The six steps for complying with GDPR are:
1. Know your data - Conduct an audit to understand what personal data is collected and where it is stored.
2. Classify the data - Determine if the data is personal, sensitive or confidential.
3. Justify the data - Establish the lawful basis and purpose for collecting and processing the data.
4. Plan how the data will be handled - Outline the full data lifecycle and retention periods.
5. Control access to the data - Implement security measures and restrict access to authorized personnel only.
6. Be prepared for a data breach - Have response plans in place and know when to report breaches to
What does GDPR actually mean to you as a business, what are the rights of individuals and how do you have to apply them, around Subject Access Request, Right to Erasure / be Forgotten, Consent and Opt In and Out and Personally Identifiable Information and Personal Data
#1NWebinar: GDPR and Privacy Best Practices for Digital MarketersOne North
One North’s Managing Director of Technology Ryan Horner and legal process and technology consultant Bob Beach share details on how the EU’s General Data Protection Regulation (GDPR) could impact digital assets.
This webinar is designed to educate digital marketers, share actionable examples, and provide an overview of how One North can help clients ensure their digital properties are in compliance with the regulation and execute on those efforts. Beyond GDPR compliance, the session will also highlight important information for marketers as data privacy continues to become a critical and strategic component of digital.
Access the recording: https://youtu.be/ruQpN70LGt0
SMS and GDPR - what you need to know to be compliantEsendex
These slides accompanied a webinar hosted on 11th April, 2018, in which the question of 'can I continue to text my customers after GDPR becomes effective' was answered. We cover off the lawful bases for communicating with customers, prospects and ex-customers; privacy policy changes; data controllers and data processors, and your responsibilities as one or the other of these. We then explore the path Esendex is taking to GDPR-compliance, effectively using ourselves as the case study for this presentation.
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
In this webinar, see the specific impacts of GDPR on B2B companies as they plan, budget, launch and measure success from ABM advertising programs that reach and engage the 500 Million+ citizens of EU countries and the UK. Our panel of experts will cover the IT, Legal, Marketing, Data and Technology Provider side of GDPR compliance. All of these dimensions need to be addressed as you plan for the world of GDPR.
What does GDPR actually mean to you as a business, what are the rights of individuals and how do you have to apply them, around Subject Access Request, Right to Erasure / be Forgotten, Consent and Opt In and Out and Personally Identifiable Information and Personal Data
#1NWebinar: GDPR and Privacy Best Practices for Digital MarketersOne North
One North’s Managing Director of Technology Ryan Horner and legal process and technology consultant Bob Beach share details on how the EU’s General Data Protection Regulation (GDPR) could impact digital assets.
This webinar is designed to educate digital marketers, share actionable examples, and provide an overview of how One North can help clients ensure their digital properties are in compliance with the regulation and execute on those efforts. Beyond GDPR compliance, the session will also highlight important information for marketers as data privacy continues to become a critical and strategic component of digital.
Access the recording: https://youtu.be/ruQpN70LGt0
SMS and GDPR - what you need to know to be compliantEsendex
These slides accompanied a webinar hosted on 11th April, 2018, in which the question of 'can I continue to text my customers after GDPR becomes effective' was answered. We cover off the lawful bases for communicating with customers, prospects and ex-customers; privacy policy changes; data controllers and data processors, and your responsibilities as one or the other of these. We then explore the path Esendex is taking to GDPR-compliance, effectively using ourselves as the case study for this presentation.
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
In this webinar, see the specific impacts of GDPR on B2B companies as they plan, budget, launch and measure success from ABM advertising programs that reach and engage the 500 Million+ citizens of EU countries and the UK. Our panel of experts will cover the IT, Legal, Marketing, Data and Technology Provider side of GDPR compliance. All of these dimensions need to be addressed as you plan for the world of GDPR.
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Slides utilisés par Nathalie Ragheno, premier conseiller à la FEB, lors de sa conférence à la tribune du Forum financier du Brabant wallon, le 14 décembre 2017
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
For more information visit https://www.brightpay.co.uk
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
For more information visit https://brightpay.co.uk
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations.
This webinar will look at the GDPR, how it may affect your business and what we have learned from the GDPR 5 months on. We will also have a look at how BrightPay can help your organisation utilise the new regulations for the benefit of you, your customers and youremployees.
Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data, and that includes your employee’s personal payroll and HR information. We will take you through the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligations with regards to payroll, HR and Employment law.
The webinar will include a demonstration of how our BrightPay Connect add-on can help you work towards GDPR compliance by offering remote online access to accountants, employers and employees. We will take a brief look at our Bright Contracts software, which as well as providing the user with the facility to create and customise Contracts of Employment and Company Handbooks, now has a new feature which enables the user to create an Employee Privacy Policy which is a requirement under GDPR.
We will also unveil our new timesheet rapid input feature. Our exciting new timesheet feature directly connects to the BrightPay payroll and allows clients to import timesheet hours from a CSV or directly input hours for each employee on the BrightPay connect employer dashboard. For accountants and payroll bureaus, clients can easily use the timesheet upload for rapid input of employee’s hours eliminating possible errors. The timesheet feature also allows bureaus to easily run the payroll before sending it back to your payroll client for final approval and validation.
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Slides utilisés par Nathalie Ragheno, premier conseiller à la FEB, lors de sa conférence à la tribune du Forum financier du Brabant wallon, le 14 décembre 2017
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
For more information visit https://www.brightpay.co.uk
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Employers process large amounts of personal data, not least in relation to their customers and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How to prepare for GDPR
How we are working to help you
For more information visit https://brightpay.co.uk
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations.
This webinar will look at the GDPR, how it may affect your business and what we have learned from the GDPR 5 months on. We will also have a look at how BrightPay can help your organisation utilise the new regulations for the benefit of you, your customers and youremployees.
Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data, and that includes your employee’s personal payroll and HR information. We will take you through the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligations with regards to payroll, HR and Employment law.
The webinar will include a demonstration of how our BrightPay Connect add-on can help you work towards GDPR compliance by offering remote online access to accountants, employers and employees. We will take a brief look at our Bright Contracts software, which as well as providing the user with the facility to create and customise Contracts of Employment and Company Handbooks, now has a new feature which enables the user to create an Employee Privacy Policy which is a requirement under GDPR.
We will also unveil our new timesheet rapid input feature. Our exciting new timesheet feature directly connects to the BrightPay payroll and allows clients to import timesheet hours from a CSV or directly input hours for each employee on the BrightPay connect employer dashboard. For accountants and payroll bureaus, clients can easily use the timesheet upload for rapid input of employee’s hours eliminating possible errors. The timesheet feature also allows bureaus to easily run the payroll before sending it back to your payroll client for final approval and validation.
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
Kseniya Leshchenko: Shared development support service model as the way to ma...Lviv Startup Club
Kseniya Leshchenko: Shared development support service model as the way to make small projects with small budgets profitable for the company (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
2. What is the General Data Protection Regulation (GDPR)?
• EU-GDPR established to protect the rights and freedoms of EU citizens
(data subjects)
• The Data Protection Act 2018 included all the clauses from the EU-
GDPR
• Data Protection, Privacy and Electronic Communication Regulations
• UK-GDPR 2021
3. General Principles of the UK-GDPR
Data shall be:
• Processed lawfully
• Collected for specified, explicit and legitimate purposes
• Adequate relevant and limited
• Accurate
• Kept in identifiable form for no longer than is necessary
• Processed in a manner so as to ensure security
4. What are the six steps?
• Step 1: Know your data
• Step 2: Classify it
• Step 3: Justify it
• Step 4: Plan it
• Step 5: Control it
• Step 6: Be breach ready
6. Know your data - Discussion
• Whose data do you hold?
• What personal data do you collect?
• Where does your data live?
• How many copies of data sets do you have?
• Which members of the team have their own
data?
7.
8. Where is your data currently kept? - Discussion
- Spreadsheets
- Databases
- Server/NAS Drives
- Cloud
- Laptops
- Backups
Where should it be kept?
- Mobile phones
- USB Sticks
- Websites
- CRM Software
- Email marketing contacts
9. What about the data you are sharing?
Do you share data with:
• Subcontractors?
• Suppliers?
• Temp staff?
• Associates?
Data is an asset…
But it can also be a liability!
You don’t want old and out of date information hanging around anymore. Think about
old systems you may have previously used. Is there still data on them? If so, consider
deleting it!
10. Be aware of data fragmentation
• Naturally as an organisation with a number of employees, it is easy for
data to become fragmented.
• As we utilise more software and devices, that data can become more
and more fragmented.
• Complete a bit of an audit to help you understand where your data
sits.
11. Is it time to move to a CRM?
To manage customer data all in one place rather than having it
fragmented across multiple areas.
- Is it GDPR compliant?
- Can you store all your data?
- Does it integrate with emails, calendars, phone systems, etc.?
- Who needs access? Staff? Volunteers? External orgs? And at what
levels?
12. Share don’t attach
To reduce data fragmentation, reduce the number of duplicate
documents across the organisation by getting into the habit of sharing
documents rather than attaching them to emails.
Microsoft 365, Google Workspace and Google Drive enable us to quickly
and easily share access to docs, files and folders
14. What is personal data?
“Personal data” means any information relating to an identified or
identifiable natural person.
• A name
• An identification number
• Location data
• An online identifier
• Or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural
person.
15. What is personal data?
We also have “Sensitive Personal Data” which consists of the following:
• Personal data revealing racial or ethnic origin, political opinions,
religious or philosophical beliefs
• Trade-union membership
• Genetic data, biometric data
• Health related data
• Data concerning a persons sex life or sexual orientation
16. What is confidential data?
We also have “Confidential” business information which refers to information
whose disclosure may harm the business. Such as:
• Trade secrets
• Sales and marketing plans
• New product plans
• Notes associated with patentable inventions
• Customer and supplier information
• Financial data
• Account information
• Passwords
Not a classification, but you may want to classify this yourself
17. How do we classify data?
Data set Fields Classification?
Marketing data Name
Postcode
Email
Customer data Name
Address
Email
Bank details
Staff data Name
Postcode
Email
Religion
Health records
19. What is the purpose of the data? What is the lawful basis for holding it?
Contract: for example, to be able to supply goods or services that
they have requested, or to fulfil your obligations under an employment
contract. This also includes steps taken at their request before entering
into a contract
Legal obligation: the processing is necessary for you to comply with
the law (not including contractual obligations)
Consent: the individual has given clear consent for you to process their
personal data for a specific purpose
There needs to be a lawful basis for collecting the information:
20. Levels of consent
*Signed can mean signature, a checked box or agree button
Level 1 Verbal consent
Level 2 *Signed consent
Level 3 *Signed by both parties
21. Best practices for consent
• Active opt-in: a binary choice given equal prominence
• Granular: Give consent separately for different processing
• Named: Name your organisation and any third parties who will be
relying on consent
• Easy to withdraw: the right to withdraw their consent at any time
22. Best practices for consent – A consent template
Make your consent request prominent, concise, separate from other
terms and conditions, and easy to understand
• the name of your organisation
• the name of any third-party controllers
• why you want the data
• what you will do with it
• that individuals can withdraw consent at any time
25. What is the process that your data goes through?
• Collection
• Storage
• Processing
• Deletion
26. How long should I keep it for?
Are there any requirements for the retention of any particular data. For
example:
• Trade law;
• Tax law;
• EU Contracts
• Employment law;
• Administrative law;
• Regulations regarding certain professions, e.g. medical.
27. How long should I keep it for?
In the absence of any legal requirements, personal data may only be retained
if necessary for the purpose of processing and must be deleted when:
• the data subject has withdrawn consent
• a contract has been performed or cannot be performed anymore
• the data is no longer up to date
• the data subject requests the erasure of data
• the retention is no longer necessary
• Exceptions may apply for historical, statistical or scientific purposes
28. Privacy Policies vs Notices
• Full privacy policy is a very detailed document – very often a separate
page entirely and contains all the detail for the whole organization.
• A privacy notice is an abbreviated version of the policy for the
purposes of a sign-up form. This is also where you would have the
consent form (checkboxes, etc.)
31. Privacy notices
● Describe all the privacy information that you collect about an
individual, make available or provide
● Need to be a blended approach, using a number of techniques to
present privacy information
● Demonstrates that you are using personal data fairly and
transparently
● Include a ‘request’ for consent
If the average person read every privacy policy for every website they
visited in a year, that reading time would amount to some 244 hours
32. Privacy Policy checklist
● Who are we?
● How do we collect information about you?
● How your information is used
● Third party service providers
● Your rights
● Security precautions
● Cookies
● Changes to this Privacy Policy
What does your Privacy Policy look like on the website?
33. Where should notices go?
● Orally - face to face or on the telephone (it’s a good idea to
document this)
● In writing - printed media; printed adverts; forms, such as financial
applications or job application forms
● Through signage - an information poster in a public area
● Electronically - in text messages, websites, emails and mobile apps.
36. How do we keep data safe?
• Who has access? Do the right people have access?
• How secure is it through its lifecycle?
• Where is it held?
• How do you process individuals rights?
• How long is it retained for and how is it deleted?
• Who do you see as Third Parties?
37. Are you ready for Cyber Essentials?
• Cyber Essentials is a simple but effective, Government backed scheme
that will help you to protect your organisation, whatever its size,
against a whole range of the most common cyber attacks.
• Cyber attacks come in many shapes and sizes, but the vast majority
are very basic in nature, carried out by relatively unskilled individuals.
They’re the digital equivalent of a thief trying your front door to see if
it’s unlocked. Our advice is designed to prevent these attacks.
About Cyber Essentials - NCSC.GOV.UK
39. Phishing emails
• Phishing is a type of email attack often used to steal user data,
including login credentials and credit card numbers. It occurs when an
attacker, masquerading as a trusted entity, dupes a victim into
opening an email
40.
41.
42.
43. Can you recognise a phishing attempt?
https://www.independentage.org/information/money/scams/scams-quiz#main-
content
44. Phishing emails – What must I do?
• Check the email address of the sender
• Hover over and check any links before clicking onto them
• Does the email address you directly?
• Look out for spelling and grammar issues
• If any doubt, then delete it!
• Inform others about suspicious emails, as they may have the same
• If you click a link or open a file from an email that seems suspicious, do
not try to hide it, make sure to tell someone.
45. Spear phishing / CEO fraud
• Spear phishing is a more targeted attempt to
reach a specific and well researched recipient
while pretending to be a trusted sender.
• These emails often claim to be the CEO of
your company, or an organisation you do
business with and trick you into gaining
sensitive information or financial gain.
• Never believe these emails – Always call or
double check first.
46.
47. Have I been ‘pwned’?
Have I Been Pwned: Check if your email has been compromised
in a data breach
48. Malware: Viruses, Worms & Trojans
• Malware is software that is specifically designed
to disrupt, damage, or gain unauthorised
access to a computer system.
• Viruses are self replicating programs that attach
themselves to other programs or files
• Worms don’t need another file or program to
replicate, it is self sustaining
• Trojan horse attack looks legitimate but
performs unknown and unwanted activities like
keyboard loggers or a backdoor for hackers to
access and control your system
49. Ransomware
Malicious software that sneaks onto your
computer, encrypts your data so you can’t
access it and demands payment for
unlocking the information
• Nearly 50% of organisations have been
hit with ransomware
• The average ransom demand is £1020
• Less than half of ransomware victims
fully recover their data, even with backup
50. What should I do?
• Pull out the network lead or switch off Wi-Fi and switch off the
computer
• DO NOT restart the computer or connect/reconnect to the network
• Pass it over to your IT team who will delete, reformat and restore the
system from an uninfected local, offsite or cloud backup
51. How should we better protect ourselves from breaches?
Update, update, update!
Allow PC and software updates to download as and when they become
available. If there are any that pop up that you are unsure of, then make
sure to confirm it’s safe with someone else first.
52. Use complex passwords
All passwords must be:
• Unique for each account that you use
• 8+ characters long
• Include upper- and lower-case letters
• Include a number
• Include a special character
Don’t use the same passwords for work and home
Don’t share logins and passwords
Don’t save your passwords into Word or Excel docs
Don’t have documents named “passwords”
Don’t use the word “password” in Emails
55. How secure is your password? How Secure Is My Password?
56. Creating Password’s and Activity
Take three words
Creating a Strong Password in 3 Steps:
1. Choose three random words phoneglassesbowl
2. Change the letter of each word to a capital PhoneGlassesBowl
3. Add some numbers and/or Symbols PhoneGlassesBowl18!
Want to use it for more sites? Add the site as an identifier
• Amazon - AnPhoneGlassesBowl18!
• Ebay - EyPhoneGlassesBowl18!
• Google – GePhoneGlassesBowl18!
If you want to make it more complex
• Use five words
• Add more numbers
• Add a dash-between-each-word
57. Creating Password’s and Activity
• Using the initial letters of a favourite song or phrase:
• e.g. Life is like a box of chocolates
• Lilaboc
• Include capital letters and lower case letters:
• LiLaBoC
• Include a memorable number or date:
• LiLaBoC19
• Include a symbol:
• LiLaBoC*19
58. Protect your data
Ensure organisation’s data is only stored on organisation’s devices
● Always lock devices when unattended - (WIndows + L)
● Encryption- are all laptops encrypted?
● Don’t copy or export data without consent?
Mobile device policies
● Protected from unauthorised access by at least a 6-digit PIN or a passphrase;
● Configured to ensure they automatically lock after a period of inactivity;
● Configured in such a way that they can be remotely wiped in the event of loss;
● Data is encrypted at rest;
● Only have trusted applications from reputable sources installed and antivirus installed if
using an Android device
● Receive automatic software updates from the manufacturer and other 3rd parties; and
● Receive software updates for security patches within a reasonable timeframe.
59. Techniques to secure your data
1. Minimise - Reduce the amount of data you have
i. Delete – big audit
ii. Archive
iii. Build and enforce retention policies
2. Separate – separate personal information from daily tasks
i. Split database tables
ii. Spreadsheets separation
3. Anonymise or pseudonymise wherever possible –
i. in emails, texts, messages
ii. In other data sets
iii. In client reports
4. Access - Check your access rights
i. Who has access ? Is it at the right levels?
ii. Password protection
60. Set up two factor or multi factor authentication
If you are using Dropbox, Google Apps, Office 365 or any cloud-based software, set up
two factor authentication
Usually this means you need your mobile phone with you to approve your sign up. It’s
very simple, but it will alert you to any attempts to access your information.
Google two step authentication
61. Look for HTTPS before entering any personal or sensitive info
•When a website is asking you to input any personal or sensitive
information then make sure to look out for the ‘S’ at the end of
‘https’
•If it only says ‘http’ do not enter any info.
62. When out and about – be suspicious of public Wi-Fi
● Name that Wi-Fi - be suspicious of wireless networks on your device that show
up with names like "Free Wi-Fi" or "Free Hotel Wi-Fi."
● Avoid using passwords - better to avoid activities where you're using passwords
to log-in to your most sensitive or important accounts.
● Let your computer help out. Windows and Mac OS X (those computers'
operation systems) come with security features that can help protect you. Ensure
it’s on
● Look for the "s" for secure. Any time you're on a webpage, look at the address bar
(above the web page) and the website's name. If you see "https" right in front,
that website is encrypted, which means your data can't be read in transmission
64. Always report something suspicious or lost
• If you lose something - tell your manager, never try to hide it
• If you click on something – tell your manager, never hide it
• If you see someone else acting suspiciously – report it
65. What is a breach?
A breach is any loss or mismanagement of data
Examples of breaches:
• Hacking of your website
• Sending an email with an attachment to the wrong person (sensitive
info)
• Losing or theft of a laptop
• Loss of a mobile device or selling with data still on it
• Hacking of your emails
• Deleting a database by accident
66. When do individuals and ICO have to be notified?
• Where a breach is likely to result in a high risk to the rights and
freedoms of individuals, you must notify those concerned directly
• A ‘high risk’ means the threshold for notifying individuals is higher than
for notifying the relevant supervisory authority
67. How do I notify a breach?
A notifiable breach has to be reported to ICO within 72 hours of the
organisation becoming aware of it. The GDPR recognises that it will often be
impossible to investigate a breach fully within that time-period and allows you
to provide information in phases.
If the breach is sufficiently serious to warrant notification to the public, the
organisation responsible must do so without undue delay.
Failing to notify a breach when required to do so can result in a significant fine
up to 10 million Euros or 2 per cent of your global turnover.
68. Summary – Six Steps
• Step 1: Know your data
• Step 2: Classify it
• Step 3: Justify it
• Step 4: Plan it
• Step 5: Control it
• Step 6: Be breach ready
69. Thank you
Please complete the feedback form for this course using
the QR code or this link.
https://forms.office.com/r/6G0cgGKLA1
Editor's Notes
EU-GDPR May 2018
DPA May 2018
DPPECR Oct 2020
UK-GDPR Jan 2021
https://uk-gdpr.org/chapter-2-article-5/
Highlight the 6 steps for GDPR above
Open up a discussion on the above questions?
Where does your data live? (Prompts)
Microsoft 365, Google Workspace
CRM systems – HubSpot, Capsule, etc.
Locally on devices? Laptops, tablets, smartphones
Accounting software? – Sage, QuikBooks, Xero
Email accounts? – Gmail, Outlook, AOL, Self hosted?
How many copies of data sets do you have?
Excel spreadsheets?
Copied across 365 & CRM? Accounting and Google Workspace?
Multiple revisions of client data?
Which members of staff have access to their own data?
Self employed?
Small org?
Freelancers?
Focussing on where data is kept from before-
Open discussion on where it should be kept. i.e. remove multiple copies, use secure cloud systems, no “revisions”. (If 365 or Google let this do it for you through version history)
Avoid saving on local software if “unsecure”
Password protect devices (biometric, passcode, Password)
Password protect docs with sensitive data
If you have an email sent to 10 people. Use the multiple attachments example.
Refer to photo
Lamplight for charities and non profits
One of the alternatives here
(Google CRM name and GDPR, i.e. “HubSpot GDPR Compliant?”)
General Data Protection Regulation | HubSpot
E.g. client shares an idea for a project/business. Not personal, not sensitive, but confidential.
Bank details are personal, but not sensitive. Account number, etc.
Which of these is classed as sensitive data? (ONLY STAFF DATA) – Bank details not classed as sensitive data
Bank details, doesn’t fit into the classification of sensitive, but is highly confidential
Look back at classification list
Contract – if its about the service that you are offering. i.e. a job seeker that comes for advice. That is a contract
Legal – e.g. visitor book for fire safety/H&S, Risk assessment
Consent – Consent to market or pass data to third parties.
Data goes through a cycle.
EU Contracts – have to hold data for about 30 years.
Accounts only need to be kept for 7 years
EU Contracts – have to hold data for about 30 years.
Accounts only need to be kept for 7 years
Activity – Check the privacy policy on the Well Grounded website
Have I Been Pwned: Check if your email has been compromised in a data breachv
How Secure Is My Password? – ACTIVITY
Go to this website to test password strengths
Tutor to explain how to go about creating a password which will be secure to use,
Give learners 5 mins to come up with their own,
IF ISSUES ARE RAISED BY KEEPING PASSWORDS ON PAPER:
With regards to writing your passwords down on paper, almost all of the major security experts agree this is the safest, most secure way of password management providing that bit (or bits) of paper is kept safely. I would recommend reading this article to put your mind at ease - https://www.vox.com/2014/4/16/5614258/the-best-defense-against-hackers-writer-your-passwords-down-on-paper (one of the people mentioned in this article is Bruce Schneier, who is a hugely respected authority on digital security – his Wikipedia page can be found here: https://en.wikipedia.org/wiki/Bruce_Schneier)
In particular I will point out this paragraph within the above article – you may recall in particular I mentioned that if you go with the paper password method, you should keep a sheet of passwords completely separate to usernames:
“Don't leave the paper somewhere where people can copy it. It shouldn't be a Post-it note on your monitor or even under your keyboard. Store it in your wallet, or in an unmarked folder in your filing cabinet. You might want to consider keeping two different piece of paper: one at home that has every password, and a second one in your wallet that just has the passwords you need every day. That minimizes the damage if you happen to lose your wallet.”
Tutor to explain how to go about creating a password which will be secure to use,
Give learners 5 mins to come up with their own,
IF ISSUES ARE RAISED BY KEEPING PASSWORDS ON PAPER:
With regards to writing your passwords down on paper, almost all of the major security experts agree this is the safest, most secure way of password management providing that bit (or bits) of paper is kept safely. I would recommend reading this article to put your mind at ease - https://www.vox.com/2014/4/16/5614258/the-best-defense-against-hackers-writer-your-passwords-down-on-paper (one of the people mentioned in this article is Bruce Schneier, who is a hugely respected authority on digital security – his Wikipedia page can be found here: https://en.wikipedia.org/wiki/Bruce_Schneier)
In particular I will point out this paragraph within the above article – you may recall in particular I mentioned that if you go with the paper password method, you should keep a sheet of passwords completely separate to usernames:
“Don't leave the paper somewhere where people can copy it. It shouldn't be a Post-it note on your monitor or even under your keyboard. Store it in your wallet, or in an unmarked folder in your filing cabinet. You might want to consider keeping two different piece of paper: one at home that has every password, and a second one in your wallet that just has the passwords you need every day. That minimizes the damage if you happen to lose your wallet.”
Information Commissioners Office
i.e. a job club for alcololics. If that database was sent to someone by accident. They gave it to a journalist, and shared on the news that would be a breach of rights and freedoms