Life with GDPR
Life with GDPR
Tom Fox
How does GDPR, data privacy and data protection impact your business? In this podcast, Tom Fox, the Voice of Compliance hosts Data Privacy/Data Security expert Jonathan Armstrong, co-founder of Cordery Compliance. They use the framework of GDPR to discuss a wide range of issues relating to data privacy and data protection. If you are a compliance professional, business leader or InfoSec security expert this is the podcast to learn about what is happening in the UK, EU, US and beyond.
Lessons Learned from The Singtel Opus Data Breach
Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they look at litigation over a data breach against Singtel Opus in Australia and the fallout from an investigation report. The recent data breach at Intel Optus, affecting 1.2 million individuals, has brought to light the critical role of strategic communication in managing cybersecurity breaches. Tom and Jonathan Armstrong, offer their unique perspectives on this issue. Fox emphasizes the inevitability of cybersecurity breaches and the need for a comprehensive strategy, including effective communication, to manage them. He warns against the potential consequences of mishandling communication during a breach, such as jeopardizing insurance coverage. Armstrong highlights the complexity of maintaining privilege in a global corporate structure and the importance of careful language to avoid invalidating insurance or causing unnecessary speculation. He also underscores the need for a holistic approach to cybersecurity, encompassing prevention, detection, remediation, and crisis communication. Join Tom Fox and Jonathan Armstrong as they delve deeper into this topic in the latest Life with GDPR podcast episode.  Key Takeaways: Implications of Language in Data Breach Reporting Navigating CEO Communication and Insurance Coverage Navigating Insurance Coverage in Data Breaches  Resources For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go to their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here. Check out the Cordery Data Breach Academy here.  Connect with Tom Fox ●      LinkedIn Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Nov 16, 2023
21 min
The Hidden Dangers of CEO Behavior: Patterns and Consequences
Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. We take things in a different direction today as we discuss the somewhat lurid allegations around former Abercrombie & Fitch CEO Mike Jeffries. This matter illustrates the need for robust background checks and support of those who bring forward complaints against top management. The topic of CEO risk, specifically the importance of accountability and investigations in corporate compliance, is a critical issue in today’s business world. It explores the potential dangers CEOs can pose to corporations and the necessity of holding them accountable for compliance initiatives. Tom Fox, a renowned compliance expert, emphasizes the importance of conducting thorough due diligence on individuals, particularly at the senior executive level, to mitigate risks. He believes that behavior patterns often exist before public scandals occur and that it is crucial to identify these patterns through deep investigations. On the other hand, Jonathan Armstrong highlights the challenge of pushing compliance up the organization and the need for thorough due diligence when hiring senior executives. He also stresses the importance of accountability and investigations in addressing misconduct allegations, even if they are historic. Join Tom Fox and Jonathan Armstrong as they delve deeper into this topic on this episode of the Life with GDPR podcast. Key Takeaways: CEO Accountability and Risk Exposure Allegations of Sex Trafficking and Abuse The Significance of Investigating Past Misconduct  Resources For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here. Connect with Tom Fox ●      LinkedIn ●    Twitter ●    YouTube ●    Facebook ●    Instagram Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Nov 2, 2023
16 min
WhatsApp Breach: Hospital's GDPR Failures Exposed
Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. The recent controversy surrounding Nigel Farage’s banking situation highlights the risks and compliance challenges faced by the banking industry in relation to data protection. In this episode, Tom and Jonathan discuss a data breach in a Scottish hospital during the COVID-19 pandemic. The breach occurred when hospital staff shared patient details on WhatsApp, raising concerns about GDPR compliance. The hospital informed the ICO about the breach but chose not to notify affected patients, highlighting the need for appropriate advice and support when making such decisions. The conversation also explores communication challenges in internal investigations and the privacy and security risks of platforms like WhatsApp. It emphasizes the importance of organizations adapting to the preferences of digital native employees and conducting data protection impact assessments. The podcast also highlights the importance of effective policies, training, and proactive phishing training to prevent cyber-attacks and protect sensitive information. Key Takeaways: ·      Data breach in Scottish hospital ·      The Challenges of Communication in Internal Investigations ·      Importance of Policies and Training ·      Phishing Training Effectiveness  Resources: For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here. Connect with Tom Fox ●      LinkedIn Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Sep 14, 2023
17 min
Exposed: The Shocking PSNI Data Release
Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. In this episode, Tom and Jonathan discuss a troubling inadvertent data release by the Police Service of Northern Ireland (PSNI). The release occurred when a document containing sensitive information about PSNI employees was mistakenly uploaded to a public site, putting officers at risk. The document, inadvertently released based upon a valid FOIA request, wrongfully included the names, ranks, locations, and even surveillance and intelligence details from the Northern Ireland constabulary. This inadvertent release highlights how the bypassing of security checks the caused the breach, emphasizing the real-world impact of data breaches on individuals. Tom and Jonathan also discuss the use of spreadsheets in data breaches and express frustration with the lack of attention given to these incidents. Overall, the conversation stresses the importance of data protection and compliance, and the urgent need for improved measures to address this issue.  Key Takeaways: ·      Data release at PSNI ·      Data release implications ·      Regulator's Call for Improved Data Protection ·      Spreadsheets are evil  Resources For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.  Connect with Tom Fox ●      LinkedIn Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Aug 31, 2023
15 min
Farage's Account Closure & the Risks of Data Breach
Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. The recent controversy surrounding Nigel Farage's banking situation highlights the risks and compliance challenges faced by the banking industry in relation to data protection.  In this episode, Tom and Jonathan discuss the closure of Farage's bank account with Coutts, a high-end bank owned by NatWest, and the potential data breach that ensued. They discuss the risks of internal emails being exposed through subject access requests (SARs) and emphasize the importance of caution in email communication. The conversation also explores the cost and consequences of non-compliance with GDPR obligations, particularly in relation to SARs. The potential legal implications for banks that violate their own policies or delete data that should be provided in response to a SAR are highlighted. Overall, the episode underscores the need for banks to prioritize data protection, compliance, and proper decision-making in the financial industry.  Key Takeaways: ·      Nigel Farage's Banking Controversy ·      Data Protection Risks in Banking ·      The Cost and Consequences of Subject Access Requests ·      Serious concerns about data protection and access to banking  Resources For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.  Connect with Tom Fox ●      LinkedIn Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Aug 17, 2023
20 min
Joe Sullivan Sentence
Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. Matt Kelly and Jonathan Marks join Tom and Jonathan Armstrong on this episode, as they explore the case of former Uber CISO Joe Sullivan and the lessons compliance officers can learn from his lenient sentence. From growing trends of personal accountability to conflict of interests, the hosts provide six tips for chief compliance officers to protect themselves, including rehearsing responses and seeking external advice when necessary. This eye-opening episode also delves into the challenges faced by compliance officers in situations like Etsy's ransomware scheme and how they must be cautious with threat actors' demands. Don't miss out on this insightful episode that will leave you questioning whether Sullivan was unfairly punished and whether executives' remuneration packages will receive greater scrutiny going forward. Tune in now to Life With GDPR.  Key Takeaways: ·      The Joe Sullivan Uber Case and Lessons Learned ·      Individual Liability in Corporate Malpractice ·      Compensation and Conflicts of Interest ·      The Challenges of Compliance Officers in Wrongdoing Incidents  Resources For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.  Connect with Tom Fox ●      LinkedIn Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Jun 22, 2023
18 min
$1 Billion Fine: Meta's GDPR Violation
Tom Fox and Jonathan Armstrong, renowned expert in cyber security, co-host the award-winning Life with GDPR. In this episode, they discuss the recent billion-dollar fine imposed on Meta (formerly Facebook) for violating data protection laws. They break down the significance of this ruling which limits the use of standard contractual clauses and requires due diligence checks when transferring data from the EU to the US. Discover the consequences and potential appeal arguments of the European Court of Justice's ruling on data privacy. They delve into the challenges of harmonizing data protection authorities in the EU and how this affects corporations. Find out why the lack of consistency among regulators cannot be fixed overnight. Don't miss out on the engaging and informative discussion that can help organizations navigate the complex landscape of GDPR and data privacy. Tune in to "Life with GDPR" now!  Key Takeaways: ·      Facebook fined $1 billion for data transfer ·      Meta's GDPR Noncompliance and Data Transfer Suspension ·      Irish Data Protection decision overruled by EDPB ·      Challenging GDPR court order in Ireland ·      Data Transfer from EU to US: Safe or Unsafe? ·      GDPR differences in privacy enforcement  Resources For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.  Connect with Tom Fox ●      LinkedIn Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Jun 8, 2023
32 min
Class Action Update
Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. Join them in this episode as they discuss the recent court decision in the Austrian case and its implications on GDPR claims. Discover the guidelines for GDPR damage compensation, assessment of damages, liability provisions, and how businesses can make themselves more robust to avoid such claims. They also delve into the importance of acting quickly in the event of a breach and insurers’ sophistication in cyberattack policies. Tune in to learn more, and check out the article on the quarterly compliance website. Don’t miss out on their engaging conversation and valuable insights!  Key Takeaways: Understanding GDPR compensation claims Insurance Claims and Breach Response Strategy Cyber insurance is becoming more selective in writing cover Notable Quotes: “I would say when you have a title like that, you get the attention of many class action lawyers.” “Not every infringement of GDPR automatically gives rise to compensation.” “The right to compensation under GDPR needs 3 things. Firstly, an infringement of GDPR; secondly, material damage resulting; and thirdly, a causal link between the damage and the infringement.” “If you haven’t got the right team in place, Even on New Year’s Day or Christmas day, Easter or Passover or, you know, during fasting, then that’s your fault, not ours, and regulators are not forgiving.” Resources For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go to their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.  Connect with Tom Fox ●      LinkedIn Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
May 25, 2023
23 min
Data Transfer Update
Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. Join them in this episode as they delve into the hot-button issue of data transfers from the EU to the US. With potential new rulings looming, the replacement for privacy shield is said to be doomed to fail. The European data protection board is investigating complaints against Google and Facebook that could affect up to 95% of US corporations using Google Analytics! How can your organization comply with GDPR regulations while avoiding the nearly €3 billion in fines levied since 2018, including practical tips such as conducting compliance checks and due diligence? Don't miss the explosive potential of this episode and what it could mean for businesses around the world. Key Takeaways: ·      Data transfers from the EU to the US and privacy concerns ·      Data Transfer Regulations & Compliance ·      Data Protection Compliance for Business Websites ·      Impending Large GDPR Fine Notable Quotes: "It is not going to get any easier anytime soon, unfortunately." "This case is likely to affect, I think, 95% of corporate America." "Regulators definitely have an appetite to investigate this." "I expect that the find that I'm hearing rumors of will tip us over the €300MM level."  Resources For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go to their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here. Connect with Tom Fox ●      LinkedIn Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
May 11, 2023
21 min
DPO Update
Tom Fox and Jonathan Armstrong, renowned expert in cyber security, host the award-winning Life with GDPR. In this episode, Tom and Jonathan discuss the role of the Data Protection Officer (DPO) in light of GDPR - an important requirement outlined in Article 37. They discuss how the European Court of Justice views the role, how Germany had a DPO system in place prior to GDPR  and the fact that DPOs should be supported by their employer and protected against any potential conflicts of interests. They touch on the shortage of suitable DPOs due to the price and resource requirements of the role, as well as the example of a data protection authority showing up to an organization and finding a person who had been recently trained. Tune in to discover more key insights about the role of the DPO as you stay knowledgeable on GDPR compliance with Live with GDPR. Key Takeaways: European Court of Justice and the GDPR System [00:05:46] DPO Roles and Responsibilities [00:10:50] Data Protection Authority Visit to an Organization [00:15:26] Notable Quotes: 1.     “The Role of a DPO in simple terms is to sort of act as a sort of police officer to police the organization's handling of data.”  2.     “If you look at GDPR article 37 5, it says that a data protection officer must be designated on the basis of professional qualities. In particular, expert knowledge of data protection law and practices, and there's a number of duties in Article 39 they have to be able to perform.” 3.     “Regulators will expect to see competency. And it's probably easier for a regulator to judge competency than it is to judge conflict of interest.” 4.     “I think it is definitely worthwhile putting resources in training and also currency.”  Resources For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.  Connect with Tom Fox ●      LinkedIn Connect with Jonathan Armstrong ●      Twitter ●      LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Mar 23, 2023
21 min
Load more