Hubdate: Plans for more detailed GDPR info & GDPR scope

Hub Changelog

Hub Changelog v1.0.4 – 15th October 2017 We’re currently developing a detailed overview of the GDPR, within the data protection section, where we break the GDPR down into its sections as well as pull together already established information areas on the Hub (that relate to the GDPR) – each area will be added to the Hub as they’re completed over the coming weeks. The aim is to provide a GDPR information resource useful for subscribers to identify the specific parts […]

ICO clarifies what’s going to happen with registration

registration fee

One of the regulatory requirements missing from the General Data Protection Regulation (GDPR) is the requirement to register your data processing activities with a supervisory authority (the ICO in the UK). Under the current regime of the Data Protection Act 1998 there is both a requirement to register and pay a fee to the ICO. The fees collected by the ICO go towards the running of the ICO (contrary to popular belief, ICO fines go to the Government not to the […]

Hubdate: what data protection compliance looks like, updates to the GDPR audit toolkit & new GDPR training

Hub Changelog

Hub Changelog v1.0.3 – 30th September 2017 An updated introduction to data protection which brings data protection up to date with the GDPR A new guide to what data protection compliance should look like within your organisation Updates to the GDPR Audit Toolkit Minor changes to the preparation stage text Minor changes to the audit stage text Minor changes to the analysis stage text Added new dates for Data Protection & GDPR training (free for Hub subscribers) October 11th November 14th […]

Joomla! 3.8 patches 2 security issues

Online Security

Last week Joomla! released a new version, 3.8. The new version is an update to the Joomla! 3 series. Whilst it is primarily a feature release with 300 improvements and two major features it also patches two security issues: Core – Information Disclosure in LDAP Authentication Plugin (affecting Joomla 1.5.0 – 3.7.5) Core – Information Disclosure in com_content Archived Articles Model (affecting Joomla 3.7.0 – 3.7.5) You are advised to update to this latest version to address the security issues. […]

ICO publishes draft guidance on the Controller – Processor relationship

consultation guidance

Chapter IV of the GDPR sets out responsibilities of Data Controllers and Data Processors. Whilst the general responsibility of a Data Controller is to apply the data protection principles to their business and uphold the GDPR from a compliance perspective, this section of the GDPR also sets out strict controls around the Controller and Processor relationship. Specifically: The Controller should have a written contract in place (containing specific terms) with any Processors it uses to process its data Because Controllers […]

Security update to WordPress (4.8.2)

wordpress

Yesterday, WordPress issued an update to it’s core. This is a security release, so you’re strongly advised to update immediately if you’re running WordPress. According to the release notes for v4.8, it fixes 9 security vulnerabilities in version 4.8.1 and earlier. Check that you’re running on the latest version by logging into your WordPress dashboard – if you have auto-updates enabled you should already be running on the latest version. As these are security vulnerabilities that are likely to be, now, […]

Data Protection Bill published

UK Government & Data Protection

Having announced last month it’s intentions for a new Data Protection Bill (as per the Queen’s speech back in June) the government have, this week published it’s initial draft of the Bill. On the face of it, the Bill aims to implement the General Data Protection Regulation (GDPR) into UK law, not because they have to (the GDPR is a European regulation which means it applies across the whole of Europe regardless of member state law) but so that we’re […]

UK government publishes paper on the case for EU data flows post Brexit

UK Government & Data Protection

Whilst the UK is still part of the EU it can continue to benefit from EU transfers of data as set out in the 1995 Directive (implemented in the UK as the Data Protection Act 1998). These EU rules allow for the free flowing of data across all EU member states; those outside the European Union though, have to prove they have adequate data protection controls in place and anyone within the EU wishing to transfer data to those countries […]

Drupal Security Release (8.3.7)

Drupal Notice

Web hosting platform, Drupal, have issued a maintenance release of their software that patches a number of security fixes. Users are urged to upgrade to the latest version, 8.3.7 as soon as possible. The release patches a number of security vulnerabilities: Views – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6923 REST API can bypass comment approval – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6924 Entity access bypass for entities that do not have UUIDs or […]

GDPR and fines

GDPR and fines

It seems the Information Commissioner’s Office (ICO) is getting a little fed up with misinformation about the General Data Protection Regulation (GDPR) and so are publishing a series of blog posts “sorting the fact from the fiction”. We tend to agree with the ICO on this – there is a lot of misinformation about the GDPR, articles speaking as though this is the first time businesses have had to worry about data protection, or companies pushing their services as though their product (which […]