วีดีโอ

Davis Thomas Lopez Nancy Taylor Margaret

with DPO outsourced works or accepted by the Data Privacy Act of 2012 of the Phils?

i have interview today wish me all the best 🙏

So grateful for this clip - Thank you ! Could you please explain what you mean at 9:44 "The right to withdraw consent is a tactical, not a strategic one" ?

Can’t express enough appreciation to Privacy Kitchen! Such a great conversation and so practical! Highly recommend!

Thank you Robert very important we have included this in our jamjang app

In this Privacy Kitchen session, experts Tash Whitaker and David Clarke join host Robert Bohr to dissect the complexities of data mapping for privacy governance. They explore the nuances of GDPR compliance, the impact of Brexit on data protection strategies, and share practical advice and war stories from the field. The conversation delves into the importance of understanding data maps, the challenges of maintaining accurate records of processing activities, and the implications of Brexit for cross-border data transfers and marketing practices. Takeaways 🗺 The importance of a data map as a cornerstone of privacy governance was highlighted, emphasizing its role in understanding data flows and impacts on privacy. 🤝 Introductions of the panelists, Robert Bohr, Tash Whitaker, and David Clarke, who are experts in privacy management, consultancy, and cyber and data protection, set the stage for a deep-dive discussion. 🔍 The distinction between a data map and an asset register was explored, with the former being a broader concept that includes the latter, which is more about the security and inventory of data assets. 📝 The GDPR's record of processing activities was discussed as a subset of a data map, which is crucial for understanding data processing activities and responding to data subject requests. 🚫 The challenges of questionnaires for data mapping were noted, with panelists preferring interviews to get accurate insights into data processing activities. 🔑 The role of the Data Protection Officer (DPO) in maintaining the record of processing activities was emphasized, as they need a comprehensive understanding of the business to fulfill their role effectively. 📈 The impact of Brexit on data maps was anticipated, with the potential need to revisit and adjust data transfer agreements and the possible requirement for UK companies to appoint EU representatives. 🛑 The potential increase in data subject rights requests due to the removal of PEC Regulation (ePrivacy Directive) was flagged, necessitating a detailed data map to manage these effectively. 📉 The low adoption rate of ISO 27001 was mentioned, with GDPR and other privacy regulations driving a need for more comprehensive data governance practices. 🔄 The dynamic nature of data mapping was underscored, as it needs to evolve with the business and be part of ongoing risk management and compliance activities. 📚 The complexity of managing large-scale data maps was discussed, with the need for robust systems and processes to maintain and update the data map in line with business operations.

GDPR is applicable to Europe. But what if someone from Europe is accessing data illegally in Southern hemisphere? All these fines should apply to that person as well or the company that they work for, right?

I believe they use Confidentiality and Integrity rather than the broader "Security" because Security also covers Availability (the security Triad of CIA).

In my opinion the ICO has no teeth and pretty much useless to the general public....government organisations hide behind this service referring you back to them knowing full well they will close your query down....why are they being paid by the tax payer?

@PrivacyKitchen I wonder whether you could clarify something for me? Many people have been telling me that a "natural person" i.e. private individual, someone who does not have a business, just a regular Joe, can be considered a Data Controller. I know the DPA quite well but not the GDPR. I would imagine it being highly impractical for private individuals to be classed as Data Controllers but some fairly reliable people have told me this is the case. I can't find anything that validates their opinion.

I learn about risikan

I'm sorry, how can I focus on what you're saying when that cute little thing is walking around?? My God, he's so adorable.

Very Nice

Hello. Where do I stand with a ex employee. I left the fire service due to false allegations, I then joined the police. Once in the police they asked for a reference from the fire service. They replied back the don’t give a detailed reference. 3 months late messaged back stating my investigation. No one asked or gave permission for this. Where do I stand????

DPO - should NOT mark their own homework.

Merci

Please help me. I have been the victim of Brighton and hove city council's data fraud. A letter written yesterday to Brighton and hove city council's leader. I am stuck and forced to take this route The email is as follows Dear Bella, With concern I contact you regarding fraud by council staff who have knowingly covered up acts of data fraud against myself and others which directly contravenes Brighton and hove city council's policy and legal obligations stated under the data protection act. I have minutes of a coucil meeting that stated there were many deeply regrettable data breaches by outreach staff. I also have evidence from my housing file to back up my allegations. So since September 2020 I have made your council officers aware in writing and by recording calls and the situation has been denied, minimised, gaslight and backlit to try to affect my mental health. In short as literally your own policies and the law have been shattered broken I am unfortunately left to make a private prosecution against you, your corporation and your council officers that have taken part and failed to rectify this incredibly serious set of data breaches and total failure of your corporate body , led by you. I hope you will contact me in person as I have faced retribution every time I have bought this up and it is getting worse and worse with the members of your staff treating me differently by failing to address issues that are ongoing and egregious I hope you do not mind that I send this email to the Local government's ombudsman, the ICO and the media in full and the Labour party HQ so this may not be swept under the rug as it has been for far too long. I have reported these data breaches against myself and others for 4 years in writing to many department heads and staff and your policy is very clear that it must be dealt with full stop. Yet here we still are. Will you call me to lay my fears to rest that a cover up is not happening for the last 4 years ? Your senior governance team has my number. Kind Regards David These are deliberate data breaches in retaliation to complaints regarding fraud and forgery . Please, please help me someone

Thank you. Does this apply to small (1 or 2 person) business?

Very simple, easy to understand and concise video, super helpful!

Cool channel

Can you tell me if emails which have gone missing from a company who I'm in dispute with can be claimed against using GDPR? Or point me in the right direction for advice?

How can l received my data from my stolen phone Micromax Q382 of imei1-911467754510476 because this phone is controlled by hackers

Hello Robert, it was a nice explanation of GDRP principles. Regulatory authorities in EU and other countries are tightening the supervision to ensure Data Protection of Data Subjects by the Data Controllers and Data Processors. Element of Free Data Consent f Data Subjects is of crucial importance.

Fantastic video. Using this as part of my CIPP / US studies. Thanks!

Is it breaching GPDR if a clients name is in an email title..on counselling?

Amazing videos, using alongside my study for the CIPP/E exam. Did you get around to doing one on joint controllers?

Shouldn't privacy be assumed, why are they asking you to consent with yes/no options? What are you actually consenting to?

Great video. Love GDPR and all its nuances!

If u was to use a company laptop in a cafe and ask the person during a call if this is stil there email and address but none else in the cafe is this a breach ?

Very clearly explained, thank you for the information. Was that dripping tap water in the background? Makes sense as part of a Privacy Kitchen, I suppose. 💧🚰

I am seriously concidering taking someone to court over this.

Great Job🔥 thank you 🙏🏻

Any episodes in the pipeline? How about NIS2?! Thanks

How can you prove who gave your details to someone else ? Like my old employer, is someone is trying to get in touch with me and call them ? How long can your old employer keep your details IE phone number, Email?

Hi I had an occupational health report left out in a communal area where I work. The person who left it out investigated it themselves and decided no data was breached. Two months later they reported it to the organisation. Any ideas?

So my collection of data can be collected on amopt out basis as a baseline and make it a dataset to run through a machine learning algorythm for sentiment analysis. Truthfull and whatever else I want.unpess the can tell m what I have and prove they are them and as long as I do t hold an unbekcrypted csv train a mlboy to do whatever I want with uptobamd including paroting them deep faking anything but I cqnsell the CSV however I can use the ml tlas a monthly membership making sat DWP the product?

as to the first thing you cited: don't wear a suit made from plastic and doesn't fit you...wink wink

I've been watching a lot of 'auditing' videos lately and I'm fully acquainted with an auditor's right to film... but when it comes to publishing, especially when someone belonging to whatever company is being audited specifically says they do not want this being shown on TH-cam, I get lost in the tangled and layered swamp that covers privacy. Is auditing for 'personal use'? Do auditors have to comply with GDPR? Can they publish someone's image if they have been asked not to? Do Google rules apply in UK? I'm totally lost with all of the legislation.

What would be the legal grounds for unfair dismissal for a private group conversation on Facebook leading to removal from a charity group? i.e if someone was raising awareness of manipulation or asking a question that would lead to a screen shot which in turn would be shown to the leaders. Thanks for any input, been round the merry go round with google search and Facebook privacy laws.

This video is very good and helpful thank you so much for this. I would like to share my incident and if you could provide your view it will be great of you. I requested for CCTV footage under sujbect access request with Apple regarding an incident in store. They have deleted the footage and apologied saying we failed. ICO has told me they will ask them to improve future incident better. I am at loss on everything, esp with the racist incident in store.. what can I do?

I have a question. In UK, I bought an electronic device, the Application necesary to set up and run this electronic device wasn't available in Google Play store. So I called support centre and they emailed me a link to a Web page to download the phone application. I was anxious to open my new gadget and this webpage contained virus/malware my personal mail( containing all type of sensitive data)was open. After some time I notice the phone working really bad and reset it afraid of Virus. Is this a data breach? Many thanks! #PrivacyKitchen

Good discussion. I have three questions. Does UK GDPR apply to UK employers who use cloud-based companies in EU countries to store staff training and competency records? What polices should they have in place if they are moving away from a paper-based system to digital? Can a UK employer insist on staff having their photo/video used to document a training or competency activity to be held in the cloud based outside the UK?

Hey i wanted to ask, can any thing come up from using a declaration vs a checkbox in any scenario I agree to Terms and Conditions [checkbox] I agree to Privacy Policy [checkbox] vs on registration showing a declaration By proceeding i agree to [Service]'s Terms and Conditions and Privacy Policy (popular in tech giants, and other apps i've tested, its nicer UX) I am in a debate with this at work at the moment and am told i am wrong, what about class 2 medical devices?

This is really helpful. How does intra-group data processing work? For example. Need more guidance on this pls.

Hi. I don't understand the detail about the Art 28 being covered by the EU SCC Addendum but not the IDTA. The ICO's addendum template mentions Art 28 once, and it is very tentative. However, their IDTA template mentions it five times and does have clauses that mention the need for a linked agreement between the parties that complies with Art 28. Could you clarify more please? Thanks.

As if they ever disclose any of this

Great video. Effective information. Dear Sir, I have 8 years experience in ISO 9001, ISO 27001, GRC compliance, I want to go for GDPR compliance, hope this information will help for future.

I am Nigerian Your mouth is too fast

Great video!