I’m flattered to have inspired this satirical video guide by the great Javvad Malik, although I’m a bit worried that people might take it seriously….
A decision tree for working out when consent is the right lawful basis for processing
An incident isn’t necessarily a breach, a breach isn’t necessarily an avoidance breach, and it’s not always a notifiable one either. The post is less confusing than this excerpt, I promise.
A briefing on consent, the most misunderstood and misused part of the GDPR. What the law really says.
Some GDPR myths keep coming back like zombies. Here are some of the worst
Risky behaviour: what not to punish in a Just Culture
How a ‘Just Culture’ is essential for effective risk management
What does ‘human error’ really mean, and is it a good enough excuse for an organisation to use when something goes wrong?
An explanation of why using MailChimp and achieving data protection compliance are mutually exclusive
What is even the point of data protection law? Basically, to protect people from each other. Shame that’s often overlooked.