38 episodes

How does GDPR, data privacy and data protection impact your business? In this podcast, Tom Fox, the Voice of Compliance hosts Data Privacy/Data Security expert Jonathan Armstrong, co-founder of Cordery Compliance. They use the framework of GDPR to discuss a wide range of issues relating to data privacy and data protection. If you are a compliance professional, business leader or InfoSec security expert this is the podcast to learn about what is happening in the UK, EU, US and beyond.

Life with GDPR Tom Fox

    • Business

How does GDPR, data privacy and data protection impact your business? In this podcast, Tom Fox, the Voice of Compliance hosts Data Privacy/Data Security expert Jonathan Armstrong, co-founder of Cordery Compliance. They use the framework of GDPR to discuss a wide range of issues relating to data privacy and data protection. If you are a compliance professional, business leader or InfoSec security expert this is the podcast to learn about what is happening in the UK, EU, US and beyond.

    H&M Fined €35.2 for Data Privacy Breaches

    H&M Fined €35.2 for Data Privacy Breaches

    In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode, we consider recent decision by the Hamburg Data Protection Authority which fined H&M Germany €35.2m for GDPR violations. The case concerned excessive use of employee data and is the largest fine so far imposed by regulators for the handling of employee data. We are likely to see more pressure on employers to justify the handling of employee data as a result of today’s fine. Some of the highlights are: 

    What did the regulator say?

    What did H&M do after the investigation began?

    What about the current pandemic?

    What are the implications going forward?

    What is this decision’s precedential value?

    What are some practical tips for compliance?

    Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 22 min
    Schrems III-Impact on the Transatlantic Digital Trade

    Schrems III-Impact on the Transatlantic Digital Trade

    In this episode, I am joined by Jed Gardner of Linedata to discuss some of the practical aspects the Schrems III case, where the Court invalidated Privacy Shield. Some of the highlights are:

    Why was this and what are the wider impacts to transatlantic digital trade? 

    When does this come into effect? Is there any grace period? 

    Let’s look at a transatlantic organization (Investment Firm). What risks are they now dealing with? 

    What should businesses be doing with their technology to address the ruling and ensure they can meet the EU GDPR data privacy regulations? 

    Check out the Linedata on their homepage here.
    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 21 min
    Emergency Podcast on Schrems III

    Emergency Podcast on Schrems III

    In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we do our first emergency podcast based upon the European Court of Justice’s decision handed down July 16 on the Schrems III case, where the Court invalidated Privacy Shield. Some of the highlights are: 

    What were the issues involved in this case?

    What did the Court find wanting in Privacy Shield?

    What are the differences in the European and American approach that led to this result?

    What was the ruling around standard contract clauses for data transfer?

    What are the implications going forward?

    Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 16 min
    Duty of Data Processor to Report Data Breach

    Duty of Data Processor to Report Data Breach

    In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Swedish Data Protection Authority recently imposed a fine of 200,000 Swedish kronor (approximately €18,700 or $21,320) on the Swedish National Government Service Centre (“the NGSC”) for failing to notify both the Data Protection Authority and others about a personal data breach in sufficient time.  Some of the highlights are:

    What were the issues and interests involved in this case?

    What are the requirements for a reporting of a data breach under GDPR?

    What are the differences in duties of the Data Processor and Data Controller?

    What are the implications going forward?

    What is this decision’s precedential value?

    Is the decision Kafkaesque in its reasoning?


    Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 15 min
    Requirements for the DPO

    Requirements for the DPO

    In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Belgian Data Protection Authority which imposed a fine of €50,000 ($54,203) on an un-named organization for non-compliance with the GDPR conflict of interest requirement; in the selection of its Data Protection Officer.  Some of the highlights are:

    What were the issues and interests involved in this case?

    What are the requirements for a DPO under GDPR?

    How and why was the company ‘seriously negligent’?

    What are the implications going forward?

    What is this decision’s precedential value?

    How much expertise, authority and autonomy must a DPO have going forward?


    Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 23 min
    Verbal Reporting under GDPR

    Verbal Reporting under GDPR

    In this episode I visit with Jonathan Armstrong are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the issue of verbal reporting under GDPR, in the context of the case of Scott v. LGBT Foundation. Some of the highlights are:

    What were the issues and interests involved in this case?

    What is a relevant filing system for automated data under GPDR?

    When does the public health and safety outweigh data privacy?

    Was Scott’s data processed by the LGBT Foundation?

    What is the necessity test?

    Check out the Cordery Compliance, client alert on the case of Scott v. LGBT Foundation, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
    Learn more about your ad choices. Visit megaphone.fm/adchoices

    • 19 min

Top Podcasts In Business

Listeners Also Subscribed To