64 episodes

How does GDPR, data privacy and data protection impact your business? In this podcast, Tom Fox, the Voice of Compliance hosts Data Privacy/Data Security expert Jonathan Armstrong, co-founder of Cordery Compliance. They use the framework of GDPR to discuss a wide range of issues relating to data privacy and data protection. If you are a compliance professional, business leader or InfoSec security expert this is the podcast to learn about what is happening in the UK, EU, US and beyond.

Life with GDPR Tom Fox

    • Business

How does GDPR, data privacy and data protection impact your business? In this podcast, Tom Fox, the Voice of Compliance hosts Data Privacy/Data Security expert Jonathan Armstrong, co-founder of Cordery Compliance. They use the framework of GDPR to discuss a wide range of issues relating to data privacy and data protection. If you are a compliance professional, business leader or InfoSec security expert this is the podcast to learn about what is happening in the UK, EU, US and beyond.

    Data Transfers from EU/UK to US

    Data Transfers from EU/UK to US

    Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we take up the proposed agreement for data transfers from the EU (and UK) to the US. Some of the issues we consider in the myriad of questions around this latest version of Privacy Shield include: 
    1.     Is this simply an agreement to agree?
    2.     Who will populate the independent court review in the US?
    3.     Will US spy agencies ever comply?
    4.     Will there be a real deal by the end of 2022?
    5.     Is this simply a temporary solution.
     Resources
    For more information on the new data transfer agreement, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 24 min
    Clearview AI Redux

    Clearview AI Redux

    Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we consider the Italian Data Protection Authority (the Garante) fine against Clearview AI €20m for GDPR violations.  It is the latest in a series of regulatory actions in Europe and in Australia against Clearview AI and it also continues a trend of AI enforcement in Italy.
    1.     Who is Clearview AI?
    2.     What is this matter about?
    3.     The background facts and the Italian investigation.
    4.     What did the Garante say?
    5.     Lessons learned and next steps.
    Resources
    For more information on the Italian Clearview AI enforcement action, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 17 min
    Tuckers Enforcement Action

    Tuckers Enforcement Action

    Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we consider the UK Data Protection Authority, the Information Commissioners Office (ICO) recent announcement that it had fined a law firm, Tuckers Solicitors LLP for GDPR breaches.  Tuckers was fined £98,000 after being hit by a ransomware attack.
    1.     Law firms are not unique.
    2.     What about other legal regulations and regulatory bodies?
    3.     The background facts.
    4.     What did the ICO say?
    5.     Lessons learned.
    Resources
    For more information on the Tuckers enforcement action, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 19 min
    Privacy Shield 3

    Privacy Shield 3

    Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, consider the recently announced EU/US resolution to allow data transfer from the EU to the United States through the mechanism of Privacy Shield 3. Some of the issues we consider include:
    1.     Is it Déjà vu all over again?
    2.     What about consent and standard contractual clauses as a basis for data transfer?
    3.     What was the court’s ruling?
    4.     Why double due diligence will be required going forward?
    5.     What about the UK?
    6.     What does Max Shrems have to say?  
     Resources
    Check out the Cordery Compliance, client alert on this topic, click here and here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 16 min
    The Case of the Rogue Employee

    The Case of the Rogue Employee

    Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In the 2020 Morrisons case the UK Supreme Court ruled that an employer can be legally responsible for data breaches caused by their employees, although in the particular situation in that case the court ruled that Morrisons (the employer) was not liable for the actions of their rogue employee. In this episode, Tom and Jonathan look at the more recent case of Isma Ali v. Luton Borough Council where the High Court ruled that in committing the data security breach actions the rogue employee undertook, she had solely pursued her own interests and so the employer was not liable for her conduct. Some of the issues we consider include:
    1.     What were the underlying facts of the case?
    2.     What was the court’s ruling?
    3.     Key Takeaways for the data privacy, data protection practitioner, including:
    ·      Take a close look at security measures and ensuring that access rights are policed. Data loss prevention and monitoring systems should also be in place to check for large data files leaving the organization - depending on the circumstances, a rogue employee might be after a lot of data;
    ·      Put in place appropriate policies and procedures to make sure that data protection principles like data security and data minimization are properly understood;
    ·      Perform a Data Protection Impact Assessment for new processes;
    ·      Make sure that employees in trusted roles are reliable and that their access rights are reviewed.  
    ·      Put in place and rehearse a data breach notification procedure, including detection and response capabilities;
    ·      Training staff on all of the above; and,
    ·      Check existing insurance or taking out new insurance to cover the range of potential risks from "innocent" errors to the actions of a rogue employee. 
     
    Resources
    Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 15 min
    The Case of the Smart TV

    The Case of the Smart TV

    Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, dissect the case of the Smart TV and considers its implications for de minimis cases brought under GDPR. Some of the issues we consider include:
    1.     What were the underlying facts of the case?
    2.     Was the case filed in the correct court (High Court)? If not, why not?
    3.     What was the court’s ruling?
    4.     What is the viability of a de minimums claim going forward?
    5.     When dealing with data protection infringement compensation claims, look to cases from other jurisdictions.
    6.     No matter how seemingly trivial, organizations should be prepared for them and manage them with care.  
     Resources
    Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 17 min

Top Podcasts In Business

Ramsey Network
Jocko DEFCOR Network
Andy Frisella #100to0
NPR
Guy Raz | Wondery
Barstool Sports

You Might Also Like

Ensurety
Michael Bazzell
ITWC
CISO Series
Jedidiah Bracy, IAPP Editorial Director
Paul Breitbarth and K Royal