CCTV & GDPR

Posted on November 20, 2019 by Security in Shredding

When we think of GDPR data protection, most of us have a tendency to consider organisations retaining specifics, such as our name, date of birth, address, financial details etc. But there is a manner of attaining data that is so prevalent we scarcely notice it anymore – CCTV.

If your company makes use of CCTV, you must know that the images compiled are categorised as personal data and subject to GDPR data protection regulations. In order to be GDPR compliant you need to have a clear policy stating the reasoning behind it, security, risk of theft etc. People need to be aware they are being recorded on CCTV so it is necessary to place signs in areas that are observed with CCTV.

Your policy should also include how long you intend to keep the footage for which is generally accepted as 30 days. If you need to keep it longer your policy will need to include why it is necessary for it to be kept this long. Here you can find detailed information on the code of practice for CCTV.

Eventually it will be necessary to delete old footage, your system will most likely have a setting that will auto delete over a number of days depending on what you set it to. However, if you decide to upgrade your entire system your hard drives will need to be destroyed as data can be recoverable long after it is deleted and removed from your system. This can be detrimental to your compliance with GDPR. I would recommend the use of data destruction services. Here at ‘Security in Shredding’ items received for destroying data are logged on our asset tracking software; our clients receive a comprehensive report during the invoicing stage in order for complete traceability. This will allow you peace of mind and keep your business at the highest standard of security and compliance.

Security in Shredding

Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.

Why I need to Shred – Shredding Company or In-House?

Posted on November 6, 2019 by Security in Shredding

Why do I need to Shred Data?

On the 25^th May 2018 a new law came into play, The General Data Protection Regulation (GDPR) affecting businesses of all shapes and sizes.

All business, Irish Business or International generate and process data through their operations. This data has to be created, managed and destroyed (i.e. Through a Paper Shredding Service, In-house Shredding and/or Hard-Drive Shredding Service).

The GDPR splits data mainly into two categories;

Personal Data (i.e. information which can directly connect to or identify a living person such as; name, phone number, medical history etc.)

Special Category Personal Data (i.e. personal data in relation to; ethnicity, political/philosophical opinions/beliefs, religion, mental health, criminal records etc.)

Each of the above categories have specific requirements when processing such information. This means it is important to know what category you are processing.

Enforcement Authority

Each EU state has an independent public authority accountable for enforcing the implementation of this regulation. This is the Data Protection Commission in Ireland.

The GDPR harmonized the rules to how data is to be managed in order to protect individuals. The management includes, the gathering/creation of the data through to the final destruction/disposal of the data through a paper shredding service or IT Asset Disposal Service.

Paper Shredding, Data Management, GDPR, Onsite Shredding Service, Shredding Service

There are serious implications that can occur if a business does not follow the GDPR requirements. It may be a warning or a large penalty of at least 4% of your annual global turnover or €20 million – whichever is higher. Compliance is essential.

Shredding Service Industry Associations

There are many associations across the world for Shredding Companies to become a member. This provides peace of mind for individuals as the Association can apply guidelines for their members to be compliant with International Legislation.

Length of Time Storing Data Prior to Secure Shredding / Data Erasure

Information must be kept for as little time as possible. It is important to take into account why your company needs to store this data; is there a legal obligation? A system should be put in place with time limits/reviews and updates to out of date information/data.

To summarise, you need to shred/destroy out of date records/files/documents because it is the law. In order to be fully compliant it is invaluable to use a quality certified destruction service that will not only ensure all data is eradicated but will also provide compliance certification for your records. This will be invaluable when proving that your company/business is fulfilling their obligation to the GDPR.

The law is reason enough to shred on its own but how do businesses know what service best suits them? In our upcoming blog posts I will be discussing different types of shredding, what makes the shredding company you choose legally compliant and if onsite or offsite shredding would work best for you?

For Further info – please contact the team at Security in Shredding info@securityinshredding.com

Security in Shredding

Irish Companies must do more to protect themselves

Posted on September 6, 2017 by Security in Shredding

In 2015 The Irish Computer society carried out a nationwide survey in order to ascertain data protection professional’s opinion in the area of data protection.

Data Protection

Results

The results show that of the 150 companies who took part in the survey, 15% had no data retention /destruction policy in place. This places these Organisations at sever risk of non-compliance with the GDPR due to come into force in May 2018. Another significant result from the survey showed that companies firmly laid the blame for 45% of all data breaches on employee negligence. Employee negligence can result in significant fines for Organisations that fail to have adequate procedures in place to manage Data Protection, secure paper Destruction/IT disposal, once the said information has reached its retention period.

Data Retention

In line with the Data Protection Acts, all data controllers are required to retain information for no longer than is necessary for the purpose. With that in mind, an accurate retention policy for all documentation ensures that a company can keep track of their different legal requirements. When there is no policy in place companies run the risk of losing data, storing both paper and digital files longer than is necessary, experience breaches in information security while also breaking the regulations under the Data Protection Act.

Data Destruction

The Data Protection Act places the responsibility on companies for the safe disposal/destruction of information in their possession. Responsibility for secure destruction, falls under the remit of the data controller and it their responsibility to ensure that their disposal practices are compliant. If a company intends to hold information regarding customers in order to enhance services to them in the future, customer consent must be sought!

Employee negligence

Employees with a grudge are responsible for some breaches, however many are due to employee negligence, maybe by ignoring a warning, not following proper procedures or just by human error. Employee breaches can fall into 3 categories:

Innocent actions: wrongly addressed letters, misplacing mobile phones
Careless or negligent: ignoring warnings that flash up on computer screen, releasing information in either the form of paper or IT equipment to a non-compliant individual/organisation to process.
Malicious: the deliberate distribution of sensitive information to a third party

Innocent Data Breach Example

In 2016, American giant, Federal Deposit Insurance Corp experienced an innocent data breach through a past employee. The employee in question, “inadvertently and without malicious intent” downloaded a series of confidential documents relating to client and commercial information and saved them to a portable storage device. It is scenarios such as this that significantly justifies the importance for businesses (large & small) to have detailed Data Protection procedures in place. These procedures are created to establish regulatory compliant methods for processing, storing and the secure disposal of the data within their control. Providing peace of mind to management that their systems and practices are fully compliant.

Careless/negligent

Carelessness is one risk that is difficult to control from managements perspective. The best method for management to protect their business is to focus on what they can control. In this case, educating employees and establishing effective monitoring procedures are two factors that management can control.

An example of effective education and monitoring would be to implement secure console units (secure bins) throughout your office space and introduce a procedure for all employees, informing them to insert all waste paper data in the provided consoles.

confidential shredding, secure bin

At the end of each week, conduct a spot check on all the remaining general waste bins inspecting for waste paper data. Continue this process for a number of weeks, highlighting non-compliance to all staff members, implement disciplinary procedures and monitor for improvement to attain 100% compliance.

Malicious

Similar to human error, malicious behaviour is extremely difficult and near impossible to control. The best method of equipping your Organisation for this kind of behaviour is to review all employment/HR guidelines and clearly outline your Organisation’s stance on malicious behaviour. This can result in criminal conviction of the said employee if proof of the malicious behaviour has been recorded.

Conclusion

With the introduction of the GDPR from Europe, Data Protection has become one of the most relevant and important compliance areas for Organisations to review and correct if deemed necessary. Lack of preparation may result in business ending penalties from Europe and simply cannot and should not be risked. It may seem daunting to undertake such a review however the resulting protection will far outweigh the workload of completing the review.

Fail to prepare, prepare to fail!

If you would like to receive any further information upon the GDPR and how to become compliant, please contact the team at Security in Shredding.

Security in Shredding

Do Irish Companies need a Data Protection Officer? – Companies Ireland

Posted on November 22, 2016 by Security in Shredding

onsite paper shredding, paper shredding ireland, shredding company ireland, data protection officer

Image source: gdpr-info

Companies in Ireland – the General Data Protection Regulation (GDPR).

Within the EU GDPR there is a mandate for certain companies including specific Companies operating in Ireland that a Data Protection Officer is appointed within their business.

This Data Protection Officer will be the “go to” person within Irish companies and will manage the responsibility for Data Protection Compliance.

Responsibilities for the Data Protection Officer include but are not limited to;

Monitoring the company’s compliance with The Data Protection Law, managing training of staff for data protection and carrying out audits within the Organisation.
Providing advice to the Organisation relating to their obligations under the GDPR
Acting as the main contact point within the Organisation for the local Data Protection Authority (The Data Protection Commissioner)

Not all Irish companies will require to have an appointed DPO.

The circumstances listed below will require companies in Ireland will have a DPO;

Public Authorities processing public data (except for courts in their judicial capacity)
The Company in Ireland has a core activity which involve data processing operations and “require regular monitoring of data subjects on a large scale
The core activities of the organisation involve the processing of sensitive personal data on a large scale.

The specific size of the above listed processing activity is not detailed within the GDPR. There is not identifiable cut off point but it would be advised that Irish Companies to act on the side of caution rather than face the extreme financial sanctions for breaking the Law.

Under Article 58 of the GDPR, in Ireland, the Office of The Data Protection Commissioner will be able to fine Irish companies who are found guilty of a data breach. Article 58 does not differentiate between an accidental breach and a deliberate breach. Fines for a data breach have been increased to a maximum of 20 million Euro or 4% of their global turnover, whichever is the larger.

If there was ever an appropriate time for Irish Companies to review all of their data processing activities, identify to whom they are releasing data to both digital data and paper data, it is now before the fines are in place and enforced.

Within the GDPR, a single DPO can represent multiple organisations and does not have to be a member of staff belonging to the specific Company. Therefore, several organisations can collectively appoint one DPO to represent their combined interests.

Currently it is clear to see through research conducted that the expected compliance is not matched by the level of knowledge and awareness within the market. An underestimated figure of 28,000 Data Protection Officers will need to be appointed throughout Europe before the GDPR becomes law.

For more information upon compliance with the GDPR please contact the Security in Shredding team for assistance.

Save

Security in Shredding

Five tips for Data Protection Compliance

Posted on October 14, 2016 by Security in Shredding

Mobile paper shredding, onsite paper shredding service, onsite paper shredding, paper shredding service, confidential paper shredding service, offsite paper shredding service, onsite paper destruction service, document shredding services

Image source; lbenitez

With the introduction of The General Data Protection Regulation this year it is essential for Organisations to know that they are complying with the legislation. The first step in compliance is awareness and this article will give a brief overview of some tips to take into account to protect your Organisation. From data consent to third party data processing such as a confidential paper shredding service, I aim to guide you in the right direction.

A. Consent

Always obtain the data subjects consent prior to holding or using their personal data. All forms both physical and web-based which are designed to gather personal information should contain a statement detailing what the information is to be used for.

B. Sensitive data

When dealing with sensitive personal (race, political opinion, mental health etc.) data additional measures should be in place to ensure the security of the data. When this data has reached its end of life always securely destroy the data through a paper shredding service.

C. Individual rights

Be aware of individual’s rights when dealing with information held upon them. If preparing reports always be aware that individuals have the right to see all personal data held about them which also includes emails and informal notes that have not gone through your document shredding service in place.

D. Review files

Data should only be retained when and where absolutely necessary. Securely disposal of the data once it is no longer required through an onsite paper shredding service and/or an offsite shredding service with a data processing firm and under contract. Establish and record regular reviews of the data in your control.

E. Secure disposal of records

When discarding waste data in paper format it is imperative to treat them confidentially. Never discard end of life data with conventional recycling streams. Waste paper data is not the same as general sorted office waste (SOW) before it is destroyed due to the fines and penalties attached to them for a breach. Always hire a professional paper shredding company to secure shred all documents and receive a certificate of data processing. The same applies to waste electronic data carriers such as hard-drives, always securely destroy them through a hard drive shredding service.

For any advice upon data protection and making your Organisation compliant please do not hesitate to contact one of our team through our website www.securityinshredding.com.

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Save

Security in Shredding

Confidential Paper Shredding Industry welcome Budget 2017 increase in funding for The Data Protection Commissioner

Posted on October 14, 2016 by Security in Shredding

off site paper shredding service Ireland, offsite paper shredding service Ireland, paper shredding Dublin, paper shredding Cork, paper shredding Galway, paper shredding Limerick, secure document shredding Dublin, secure document shredding Cork, secure document shredding Galway, secure document shredding Limerick, confidential shredding Dublin, confidential shredding Cork, confidential shredding Galway, confidential shredding Limerick, shredding companies Ireland

Image source; memcreator

This week confidential paper shredding service vendors welcome the decision in this weeks budget for additional funding being allocated to The Data Protection Commissioners office. The additional funding makes up an increase of €2.8 million to the previous figure. This increase brings the total funding from The Irish Government for 2017 to €7.5 million. This much welcomed funding will be allocated to police and enforce the Data Protection Acts and protect Irish citizen’s data.

Even with the relatively small geographical size of Ireland, it has been difficult for the policing authority to monitor all activates by Organisations to ensure compliance with Data Protection.

An example; it can be difficult to investigate whether Organisations are complying with requirements for Data Processing (paper shredding) Cork while also completing the same for paper shredding Galway with almost 200 Kilometres in-between. The welcome news will certainly make an improvement in Ireland for Data Protection compliance and in turn protect our personal information.

Whether it be confidential paper shredding Dublin or confidential paper shredding Limerick this announcement will help The Data Protection Commissioner to increase their employee numbers and enable them to fill in their new role with The General Data Protection Regulation from Europe.

Vice Chairman of the ISIA (SDD Division) said “This additional funding is a great step to further protecting European citizen’s personal data. With fines for a breach of legislation increasing up to €20 million it is a welcome announcement and Organisation now have the opportunity to comply.”

Shredding Companies Ireland will also have to make the leap to become compliant data processing firms, today there can be a number of high risk vendors in operation and education is the first step in protecting our data.

For any advice upon data protection and making your Organisation compliant please do not hesitate to contact one of our team through our website www.securityinshredding.com.

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Security in Shredding

Protecting your online privacy – Top tips (Part 2 of 2)

Posted on October 7, 2016 by Security in Shredding

Offsite document shredding, offsite document shredding, shredding Ireland, paper shredding Ireland, on site paper destruction Ireland, mobile paper shredding, off site paper shredding service Ireland.

Image source: betanews

As mentioned in our previous article, information in paper form can be destroyed through an onsite paper shredding service Ireland or an in-house onsite paper shredding facility.

Reputable paper shredding companies with the required certifications can also provide offsite document shredding services where your paper data is released to be destroyed under contract. The key points here are that the vendors providing the offsite paper shredding service have the required certifications and you have agreed under contract for the data to be processed which is the actual paper shredding process.

When talking about releasing personal paper files for offsite paper shredding the majority of people will always be concerned with whom they are giving the data to however when the data is in digital form and communicated through the internet the same level of caution does not always be applied.

Our first five tips to protect yourself online were;

In this article we will list our final five tips on protecting yourself online.

#1. Be aware of potential monitoring at work

In many Countries employees have little to no privacy protection from their employers. With this in mind, when discussing sensitive topics in email be sure of whom you are communicating to. Keep private data on your home network at home.

#2. Be aware of rewards & prizes offered by sites.

More than likely these kind of sites are gathering information for direct marketing purposes. In this scenario your name and address s sold for marketing purposes.

#3. Be conscious of your home computer security

If you home computer is set up on a DSL line that runs 24 hours be sure to turn off your computer when not using it. Many PCs will have poor security levels and system hackers will search for vulnerable computers and can invade them and get into your files and personal details.

#4. Use encryption

Good encryption will utilise security codes that are difficult crack and protect your data. There are easy to use mail and file encryption services available out there. Hopefully all devices will come with security encryption built into their servers, until then, be aware and be safe.

#5. Never reply to spammers

These Spam messages also known as unsolicited bulk email need to receive a response to tell their system that this email is being used. If you end up opening one of these messages check to see if there is anything in your outgoing box in case there is a return receipt attached to the mail. If you are getting spammed there are a great deal of filters and anti-spam services available out there.

Awareness if key, receive some education and proceed with caution are the best tips to have. Technology is every advancing and with it you also need to evolve, increase your knowledge and you will be in a safer position.

For more information on online security or confidential paper shredding service Ireland please contact one of our team on info@securityinshredding.com.

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Security in Shredding

Protecting your online privacy – Top tips (Part 1 of 2)

Posted on October 6, 2016 by Security in Shredding

onsite-shredding-paper-shredding-comapny-secure-shredding

Image source: techgoondu

Unlike information that is produced in paper format that can be gathered and destroyed through document shredding services Ireland or an in-house on site paper shredding facility, information in digital format on the internet can be far more difficult to destroy and delete.
This article will go through the first half of our top tips for protecting your information online.

#1. Do not give your info away inadvertently

Many people are allowing their information to be recorded without even knowing it. In order to battle this problem, it is always a good idea to configure your web browser settings to best suit your requirements. Examples would be not to use a personal email address or your real personal details that you do not wish to share.

#2. Use cookie management software or turn on cookie notices

What are cookies? Well, they are small amounts of information that web sites store on your computer. In many cases they can be helpful for example, if you log into a website regularly such as a customer login to a paper shredding company website, the cookies can be usernames and passwords to save you from typing them in every time you log in to view your confidential shredding service information.
Other cookies can be identified for data mining purposes that will track ALL of your activity upon a given website. Most of these cookies can only be translated by the entity that made them. Many companies that manage online advertising are simply cookie sharing rings that track all of your activity to effectively market and advertise to you. If you are not aware of the cookies, you cannot protect yourself.

#3. Have a specific email account for tasks

When you may be mailing to an unknown account or posting to forums or newsgroups it is best to do this from a second “specific” email address. Addresses posted to public spaces are at high risk of being discovered by spammers. If your email begins to get inundated with spam that you cannot just securely shred to get rid of you can kill it off and start a new specific email for your more public activities.

#4. Do not share with unknown people

In conjunction with the developments of the internet, new brief friendships have increased proportionally also with many people “befriending” people that they do not actually know. Be careful because you are allowing them access to certain information upon yourself and if ever meeting in person do so in a public place. Information that should not be shared with new people immediately include but are not limited to; your place of work, your full name, your personal address, your contact number and your date of birth.
In the commercial sector, be aware of “befriending” on the short term as it is a common social engineering form of spying to get them to reveal personal information.

#5. Study privacy policies and seals

When looking at any website to do business with you should always be aware of their details relating to data privacy. Points to watch include, does the site have a posted privacy policy, does the site have a physical address or postal address. Read their policy carefully to decide if they are an entity to do business with.
Online information and Data Protection are of serious importance and awareness is key to your protection. If you are not aware you cannot protect yourself. I hope this article helps you in becoming aware and in turn more protected.
We will cover five more points in our next article that will wrap up or top tips for online privacy protection. For further information, please contact one of our team on info@securityinshredding.com

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Save

Security in Shredding

Identity theft – stats, tips and how to protect your information

Posted on September 30, 2016 by Security in Shredding

on site document shredding, onsite document shredding, clear out shredding, purge clear out service, off site document shredding, offsite document shredding, off site document destruction, offsite document destruction, shredding Ireland, paper shredding Ireland, paper shredding Ireland, on site paper destruction Ireland, onsite paper destruction Ireland

Image source: acuantcorp

Paper shredding in Ireland is a growing industry sector and for good reason. Approximately 7% of all adults within the US have their identities misused with substantial financial losses equating to approximately €3,000.

Close to 100 million additional people have their personal identifying information put at risk of identity theft each year when records from Government & Corporate databases are misplaced or stolen. It makes total sense to see secure, professional, and regulated destruction services being introduced and increased in Ireland. Services such as on site document shredding, clear out shredding, purge clear out services and off-site document shredding services are there for all Corporates and Governments to implement to protect your and my identity.

The level of sophistication used by organised crime to facilitate identity theft is ever increasing. Examples of such sophistication to name but a few are; tailored vishing scams, hacks of corporate and government databases to elaborate bots designed to hack your computer without leaving a trace.

Image source: prince.org

The more historic/basic methods of identity theft are still out there with high numbers of people being a victim of. Simply pick pocketing wallets, going through your waste bins for sensitive paper, following waste trucks to sift through the waste material for paper and social engineering to trick innocent people into releasing personal information still work and work well.

Within this article, I will highlight some of the straightforward ways you can have your identity stolen with the hope that I can help some potentially targeted people in protecting their identity. There are also some tips to protect yourself when possible.

How you can be a victim

People going through a pharmacy waste bin, unfortunately not all pharmacies avail of offsite document shredding services and their bins can contain significant amounts of personal information.
People hacking into GP records, health records from a doctor’s office contain vital personal information. Many identity thieves will try to hack medical facilities electronic health records.
Never use your place of birth as your security question, it is easy to find out this information.
RFID scanner, many credit and debit cards are enabled for contactless payments. Yes, this is convenient but if a thief can get close enough to you he/she can make a convenient withdrawal at your expense.
Using camera phones, always be careful when you are in a situation where you need to show personal details and information, a camera phone could be watching you.
Accepting strange friend request on social media, if you do not know who they are, our advice does not accept.
Leaving bills in your mailbox for pickup, always deliver your bill personally
Putting cheques in the mail, if required always place additional paper within the envelope so the data cannot be seen under lights.
Never changing your passwords, you should always change your password at least once a year.
Failing to consider once off credit cards, it is a good idea if you are not a regular online shopper.
Leaving receipts behind, you should always take your receipts with you even if it only shows the last four digits of your account number.

For more tips to stay safe please contact one of our team at info@securityinshredding.com

Security in Shredding

Mobile paper shredding providers Security in Shredding go through Brexit and what it means for Data Protection and Privacy.

Posted on September 29, 2016 by Security in Shredding

Mobile paper shredding, mobile paper shredding Ireland, off site shredding service Ireland, offsite shredding service Ireland, paper shredding Dublin, paper shredding Cork, paper shredding Galway, paper shredding Limerick, secure document shredding Dublin, secure document shredding Cork, secure document shredding Galway, secure document shredding Limerick, confidential shredding Cork, confidential shredding Dublin, confidential shredding Galway, confidential shredding Limerick, shredding companies Ireland

Image source: siliconrepublic

Uncertainty is ever present when dealing with Data Protection and since the Brexit referendum there is undoubtedly an increased level of uncertainty. Many questions are circling relating to how will this Brexit decision impact data processors and data controllers across key sectors of the UK and Irish economy.

For example, will paper shredding Dublin and the related legislations be the same as that in London, or will secure document shredding Galway be subject to separate legislation as that in Manchester. Similar issues arise when multinational Companies that for example, receive confidential shredding Limerick at their Limerick location and also receive confidential shredding Belfast in their Belfast location, will there be discrepancies in the requirements for each location to be compliant with Data Protection Legislation?

EU & The Single Market

Harmonisation of laws throughout Europe has been one of the main aspects of the EU. The current regulations for protecting personal data within both Ireland and The UK which include secure document shredding derive from EU Law. The Data Protection Commissioner in Ireland and the Information Commissioner in the UK released a statement saying that the on-going 1998 Act will remain law post Brexit.

Image source: bimetica

General Data Protection Regulation (Divergence of the Law?)

In May 2018 the General Data Protection Regulation will come into effect. Unlike its predecessor the Data Protection Directive, the GDPR will be a cross region regulation that will apply directly to all EU member states.

With The UK no longer being a member of The EU the GDPR will not apply to it. With this in mind there are many questions relating to the future path for UK data protection rules. In areas such as data transfers, subject access requests and data erasure whether it be paper shredding or Hard-Drive destruction.

If the UK wishes to remain a central location for IT & Finance then it will seem that they will have to comply with The GDPR, additionally if they wish to join the European Economic Area it will need to adopt the GDPR.

Image source: biopharma-reporter

What does it mean?

In plan terms, it is likely to remain business as usual for the next 12 – 19 months and the exit period is expected to take up to 2 years which ends a couple of months after the GDPR is implemented.

In many views, the Brexit outcome is beneficial to Ireland relating to Data Protection. The Republic will be the only English speaking nation with the benefits of being part of the EU free movements of services, people, goods workers and personal data.

This means that businesses can structure their operations so as to only be subject to one single data protection authority such as The DPC.

The content of is for information purposes only and does not constitute legal or other advice.

For more information please contact the Security in Shredding team.

Save

Security in Shredding

Why do I need to Shred Data?

The GDPR splits data mainly into two categories;

Enforcement Authority

Shredding Service Industry Associations

Length of Time Storing Data Prior to Secure Shredding / Data Erasure

Results

Data Retention

Data Destruction

Employee negligence

Innocent actions: wrongly addressed letters, misplacing mobile phones

Careless or negligent: ignoring warnings that flash up on computer screen, releasing information in either the form of paper or IT equipment to a non-compliant individual/organisation to process.

Malicious: the deliberate distribution of sensitive information to a third party

Innocent Data Breach Example

Careless/negligent

Malicious

Conclusion

Companies in Ireland – the General Data Protection Regulation (GDPR).

Responsibilities for the Data Protection Officer include but are not limited to;

The circumstances listed below will require companies in Ireland will have a DPO;

A. Consent

B. Sensitive data

C. Individual rights

D. Review files

E. Secure disposal of records

#1. Be aware of potential monitoring at work

#2. Be aware of rewards & prizes offered by sites.

#3. Be conscious of your home computer security

#4. Use encryption

#5. Never reply to spammers

#1. Do not give your info away inadvertently

#2. Use cookie management software or turn on cookie notices

#3. Have a specific email account for tasks

#4. Do not share with unknown people

#5. Study privacy policies and seals

How you can be a victim

EU & The Single Market

General Data Protection Regulation (Divergence of the Law?)

What does it mean?