gdpr how it applies to the cloud London Cyber Major

GDPR - How does it apply to the cloud?

The cloud. It’s all the rage with technology companies nowadays, and for good reason.

‘Cloud computing’ refers to the provision of information technology services over the Internet.

These services may be provided by a company for its users in a ‘private cloud’ or by third-party suppliers. The services can include software, infrastructure (i.e., servers), hosting and platforms (i.e., operating systems). Cloud computing has numerous applications, from personal webmail to corporate data storage.

Continue reading

Data_Processor_Data_Controller_GPDR_Cyber Major_London

Data Controller? Data Processor? What’s the difference?

The concepts of the “data controller” and “data processor” were established by the 1995 EU Data Protection Directive and remain fundamentally similar under the GDPR. This does not mean they are straightforward or mutually exclusive.

In practice, the application of these concepts has become increasingly complex due to the evolving nature of the business environment, the increased sophistication of outsourcing, and the growing tendency of organisations to centralise IT systems. However, they remain key for determining the allocation of legal obligations under the GDPR, which is essential for protecting the rights and freedoms of data subjects.

A data controller is the natural or legal person or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. In other words, the data controller is the key decision maker with regards to personal data.

Continue reading

General Data Protection Regulation_Cyber Major London

GDPR- Not just for Europeans!

I don’t know about you, but I’ve seen plenty of people saying that the upcoming GDPR only applies to EU Citizens. Nope. This is a major misconception. Let me clear this up a bit.

The GDPR applies:

a) to the processing of personal data in the context of the activities of an establishment of a data controller or a processor in the EU, regardless of whether the processing takes place in the Union or not.


b) on a long-arm, extraterritorial basis to organisations which offer to sell goods or services to or who monitor individuals in the EU.

“Establishment” means the effective and real exercise of activity through stable arrangements. (the legal form of such arrangements, whether through a branch or a subsidiary with a legal personality, is not the determining factor in that respect).

And what does “in the context of activities of an establishment” mean? I think the Google Spain case decided by the Court of Justice of the European Union is really helpful here.

Continue reading

Want to know how much personal data your company has on you

Want to know how much personal data your company has on you? There’s an app for that!

Have you heard of subject access requests? Sounds a bit technical but it really isn’t. It’s just the process whereby a customer or employee of an organisation can request access to all the personal data that the company has on them.

Not only that, but the data has to be organised into a common-read, easily transferable document. This right for people in the European Union has been around a long time – specifically since the EU Data Protection Directive was passed in 1995. However, the upcoming GDPR really strengthens various aspects of that previous law and introduces new, more aggressive controls and rights.

For instance, with regards to subject access requests, the time limit that a company has to respond to your request has been reduced from 40 days to 30 days. Moreover, they can no longer charge for any request that you send them. Most importantly though, the entire culture of privacy is changing, and fast. No longer can organisations act as if these data processes are a side issue not worth their time or concern.

Continue reading

Privacy by Design, GPDR London, Cyber Major UK

Privacy by Design – Don’t get Left Behind

“Privacy by design” as a phrase may seem like common sense. After all, who on Earth would want to have their data monitored or outright stolen? Well, no one WANTS that to happen, but you would be surprised how few organisations are pro-actively thinking about that when designing or implementing policies/procedures.

The Privacy by Design framework dictates that privacy and data protection are embedded throughout the entire life cycle of technologies, from the early design stage through deployment, use and ultimate disposal or disposition. The foundational concept is that organizations need to build privacy directly into technology, systems and practices at the design phase, thereby ensuring the existence of privacy and appropriate controls from the outset. It’s a key recommendation of the upcoming EU GDPR.

Continue reading

Get in Touch

  • Phone
    0207 458 4088
  • Email
    This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Address
    40 Bank Street, Canary Wharf
    London, E14 5NR