15 episodes

GDPR Now! is a new podcast about GDPR and all things privacy. Published weekly/fortnightly, the host is joined by a range of fantastic guests to discuss the latest news, developments, and trends within privacy. Each episode will be devoted to a specific theme and will feature one or more experts talking about an issue of relevance to the industry. Whether you're a privacy expert, a privacy beginner or you just want to know more, this is the podcast for you!

GDPR Now! This is DPO/Mark Sherwood-Edwards

    • Business

GDPR Now! is a new podcast about GDPR and all things privacy. Published weekly/fortnightly, the host is joined by a range of fantastic guests to discuss the latest news, developments, and trends within privacy. Each episode will be devoted to a specific theme and will feature one or more experts talking about an issue of relevance to the industry. Whether you're a privacy expert, a privacy beginner or you just want to know more, this is the podcast for you!

    Episode 16: Digital Detox - how to cleanse yourself on Data Protection Day

    Episode 16: Digital Detox - how to cleanse yourself on Data Protection Day

    On the day after Data Protection Day (or Privacy Day, depending on whether you are tomato or tomato) we take a look at privacy enhancing technologies - how to control, restrict and eliminate your personal data footprint (if that’s what you want to do). This podcast will be invaluable for privacy professionals that want to know what PETs are available and for consumers that would like to have greater control of their digital profiles.


    GDPR Now! Is brought to you by This Is DPO.
    www.thisisdpo.co.uk.


    Guest/s
    Abigail Dubiniecki
    Data Protection Specialist
    My Inhouse Lawyer
    https://www.linkedin.com/in/abigaild/


    Host
    Mark Sherwood-Edwards
    info@thisisdpo.co.uk


    Materials
    Competition and Markets Authority (UK competition regulator) report on digital advertising
    https://www.gov.uk/government/news/cma-lifts-the-lid-on-digital-giants


    Links to PETs
    (Privacy Enhancing Tech) and resources mentioned in the podcast (and more!)
    Disclaimer – not endorsing any PET in particular, just sharing info.


    Want a pretty version or more explanation? Check out my LinkedIn profile for a Slideshare of a presentation and handy Infographic – available next week. Let’s help build this list.


    Which PETs are you using or curious to try? If they’re not here, let Abigail know via contact details in the show notes so I can update my list.


    Inform yourself, update software, adjust privacy settings, use 2FA!


    Privacy Analyzer
    (https://privacy.net/analyzer): Analyses your browser to reveal what can be learned about you and recommend actions you can take


    DuckDuckGo Device Privacy Tips
    https://spreadprivacy.com/tag/device-privacy-tips/
    ‘Learn’ tab in the DisconnectMe Privacy Pro VPN (iOS only) – ‘learn’ materials available without paying. Just download the app and click!: https://apps.apple.com/us/app/disconnect-privacy-pro-entire/id1057771839?ls=1


    Consumer Reports articles & videos with quick-fixes in bite-sized pieces: https://www.consumerreports.org/privacy/linkedin-privacy-settings/
    www.consumerreports.org/video/view/electronics/news/6050416388001/protecting-your-online-privacy/


    Terms of Service, Didn’t Read (TOSDR https://tosdr.org/): one-stop shop for digested Ts & Cs of most popular online providers, including score cards. Brilliant browser add-on offers automatic assessment of pages you access. Addresses privacy notices & terms e.g. cancellation, etc.


    Ghostery
    (www.ghostery.com) lets you block ads and trackers, watch the watchers, and speed up your browser with a suite of products, some of which are free, others reasonably privacy. A new product – Ghostery Midnight (www.ghostery.com/midnight) – claims to protect your entire device while giving granular preference management at the app-by app level. Sounds like having your own personal privacy watchdog on your device. Extension is free!! But some of the other products are paid.


    Baycloud (https://baycloud.com) was one of the early champions of privtech, starting in the DNT space. They offer B2C and B2B resources. Baycloud Bouncer let reveals who’s tracking you and gives you a handy dashboard to adjust your preferences (https://baycloud.com/bouncer). You can also pre-scan websites you’d like to visit from the comfort of Baycloud’s site. Try before you buy (so to speak, with your data I mean). Free!!


    Have I been pwned?(https://haveibeenpwned.com) will help you check whether your account or credentials has been compromised based on research into the (sigh) multitudinous data breaches. Free!!


    DuckDuckGo privacy report card for websites (https://duckduckgo.com/app): instantly evaluates and remediates websites you visit to give you a before and after score. Browser add-on for various browser types on desktop but only available for iOS on mobile. Free!!


    Deseat.Me (www.deseat.me) : Helps you clean up your online presence by instantly getting a list o

    • 43 min
    Episode 15: Cyber security - everything a DPO needs to know. Part 2.

    Episode 15: Cyber security - everything a DPO needs to know. Part 2.

    Cyber security is an area of key concern for any DPO or privacy professional. Having looked at people and training issues in episode 7, this episode focuses on the key physical issues: physical and technical access controls, network design considerations, default deny and least privilege, separation of duties and working in key areas.


    GDPR Now! Is brought to you by This Is DPO.
    www.thisisdpo.co.uk.


    Guest/s
    Andy Larkum
    CEO of ADL Consulting
    https://adlconsulting.co.uk
    andy@adlconsulting.co.uk


    Host
    Mark Sherwood-Edwards
    info@thisisdpo.co.uk


    Materials
    You can try ADL Consulting’s "Introduction to Cyber Security" module for free here:
    https://adlconsulting.teachable.com/p/an-introduction-to-cyber-security


    From previous episode on cyber security
    Cyber Essentials self-assessment questionnaire:
    https://adlconsulting.co.uk/getting-help-cyber-essentials - see heading "What's Involved"


    ISO 27001
    https://adlconsulting.co.uk/iso27001-consultancy


    Training:
    https://adlconsulting.co.uk/staff-training
    https://adlconsulting.teachable.com


    Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk
    Special Guest: Andy Larkum.

    • 43 min
    Episode 14: Privacy by Design

    Episode 14: Privacy by Design

    Privacy By Design is one of the key elements of good data protection, and is made mandatory by Article 25 of the GDPR. But what does PbD mean in practice? In this podcast, we look at the key elements of PbD, discuss some actual use cases, and examine how to apply PbD on the ground.


    GDPR Now! Is brought to you by This Is DPO.
    www.thisisdpo.co.uk.


    Guest
    Sam Bouso, Founder and CEO of Precognitive Inc.,
    sbouso@precognitive.io
    https://precognitive.com/


    Host
    Mark Sherwood-Edwards
    info@thisisdpo.co.uk


    Materials


    Recommended By Sam Bouso
    Article
    “Privacy By Design Is Important For Every Area Of Your Business” is a good general intro


    Book
    “The Ultimate GDPR Practitioner Guide: Demystifying Privacy & Data Protection”
    Especially Chapter 11 which has solid examples and areas of focus for those trying to implement PbD.


    Ann Cavoukian’s 7 principles of PbD


    Proactive not reactive; preventive not remedial
    The privacy by design approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. Privacy by design does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent them from occurring. In short, privacy by design comes before-the-fact, not after.


    Privacy as the default
    Privacy by design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system, by default.


    Privacy embedded into design
    Privacy by design is embedded into the design and architecture of IT systems as well as business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system without diminishing functionality.


    Full functionality – positive-sum, not zero-sum
    Privacy by design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by design avoids the pretense of false dichotomies, such as privacy versus security, demonstrating that it is possible to have both.


    End-to-end security – full lifecycle protection
    Privacy by design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved — strong security measures are essential to privacy, from start to finish. This ensures that all data are securely retained, and then securely destroyed at the end of the process, in a timely fashion. Thus, privacy by design ensures cradle-to-grave, secure lifecycle management of information, end-to-end.


    Visibility and transparency – keep it open
    Privacy by design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify.


    Respect for user privacy – keep it user-centric
    Above all, privacy by design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric.


    See also:
    https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf


    https://iapp.org/resources/article/privacy-by-design-the-7-foundational-principles/


    Look

    • 40 min
    Episode 13: Governance – what’s needed to run a good data protection regime?

    Episode 13: Governance – what’s needed to run a good data protection regime?

    What are the building blocks of good data protection governance? In this broad-ranging discussion, we talk to James Leaton Gray about his assessment of current data protection in the UK, what it takes to run a good data protection regime, different target operating models, how different parts of the business need to work together, the evolving role of the DPO, privacy and privsec, common mistakes and – critically – how move the data protection regime up the value chain. Plus the opportunities open to organisations that manage to establish a relationship of trust with their data subjects.


    GDPR Now! Is brought to you by This Is DPO.
    www.thisisdpo.co.uk.


    Guest
    James Leaton Gray, Director of The Privacy Practice.
    http://www.privacypractice.co.uk/
    Email: jlg@leatongray.com
    Telephone: +44 7740 818036


    Host
    Mark Sherwood-Edwards
    info@thisisdpo.co.uk


    Materials
    None relevant


    Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk
    Special Guest: James Leaton Gray.

    • 44 min
    Episode 12: Brexit!

    Episode 12: Brexit!

    What do UK companies need to do if the UK crashes out of the EU? This podcast discusses the privacy implications for UK companies after October 31st and what they should be doing – now – to prepare for a hard Brexit.


    At the time this podcast was recorded, a hard Brexit is scheduled for October 31st


    GDPR Now! Is brought to you by This Is DPO.
    www.thisisdpo.co.uk.


    Guest
    Oana Dolea
    GDPR Practice Lead, D2 Legal Technology
    Email: oana.dolea@d2legaltech.com
    Website: www.d2legaltech.com


    D2 Legal Technology LLP
    Level 39
    One Canada Square
    London E14 5AB
    Telephone: +44 737 747 2019


    Host
    Mark Sherwood-Edwards
    info@thisisdpo.co.uk


    Materials


    The Data Protection Implications of a 'No-Deal Brexit', Douwe Korff
    https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3441617


    EDPB Information note on data transfers under the GDPR in the
    event of a no-deal Brexit
    https://edpb.europa.eu/sites/edpb/files/files/file1/edpb-2019-02-12-infonote-nodeal-brexit_en.pdf


    EDPB view on Article 49 derogations
    https://edpb.europa.eu/our-work-tools/our-documents/nasoki/guidelines-22018-derogations-article-49-under-regulation-2016679_en


    Questions, ideas, appearing
    Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk
    Special Guest: Oana Dolea.

    • 37 min
    Episode 10: Cookie Consent Software Reviewed! Part 1: What the Regulators expect

    Episode 10: Cookie Consent Software Reviewed! Part 1: What the Regulators expect

    Managing consent for cookies has become a key issue. In this two-parter, we look at what the regulators (and in particular the UK ICO) require in relation to cookies (Part 1) and then – in an industry first - review three industry leading consent management tools: Cookie Control, Cookiebot, and Cookie Pro (Part 2).


    GDPR Now! Is brought to you by This Is DPO.
    www.thisisdpo.co.uk.


    Guest
    Karen Heaton
    Director, Data Protection 4 Business
    karen.heaton@dpo4business.co.uk
    www.dpo4business.co.uk


    Host
    Mark Sherwood-Edwards
    info@thisisdpo.co.uk


    Corrections & Clarifications


    Cookie Control from Civic UK:
    -Cookie Control supports an unlimited number of categories. The categories can be updated/added at any point.
    -Cookie Control allows the user to define the time period that the consent is valid for. Also Cookie Control can be configured to request user consent if there is a change in the privacy policy of the website.
    -All Cookie Control Licences have no page limits including the free one. The Pro version simply offers more features like unlimited subdomains geolocation, multilingual support, integration with IAB and branding.
    -All licence costs are annual.


    Materials
    If you would like copies of the completed questionnaires, please email your requests to:
    karen.heaton@dpo4business.co.uk
    or
    info@thisisdpo.co.uk


    The three cookie consent tools reviewed are:
    Cookiebot
    https://www.cookiebot.com/
    Contact: mail@cookiebot.com


    Cookie Control
    https://www.civicuk.com/cookie-control
    Contact: info@civicuk.com


    CookiePro
    https://www.cookiepro.com
    Contact: sales@cookiepro.com


    Questions, suggestion for improvement, ideas for issues to be covered in future episodes, or if you would like to appear one of our podcasts, please contact us at info@thisisdpo.co.uk
    Special Guest: Karen Heaton.

    • 35 min

Top Podcasts In Business

Listeners Also Subscribed To