Posts

Showing posts from March, 2018

Privacy Impact Assessment PIA guidance

Image
Data Protection Privacy Impact Assessments ( PIA, PIAS ) are a highly effective way to embed data protection and #privacy into all your #policies, #procedures, #practice, #activities and #projects.

for those looking to develop their own approaches to PIAS the ICO provides excellent guidance here

alternatively Concrew Training offers on site support on your premises in terms of staff training and development in #DataProtection, #GDPR and #PIA #PIAS

Data Protection and GDPR training

Privacy Impact Assessment Training

Cyber Security and The GDPR

Hardly a month seems to go by without a major cyber security breach hitting the headlines but just how big a risk is cyber security to the average organisation?

Its easy to sweep the #GDPR and #CyberSecurity under the mat and think it won't happen here.   The annual cyber security survey provides a useful insight into just how wrong that view may be.

The 2017 survey reported:

"46% of all UK businesses identified at least one cyber security breach or attack in the last 12 months. "

"Overall, businesses that hold electronic personal data on customers are more likely than average to have had breaches (51% versus 46%). Nonetheless, breaches are still prevalent among organisations whose senior managers consider cyber security a low priority (35%), and in firms where online services are not at all seen as core to the business (41%)."

"Among the 46 per cent of businesses that detected breaches in the last 12 months, the survey finds that the average business face…

Equal Pay Reporting - Huge Fines Looming?

The deadlines for reporting on equal pay are 30 March 2018 for public sector organisations and 04 April 2018 for businesses and charities.
The Equality and Human Rights Commission will commence enforcement action on 09 April 2018 giving a further 28 days to comply.
One recent estimates suggested 33% of FTSE 100 companies had still to report and another that for all eligible employers the figure was closer to 12%

Given the large number of organisations who have still to report and the time available to gather the information and report penalties are likely to be widespread.

It is also probable that many of those organisations who have ignored equal pay reporting will also have paid too little attention to The GDPR and will be at risk of fines for non compliance in that area too


More on Equal Pay Reporting More on The GDPR #equalpay #gdpr #eprivacy #equality #concrewtraining

Questioning Techniques for Learning

Concrew Training's half-day workshop on how to make questioning a more effective tool within teaching, training and learning includes Socratic Questioning Techniques and much much more

Socratic Questioning 


Clarification Why are you saying that?Can you give me an example?
Probing What else could we assume?What would happen if?
Testing evidence How do you know this?How might it be refuted?
Generating viewpoints What alternative ways of looking at this are there?What are the strengths and weaknesses of this?
Consequences What are the implications of?How does this fit with
Questions about the question What was the point of asking that question?Why do you think I asked this question?What else might I ask?read the full course overview 

Privacy Impact Assessments Made Easier

Image
Most organisations will by now have updated their data protection policies to reflect and meet the requirements of the GDPR.

unfortunately the sheer size of the potential fines and penalties means no UK company or organisation can afford to take the GDPR lightly.  Data Protection can no longer be a write and forget policy or a tick box activity privacy will have to be embedded into every policy, procedure, practice or project. 

Existing activities need to be reviewed against your new data protection and privacy policies and every new activity, be it policy, procedure, practice or project will need to scrutinised for potential privacy breach at every stage. 

If not handled correctly this will be a huge task.   Consider for example staff use of mobile phones and the potential for data breach. Do you even know where the data on the phones is stored ?  does the phone automatically back up personal data such as email, sms, voicemails, pictures etc to the phone provider, google, microsoft…