GDPR

There is a big change coming in business, affecting the way companies acquire, store and manage data. May 25th 2018 introduces a new law the General Data Protection Regulation (GDPR). Many of the GDPR’s main ideas and principles are much the same as those in the current Data Protection Act (DPA), so current compliance will be a good starting point for the new law. Some thing, though, are different, and businesses need to evaluate their practices to ensure that they comply in the future.

The Information Commissioner’s Office (ICO) has produced a checklist and resources to help businesses work out the main differences between the current law and the GDPR.  These are all available via the ICO’s Overview of the General Data Protection Regulation. The ICO is also working closely with trade associations and bodies representing the various sectors so you will be supported in implementation. It is essential to plan your approach to GDPR compliance now and to gain support in your organisation. Its possible that new procedures may be needed to comply with new transparency and individuals’ rights provisions. In a large or complex business this could have significant budgetary, IT, personnel, governance and communications implications.

A significant difference between the DPA and the GDPR is that the GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate accountability. Compliance with all the areas listed in this document will require organisations to review their approach to governance and how they manage data protection as a corporate issue. For example, one step might be to review contracts and other systems you have in place when sharing data with other organisations.

Some parts of the GDPR will have more of an impact on some organisations than on others (for example, the provisions relating to profiling or children’s data), so it would be useful to map out which parts of the GDPR will have the greatest impact on your business model and give those areas due prominence in your planning process. A start to the introduction to GDPR is to review the ICO 12-Steps to GDPR document:

https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

and the ‘Getting Ready For The GDPR’ checklist

For further information, or to access our GDPR implementation programme, please contact us.

Spring is here!

And with a lousy joke to welcome it, we’ve completely re-written our site, taking advantage of the many components now available for the common open-source (i.e. free to use) Content Management Systems. more “Spring is here!”

PC Security – WannaCry

The latest virus to hit the headlines shocked the PC world last week. WannaCry, which started to sweep round the globe last Friday and so far has infected more than 300,000 computers in 150 nations.

What is it?

Also known as Wanna Decryptor or wcry its modus operandi is to infect PCs and threaten to lock out and delete files of victims who do not pay a sum of $300 to $600 (£230 to £460) within one week of infection. Small businesses are constantly being urged to take precautionary measures to protect their businesses online. It is similar to Cryptolocker of a few years ago.

How is it installed?

The virus is usually invisibly installed on to computers by being hidden within deceptive-looking emails containing links, which users are tricked into opening. Once opened, the malware can install on to a system without the user’s knowledge.

What does it do?

Once opened, the virus is able to encrypt files and block user access to them, displaying a pop-up window on-screen telling users they have been blocked, and demanding payment – often via a digital currency such as Bitcoin.

Can you remove it without paying?

Yes, by using advanced anti-malware software. The malware can also be removed manually with a computer in “safe mode”, but this isn’t a ‘user’ technique as important system files need to be edited in order to find and isolate files created by the Wanna Decryptor software. Disinfection opportunities are reduced if the system is rebooted, so if an infection is suspected, power-down and contact an expert.

The harm of this latest attack is the ease and speed with which it spread, and the vulnerable systems that it exploited. Many NHS systems received the greatest publicity, as they were using old systems, not because of ‘budget cuts’, but because the older systems that they supported were still within useful life. Microsoft had issued a patch well in advance of widespread infection, but unfortunately many systems administrators had failed to implement this.

Businesses and individuals should make sure their internet security is up to date and in use, view emails with attachments sent from unknown senders with suspicion, avoid storing passwords on computers and make sure that backups are in place.

Get Safe Online, offers free expert advice on online security matters and they have created a great detailed post on how to protect your computer , finances and your identity against this new global online threat.

Online phishing attacks have become more and more common over the past five years as more businesses have moved online, and it presents dangers for consumers and opportunities for criminals. That is why today it is vital that businesses understand such risks.

We also recommend the use of a Password Manager such as LastPass to generate and encrypt complex passwords

Top Twitter Tips

8 Twitter Tips Guaranteed to Gain more Followers (ethically!)

Creating a voice and persona on Twitter is one of the best ways to engage with thought-leaders, meet new customers, get traffic back to your website and bridge the gap between your brand and the people who engage with it more “Top Twitter Tips”

Faceboo!

FacebooWell, in a not entirely unexpected manipulation of user’s personal information, Facebook is facing criticism after it emerged it had conducted a psychology experiment on nearly 700,000 users without their knowledge.

The test saw Facebook modify news feeds to tailor which emotional expressions the users were exposed to. The research was done in collaboration with Cornell University and the University of California at San Francisco to assess if “exposure to emotions led people to change their own posting behaviours”.

Facebook said there was “no unnecessary collection of people’s data”. Quite who the arbiter of “unneccessary” is, we are not told. “None of the data used was associated with a specific person’s Facebook account,” the social networking behemoth added.

Some, though, have criticised the way the research was conducted and raised concerns over the impact such studies could have.

“Let’s call the Facebook experiment what it is: a symptom of a much wider failure to think about ethics, power and consent on platforms,” Kate Crawford posted on Twitter. Meanwhile, Labour MP Jim Sheridan, a member of the Commons media select committee has called for an investigation into the matter.

“This is extraordinarily powerful stuff and if there is not already legislation on this, then there should be to protect people,” he was quoted as saying by The Guardian newspaper. “They are manipulating material from people’s personal lives and I am worried about the ability of Facebook and others to manipulate people’s thoughts in politics or other areas. If people are being thought-controlled in this kind of way there needs to be protection and they at least need to know about it.”

The research was conducted on 689,000 Facebook users over a period of one week in 2012.

According to the report on the study: “The experiment manipulated the extent to which people were exposed to emotional expressions in their News Feed”.

The study found that users who had fewer negative stories in their news feed were less likely to write a negative post, and vice versa.

I think, in the REAL world, we call that “empathy”.

Adam Kramer of Facebook, who co-authored the report on the research, said: “We felt that it was important to investigate the common worry that seeing friends post positive content leads to people feeling negative or left out. At the same time, we were concerned that exposure to friends’ negativity might lead people to avoid visiting Facebook.”

“I can understand why some people have concerns about it, and my co-authors and I are very sorry for the way the paper described the research and any anxiety it caused.”

So, no apology for the gross infringement of privacy, or the cynical manipulation of Users in a social experiment with almost zero validity, then.