Let's Talk Data Security

Shared by our experts
2 minute read

A stark reminder of the rules: BA faces eye-watering GDPR fine

Jul 8, 2019 8:43:17 AM


 

British Airways given £183 million fine for data breach – the first public GDPR fine in the UK

In the sunrise period for GDPR (the General Data Protection Regulation), it was a hot topic not just in the industry, but temporarily in the mainstream media as well. People with no interest in IT, never mind data security, were aware of the law and interested to see what was going to happen. A bit like how we all become Tennis aficionados for two weeks during Wimbledon. Since then, with (relatively speaking) small fines being issued which occurred under the old laws, the subject had left the mainstream again until today, with the news that the Information Commissioners Office (ICO) has handed down a fine of £183 million to British Airways (BA).


2 minute read

It’s a tricky balance: what CAN and MAY you test?

Jul 1, 2019 4:54:42 AM



You MAY not do testing with personal data...and many people say they CAN not do testing with anonymised data. But there is a balance between the two; you are both allowed to and able to do testing with data which is both realistic and scrambled.

The General Data Protection Regulation (GDPR) that came into effect in May 2018 has changed the world’s view on data privacy. Every organisation that is either doing business with European Union citizens, or based within the EU, has spent many hours on the topic. It has changed the way we think about and act on personal data, from both a personal and business view.


1 minute read

What does GDPR mean for global companies?

Mar 6, 2018 1:31:14 PM

Gartner predicts that by the end of 2018, more than 50 percent of companies affected by GDPR (the General Data Protection Regulation) will not be in full compliance with its requirements. Having been contacted recently by a number of global clients about GDPR, I’ve realized that there’s still a misconception that GDPR only applies to companies based in the UK or Europe.  


3 minute read

Protecting consumers: why is GDPR so important?

Jan 9, 2018 6:30:08 AM

Over the festive period, I’ve spent far more time in shops and watching telly than I normally would (and probably should). A couple of things jumped out at me which made me realise the importance of protecting our personal preferences and choices. This may sound like ‘bah humbug’ ranting – but it will come to a point, I promise.

2 minute read

Three ways to protect your SAP data from cyber criminals

Dec 15, 2017 1:43:20 AM

Reduce your attack surface
Security budgets have tripled in the past few years. Yet this is not enough to prevent data breaches. In 2016 alone, over 2 billion records were stolen; hacking expertise is escalating, and there are threats everywhere.  
 


2 minute read

GDPR: the Data Adequacy and Data Minimisation principle

Nov 23, 2017 6:16:57 AM

The Data Protection Act (current law) requires companies to ensure that they only collect the personal data they need for the purposes they have specified. They are also required to ensure that the personal data they collect is sufficient for the purpose for which it was collected.


1 minute read

Retention period: A minimum or a maximum?

Nov 3, 2017 12:33:38 PM


GDPR: are retention periods being considered a minimum or a maximum?

I’ve recently been in several meetings where a Data Protection Officer (DPO) or internal legal advisor has been discussing GDPR with IT team members. Interesting to see people with very different backgrounds and responsibilities discussing the various challenges of GDPR they are facing jointly. Several of the DPOs were keen to stress that a lot of the elements affected by GDPR are already in force as a result of existing country legislation created to comply with  the 1995 Data Protection Directive. For them, GDPR was in many ways welcome, because it’s ensuring that organisations take their obligations very seriously - even if those obligations are already there now, but have perhaps been overlooked.


2 minute read

Ready for GDPR: Non-Production Data Security

Aug 9, 2017 11:21:23 AM

My previous post explains how with the use of Data Sync Manager (DSM) and EPI-USE Labs you can ensure that the Data held in your non-production environments is proportional to its use, and therefore more compliant with Article 5 of GDPR. Of course, being proportionate is not the only method required to prove your compliance with GDPR; you can also consider obfuscating sensitive data. EPI-USE Labs is ready to assist here too.

From my research, Article 89 of GDPR deals with data security; this is a far-reaching topic, and rather than moving into network and security again, I’d like to focus on the SAP data and landscape.


2 minute read

Data protection by design in the SAP world

Jan 19, 2017 5:03:00 PM

Explicit in the General Data Protection Regulation (GDPR) legislation is the instruction that the protection of sensitive data must be ‘by design’.

In the past, ignorance was never a valid excuse concerning the old legislation, but the fines were so small that companies would happily plead ignorance, and pay the bill.


1 minute read

The Enterprise spread of personal data

Oct 27, 2016 1:53:00 AM

Data across your landscape

The accumulation of data today defies most minds. The amount is staggering… and it has been estimated that 90% of the world’s data has been captured in the last three years! In the enterprise data world, it isn’t just more data being captured, it’s also the same data being stored in multiple places. A company running 'wall-to-wall' SAP could be storing the same name, address or even bank account number in lots of places.