Every few months or so, there is a breach penalty which stands out among others. In this instance, it is the Dixons Carphone, which has been the recipient of a £500,000 fine in response to exposing the details of 5.6 million payment cards.

The festive season is nearly upon us; and while you might be dreaming about cookies of the sugary and Christmas themed type, European judges have other ideas. The other type of cookie – and most likely the more frequent – are those used on websites to store small amounts of information on our local endpoints to assist with functionality.

Picture a heist. Picture that heist involving a hundred million people or more. Picture how that may look; imagine how that might sound. You’d be forgiven for imagining simultaneous full-scale bank robberies with alarms blaring and guns blazing, but this isn’t what heists look like anymore. Heists are silent. Heists hit millions, even billions, at one time from one remote location.

So here we are. At that juncture which we have all be expecting, where warning and preparation meet reality. The GDPR has delivered intention of its first astronomical penalty value, with British Airways in its cross-hairs, to the tune of £183 million.

After last years high-profile data breach, it was expected that British Airways would be made an example of; and what an example it is.

For some, it might have felt like the GDPR was a little bit of an anti-climax. Relative hysteria in the build up to May 2018 has not led to the end of marketing departments, mass administration of fined companies or denial of service by DPIA's.

Instead, in the 12 months since its enforcement, all has been a little quiet.

Or has it?

It is both curious and comical to me how certain topics surrounding the GDPR (General Data Protection Regulation) seem to generate more buzz than others, whether they are correct or not. Such as the topic of consent being the only form of lawful processing, the overriding right to be forgotten in any circumstance and the belief that all forms of outbound marketing have been confined to history.

In the scramble of the final days leading up to the 25th of May 2018, Google crawl bots would have noticed universal updates taking place across the internet. Privacy policies for an unquantifiable number of organisations and companies were being adapted to fit the GDPR.

By now you have probably learned that the processing of personal data does not always require an act of consent. Whilst much of the internet is obsessing over consent, re-consent and double opt-in consent, you have correctly discovered that it is not the only way to legally process personal data.

Marketing automation solutions have come along way in the past five years. Once used for mass emailing, now expanded to include an array of interactivity features such as blogs, landing pages and pop-ups, all to enrich the process of inbound marketing. But as the GDPR (General Data Protection Regulation) enforcement data looms nigh, how ready are the likes of MailChimp? and what do you need to know as their data controller?

Like many an industry trend before, MSSP (Managed Security Service Provider) appears to be trending among IT teams and security practitioners alike; embracing the cloud and hosting technologies to relieve the burden of ownership and maintenance, retain security practices and benefit from subscription models of service.

With less than 100 days to go until the enforcement of the GDPR (General Data Protection Regulation) and the relevance of this blog post on a short time span, a certain level of panic may begin to consume those who have only just started to take this subject seriously.

So, you've been told that you need to destroy your prized contacts database unless you can prove that you have consent to process the personal data of those that you store. Maybe you can send out communication asking those contacts to re-consent... but how many would? And what about the problems which Honda incurred by doing this?

I am certain that there is likely to be nobody reading this blog who has never been to a trade fair or industry event. Huge gatherings of like-minded individuals, peers or even just the curious jostle past one another, between extravagant stands paid for vendors promoting their wares.

The GDPR (General Data Protection Regulation) is a complex beast, of which there seems to be an endless supply of regurgitated information online, in print and at various events. What is lacking however is practical information on how to handle its requirements operationally.

Uber, the world's most famous disruptor of the taxi industry has never been short of controversy. Whether it be accusations of poor employment practices, sexual harassment at HQ or their never ending legal duels with various city councils, the workload for Uber’s public relations department is certainly colourful to say the least.

'The devil is in the detail' is a phrase which comes to mind when speaking about the GDPR (General Data Protection Regulation). The obvious topics surrounding the application of the regulation's articles have been extensively discussed, leaving behind those tricky and often overlooked details.

Wherever there exists a conversation about the GDPR (General Data Protection Regulation), you can guarantee a handful of infamous topics are covered. The scaremonger worthy administrative penalties, the notion of consent being the lawfulness to rule all others and the Lord Lucan of rights, the right to forgotten.

Much like the fable of the Emperor's New Clothes, there is much talk of the GDPR but little with any real substance. You have no doubt been told of the potential fines and heard of the right to be forgotten but how does the GDPR actually affect the IT security channel operationally? Rather than walking into 2018 wearing nothing, like the ill-fated Emperor in the tale. We interviewed Infinigate UK Sales Manager, Mike Tye, for his opinion on the operational challenges which he expects value-added resellers to witness as a result of the GDPR.

In the pursuit of writing about the practical application of the GDPR (General Data Protection Regulation) rather than reciting the contents of the freely available regulation document, I am writing this blog to answer a commonly asked question regarding the purchasing of marketing contact lists post May 2018.

As far as titles go, this one will likely prove divisive. On one hand, there are a plethora of IT security solution and service providers who are keen and hungry for the opportunity to work with customers on their preparations for the GDPR. On the other, doubt is sowed by those who question the ability of anyone who claims to know anything about the GDPR, simply because there is nobody with experience in application of a regulation which yet to come into force.

Without much hesitation, I am certain that my experience of the past eighteen months has been similar to others. Attending and consuming countless GDPR focused conferences, webinars, panel discussions, blog posts and webinars in an effort to strengthen my own grasp of the topic and to trade suggestions on real-life application with peers. There is much to gain from such occasions.

It's almost six months until the implementation date of the European GDPR (General Data Protection Regulation) and the UK begins its journey toward the club's exit door. The release of the DPB (Data Protection Bill 2017) has confirmed the UK's position on how it plans to remain tied, yet distinct from its European neighbours.

If the GDPR were a sea, it would be vast, confusing and in some places its shallow rocky geography would threaten metaphorical ships with disaster. Guidance for any would-be captain is plentiful; just searching for the term ‘GDPR’ in Google yields hundreds of thousands of results. From the basics of learning your portside and starboard to the more practical of how to protect your vessel from the supervisory authority’s arsenal, much is covered. That is with the exception of working with third-parties and most importantly, cross-border processing, something which is a normal aspect of business today, irrespective of size. This darker corner of the regulatory map is less often explored and must begin with identifying who is wearing the hat of the data controller and the data processor.

We have all been conditioned to fear the arrival of May 2018. Hell-fire, brimstone and a newly powerful Information Commissioners Office (ICO) will rain administrative fines from the skies. Yet, for those who have summoned the ability to stay awake long enough to brave the final pages of the regulation, article 99 suggests its implementation date is less clear than originally thought.

Everybody has heard of fake news. Any politician worthy of their claim to modernity has dispensed the term as a battle cry against challenging forces. Bias, misunderstanding, spin, bending the truth are just some of the linguistic aliases which sit on a sliding scale of innocent mistake to concocted falseness.