Audit

What are Joint Controllers?

Posted on

Sometimes the division between Data Processors and Data Controllers is not simple. Where more than one entity has control in determining the processing requirements, there can be multiple Data Controllers.  This situation can lead to “Joint Controllers” which needs to be managed carefully. To recap: the Data Controller determines the purposes for which and the manner in which personal data […]

Audit

Four key points to include in contracts between Data Controllers and Data Processors

Posted on

The General Data Protection Regulation (2016/679), imposes clear requirements controlling the appointment of data processors by data controllers.  One of these is a requirement prescribing various matters which must be stipulated in a written contract (Article 28). As and from 25 May 2018 all agreements between Data Controllers and Data Processors need to meet these new GDPR requirements. This is a major change for many organisations, […]

Compliance

Consent: one of six lawful bases to process personal data, in GDPR

Posted on

Article 6 of Regulation 2016/679, the General Data Protection Regulation (hereafter: GDPR). sets the conditions for a lawful personal data processing and describes the six and only six, lawful bases for personal data processing, only one of which is consent. It is important to note that one of these six bases must be established prior to processing for each specific purpose. Generally, consent can only […]

Audit

First five questions for GDPR compliance

Posted on

When confronted with the looming deadline of May 2018 for GDPR compliance there are five big questions any organisation should ask. Who deals with personal data in your organisation? Individuals or departments whichever is appropriate. What data do you gather across organisation?  list it out there may be repetition which can be rationalised later. Why is the data collected or processed? Different users may have […]

Compliance

Data Controllers or Data Processors in GDPR?

Posted on

In order to vindicate data subjects’ rights, the GDPR defines two new roles for organisations Data Controllers and Data Processors. This post will outline the roles and obligations for both under the GDPR. Controller or processor Controllers are those who determine the purposes and means of processing personal data. Processors are those engaged in processing personal data on behalf of controllers. To decide of […]

Documentation

Maintenance and operation of an ISO 27001 ISMS

Posted on

Successfully completing an ISO 27001 certification places great demands on an organisation.  The announcement of success is normally treated as the end of a difficult journey, and can be a time when attention turns to other pressing matters.  However the real job, the real value generating part of ISO 27001 now starts.  This is where the organisation reaps the rewards of a well […]

Documentation

ISO 27001 documentation

Posted on

Having an ISO 27001 system in place mandates a set of documents.  These documents may be the most visible manifestation of a system and certainly the starting point for any ISO 27001 auditor. Naturally before starting to draft documents the organisation will have performed a planning phase and a risk assessment.  Annex A contains an excellent starting point but […]

Maturity Models

Dimensions of big data maturity models

Posted on
Dimensions from common big data maturity models

Typically what dimensions do big data maturity models examine and why? In the word cloud above you can see a selection of dimensions from commonly deployed maturity models.  The models themselves are not of interest at the moment, just look at the large words, IE the most frequently used terms.  In essence, these terms drive […]