Firms should be well advanced with their risk assessments for GDPR compliance as the 25 May 2018 implementation date is fast approaching. We have been advising firms on this and also providing training.
Contracts with data processors will need to be reviewed. Consideration should also be given to cloud providers. Three particular issues arise here. First, is data being held outside the European Economic Area? Secondly, researchers at the Massachusetts Institute of Technology (MIT) have warned of the risk of ransomware targeting cloud providers; while the largest providers have increased their spending on security, smaller providers may not have the same resources. Thirdly, though not solely in the context of cloud services, the European Commission has published a note on the impact of Brexit on data transfers.
MIT have also warned of artificial intelligence (AI) being used to create spear phishing attacks, with the technology being used to create thousands of malware-loaded, fake emails.
The Article 29 Working Party has published guidance on consent and draft guidance on transparency under GDPR.
The Information Commissioner’s website has expanded the guidance on personal data breaches and added three new pages in the lawful basis section, covering contract, legal obligation and vital interests.
Links to documents referred to above can be found on our News page https://www.legalrisk.co.uk/news/.‹ Back to Publications