Cyber Security Training, DPO Solutions Home, DPO Solutions
Cyber Security Training, DPO Solutions Home, DPO Solutions
Cyber Security Training, DPO Solutions Home, DPO Solutions
Cyber Security Training, DPO Solutions Home, DPO Solutions
Cyber Security Training, DPO Solutions Home, DPO Solutions
Cyber Security Training, DPO Solutions Home, DPO Solutions
Slide 1
Bespoke Cybersecurity Training

We Provide Bespoke Security Training Based on Needs and Timeframes

Slide 2

Data Privacy Training

We Provide Staff Training on Data Privacy Risks, GDPR Compliance and Technical Controls

Slide 3
Web Server Security

Training on how to Secure Web Servers to Defend Against Common Attack Vectors

Slide 4
Access Review Audits

Help with Auditing Access Privileges on Firewalls and Switches

Slide 5
Remote Access Security Training

Training for Remote Workers on Safe Practices for Data and Device Security

Slide 6
Forensics Training

Help in setting up a forensics and e-Discovery function

Cyber Security Training, DPO Solutions Home, DPO SolutionsCyber Security Training, DPO Solutions Home, DPO Solutions
Cyber Security Training, DPO Solutions Home, DPO SolutionsCyber Security Training, DPO Solutions Home, DPO Solutions



  • Cyber Security Training, DPO Solutions Home, DPO Solutions

How to Secure WordPress

In this article we cover how to secure your wordpress from hackers and spammers using a few simple tips and precautions.

What is GDPR & Data Privacy?

Whether you’re new to GDPR or you’ve been working with data privacy for awhile, it’s important to understand the basics of what it is and why it’s needed in the first place. The basic question for many people is, “what is GDPR?” and why does it matter?.

As this term is the number one searched term related to data privacy on Google, I thought this relatively short primer may help clear things up.

GDPR Primer

GDPR or general data protection regulations came into effect in May 2018 as a successor to the Data Protection Directive of 1995. The intention of the regulations was to create one set of rules for all EU states to follow when protecting personal data.

The regulations are mandatory as opposed to the data protection act which was a voluntary code of conduct and identifies three main parties in the data protection chain. These are a data controller, data processor and subject (an individual person) which I’ll explain shortly.

Why GDPR came into being?:

At a simple level, the rules came into place as a result of the age of big data and the internet and revelations around abuse of how our personal data was being monetised by ad-tech, data brokers, tech giants and others.

It’s widely believed that the revelations of Edward Snowden around US government mass surveillance programs which targeted US citizens but also inadvertently included EU citizens triggered alarm bells in Europe and pushed the issue of data protection to the fore.
Another major case recorded was Max Schrems vs Facebook Ireland in 2013 in an action where Schrems won.
The issue at hand was with respect to Facebook’s failure to get his consent to transfer his personal data back to the US for further processing. This of course had larger ramifications for all EU citizens data and how it was automatically transferred outside the EU without knowledge or proper supervision.

More >>

Data Privacy Trends

Over the last number of years, we’ve witnessed a surge in regulatory activity on a global scale. Last year, saw an incredible average of 220 regulatory change alerts per day in the financial sector alone.  A ten fold increase over ten years.

We of course saw GDPR implemented in 2018 but this has spurred a raft of follow-up legislation internationally at the country and state level. I mentioned in my previous article What is GDPR? developments with the data protection acts of 2018 in Ireland and the UK.

These changes are essentially refinements and in some cases dilutions of GDPR regulations. But what about the US? Well in 2019, 5 US states alone implemented new or updated data privacy laws whilst in 2020, California implemented sweeping changes with it’s CCPA regulation (“What is CCPA?”:Related Article) while New York enacted it’s data privacy updates with the implementation of it’s Shield Act which strongly focuses on data safeguards, expands the definition of private (personal information) and strengthens it’s breach notification rules in instances where HIPAA or Graham-Leach-Bliley doesn’t take precedence.

Developments on international transfers have also been to the fore in 2020 with the ruling on the invalidity of the EU-US privacy shield “Privacy Shield is struck down”:Related Article muddying the waters for US companies doing business in the EU. It’s safe to say that each regulation has it’s own nuances which is further complicated by the fact that many companies operate under multi-jurisdictional data privacy rules which are often subject to conflicting interpretation.

Perhaps one of of the more interesting trends in compliance, is the rise of AI and underlying technologies. I refer back to my article on CCPA regulation and the section on Innovation Automation. Where I highlight 3 companies and their approach to specific data privacy challenges.

It’s apparent that regulated firms, globally, have been overwhelmed by the burden of regulation and they need automation and skilled resources such as legal compliance help, privacy practitioners (such as myself) and regtech solutions integrators to address the challenges.
Fines and reputational damage are too costly not to get it right anymore as the regulators seek to make examples as never before.

What is CCPA?

The California Consumer Protection Act or AB 375 came into effect in January of 2020 Building on pre-existing privacy laws such as CalOPPA and Shine the Light Law, CCPA was perhaps a logical step by the California state legislature to respond to mega breaches of the Equifax (147m records) variety and the reckless behavior of Facebook in the Cambridge Analytica scandal.

So what’s in the CCPA regulations?
Applicability: It applies to any qualifying business, in any country who has customers or employees based in California. Qualifying businesses being those who have annual gross revenues in excess of $25 Million or trades data on more than 50,000 customers annually or derives 50% or more of it’s annual revenue from selling personal information.

Sanctions: California consumers may invoke the new law where enforcement actions may include a $2,500 penalty per record for an unintentional violation and $7,500 penalty for an intentional violation. (If Cambridge Analytica happened today, that would be 50 million multiplied by $7,500 or 375 with nine zeros).
At a lower level, the act allows a “Private right of action” for California Residents, allowing claims of $100 to $750 per incident, whether actual harm is proven or not. This law is tied to the recently updated California Data Breach Notification Law AB 1130 which defined data in scope including driver’s license, social security number, email address, account numbers, as well as medical, health and biometric information.
More >>

GDPR | CCPA – 10 Steps to Designing the Right Data Protection Program

In a recent report by DLA Piper data breach notifications topped 160,000 and fines reached 114 million Euro ($126m) since GDPR rules came into effect in the EU in May 2018. The largest of which was recorded in France for 50m Euro against Google for GDPR violations.

In the UK the latest information commissioners office report shows that GDPR fines have tripled in the space of a year on the back of BA and Marriott rulings, while in the US, the California Consumer Privacy Act (CCPA) and New York Data Shield acts have just been enacted in 2020 and will certainly see data security perp walks of sorts very shortly if data breach history teaches us anything.
Well, let me start by saying, I’m sorry to be alarmist, but it’s my  job in security to be the squeaky wheel sometimes. So, in this article I hope to set you in the right direction if you have more than a passing interest in privacy by design (PbD) and data protection regulations, in particular how EU and US registered businesses in a post privacy shield era can better prepare for GDPR and CCPA regulations using a 10 point plan. The plan has been designed more toward medium to large size regulated firms given that budget constraints for security controls like IAM and the ability or requirement to hire a data protection officer maybe beyond reach of smaller firms.

In order to prime you for these steps, may I recommend that you have a glance at the GDPR FAQ’s from the EU commission press office, CCPA guidance from the Office of the Attorney General in California and New York Shield Act text from the NY Senate which is useful at a high level.

More >>

Cyber Security Training, DPO Solutions Home, DPO Solutions

Why is Privacy Awareness so Important?

Over 90% of data breaches and complaints today are caused by simple, avoidable mistakes like clicking on email links, opening attachments and forwarding personal data to the wrong parties.
These mistakes are costly not only in terms of fines, reputational damage & lost productivity, but also in time. Time to respond to regulatory requests, customer queries, getting systems back online, investigatory work and more. And on top of all of this, if you process a few thousand customer data records annually, then you are required to comply with awareness training requirements. That’s why we created economical solutions to meet these demands which are available as downloadabes on our online store. To visit our store, click the button below.

Our Privacy Policy

Data privacy is of the utmost importance to us which is why we take great care with how we use personally identifiable data. Click on the read more link below to read about our policy and alignment to GDPR and data protection acts.
The General Data Protection Regulation [GDPR] enacted in May 2018 includes a series of data protection rights which you should be aware of while using our site and services. These rights are captured in principles or articles which for the purposes of our policy constitute data subject rights. You can find our Data Privacy policy on our Privacy Policy Page