH Wishlist vulnerability

wordpress

On January 16th WordPress released a security update to patch a vulnerability in the latest version of WordPress. According to the release notes (the update fixes a number of bugs too), “an XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.” It is strongly recommended that you make sure your WordPress site is updated […]

ICO fines Carphone Warehouse £400k

Regulation

Carphone Warehouse have been issued with one of the largest fines by the Information Commissioner’s Office after customer and employee data was compromised after a cyber-attack in 2015. The ICO cite “multiple inadequacies in Carphone Warehouse’s approach to data security and determined that the company had failed to take adequate steps to protect the personal information” with the cause of  the breach being linked to out of date software (WordPress) and inadequate security protocols in place. With the General Data […]

Meltdown and Spectre chip vulnerability

privacy regulations

There’s been a lot of coverage of the recently announced chipset vulnerability that’s been found in major suppliers of computer chips (e.g. Intel, AMD). The vulnerability, if exploited, could allow hackers to access areas of, otherwise normally, inaccessible memory which may be used for storing sensitive data, passwords, encryption keys, etc. There’s been a lot of press coverage of the vulnerabilities over the last couple of weeks, so this post doesn’t serve to repeat what’s been said elsewhere, but to […]