About Life with GDPR

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond.

    DateTime Object ( [date] => 2019-11-13 10:56:21.452937 [timezone_type] => 3 [timezone] => UTC )
    Array ( [id] => 5cfbb106-f37f-11e9-ab5d-43c6e104d123 [createdAt] => 2019-10-20T14:19:55.775-07:00 [updatedAt] => 2019-10-21T03:34:47.959-07:00 [title] => Episode 35- What does Brexit Mean for GDPR? [pubdate] => 2019-10-21T03:34:41.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/5cfbb106-f37f-11e9-ab5d-43c6e104d123/image/uploads_2F1571606293349-00n4rp1hgu6bh-2bb115d494f1b6f30188e16fc8d7829e_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 35 [subtitle] => [summary] =>

    In this episode Jonathan Armstrong and I consider the implications of GDPR enforcement going forward after Brexit. Recognizing the situation is incredibly fluid, there are nevertheless some areas of risk management that you can begin to prepare for in the event of a deal for an orderly Brexit, a no-deal Brexit or an extension of the deadline Some of the highlights in this episode include:

    1. What does Brexit mean for GDPR enforcement?
    2. How will the UK-ICO move forward after Brexit?
    3. What are the implications of a no-deal Brexit? What can a company do to prepare at this point?
    4. How will the Irish regulators react to Brexit?
    5. What will Brexit mean for internal investigations, both in the UK and EU?
    6. What happens if there is an extension?
    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/5cfbb106-f37f-11e9-ab5d-43c6e104d123/stripped_f1586e1334a105f81013a53f7a254e86.mp3 [downloadUrl] => http://traffic.megaphone.fm/CSN3440934156.mp3 [size] => 38755264 [duration] => 968.88 [uid] => CSN3440934156 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/5cfbb106-f37f-11e9-ab5d-43c6e104d123/id3/5500501d052b3e36cf065293b1fa22e5.mp3 [id3FileProcessing] => [id3FileSize] => 227982 [parentId] => [guid] => [pubdateTimezone] => Eastern Time (US & Canada) [originalFilename] => Episode 35-Brexit From the Data Privacy.Protection Perspective - 10_20_19, 4.12 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode Jonathan Armstrong and I consider the implications...
  • Array ( [id] => c0eb55a2-e940-11e9-91fb-0bb1e8a277cc [createdAt] => 2019-10-07T13:26:33.517-07:00 [updatedAt] => 2019-10-07T13:26:50.058-07:00 [title] => Role of Vendors in Data Breaches [pubdate] => 2019-10-09T21:00:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/c0eb55a2-e940-11e9-91fb-0bb1e8a277cc/image/uploads_2F1570479940626-bcsf4bs3k0i-741b765ceed7991babca23903f94fbc4_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => [subtitle] => What is the role of vendors in any data breach and response thereto? In this episode of Life with GDPR, Jonathan Armstrong and Tom Fox are back to explore and provide insights going forward. [summary] =>

    In this episode of Life with GDPR, Jonathan Armstrong and Tom Fox are back to discuss the role of vendors in data breaches and the corporate response thereto. Some of the highlights in this episode include: 

    How much due diligence did you perform on your vendors from the data protection risk perspective?How much due diligence did you engage in for any M&A activity or acquisitions?Do you have the full cooperation of your vendors in any data breach?What is the role of a vendor in responding to a data breach?Does your risk management strategy have a fall back if you have to terminate a vendor over a data breach?For more information on vendor data breaches, check out the following resource on the Cordery Compliance website, https://www.corderycompliance.com/dealing-with-a-data-breach/ . Also if you have not done so, check out the Cordery Breach Navigator here,  https://www.corderycompliance.com/solutions/breach-navigator/

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/c0eb55a2-e940-11e9-91fb-0bb1e8a277cc/stripped_01ecbb130ae3055794453bc67b27077d.mp3 [downloadUrl] => http://traffic.megaphone.fm/CSN7011502575.mp3 [size] => 47909615 [duration] => 1197.74 [uid] => CSN7011502575 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/c0eb55a2-e940-11e9-91fb-0bb1e8a277cc/id3/85228e7a0f8886185f9869c6fbb8ce93.mp3 [id3FileProcessing] => [id3FileSize] => 229238 [parentId] => [guid] => [pubdateTimezone] => Eastern Time (US & Canada) [originalFilename] => Episode 34-Role of Vendors in Data Breach - 10_7_19, 3.19 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode of Life with GDPR, Jonathan Armstrong and...
  • Array ( [id] => bd43dfa0-d955-11e9-8d18-3bee1bcf2d40 [createdAt] => 2019-09-17T07:16:28.213-07:00 [updatedAt] => 2019-09-17T07:17:23.816-07:00 [title] => Episode 33- Lessons Learned in Year 1 of GDPR, Part 3 [pubdate] => 2019-09-18T21:00:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/bd43dfa0-d955-11e9-8d18-3bee1bcf2d40/image/uploads_2F1568729727853-saop3204x1d-8f08af7532c77e3b78597addbabb694e_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 33 [subtitle] => In this episode of Life with GDPR, we conclude our three-part series of some of the key lessons learned from the first year of GDPR. [summary] =>

    In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, we conclude our three-part series of some of the key lessons learned from the first year of GDPR. Some of the issues and highlights are:

    Remediate then report. The remediation of an issue before reporting can be the key issue for regulators on whether they will move forward with a more public spanking. It is important to show that you have learned lessons and applied them to the facts of your data breach. Don’t try and cheat the victims by imposing new contractual terms such as Equifax did in its recent settlement. Think of the simple way for a data breach to occur, a briefcase left on the Tube.

    Don’t Diss the DPA. Why would a company take on the regulator? You must respect the regulator even if you disagree with them. You can make a bad situation worse by attacking the regulators. This does not mean you cannot forcefully argue you position or zealously represent you client but calling regulators idiots in public filings will not help you position or your case. 

    Keep logs. This is important in case you need to revisit a decision later. Regulators can ask to see these logs at any time, not simply during an investigation or enforcement action. A compliance officer should be involved in the maintenance of the log system. Document Document Document. Unannounced inspections are beginning to occur.

    Debrief and Learn. Revisit the facts to see what lessons are to be learned. Continuous improvement. Even on a journey of 1000 miles, it is important to look back. Once again if you make a change due to a breach or other event, document what you have done so you can show the regulators.

    For more information on Cordery Compliance, go their website here.

    For more information on data breaches, see here.

    Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/bd43dfa0-d955-11e9-8d18-3bee1bcf2d40/stripped_fdc97a3092279a4a528c959f41734601.mp3 [downloadUrl] => http://traffic.megaphone.fm/CSN3526214596.mp3 [size] => 19294981 [duration] => 1607.92 [uid] => CSN3526214596 [originalUrl] => [bitrate] => 96 [samplerate] => 44100 [channelMode] => mono [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/bd43dfa0-d955-11e9-8d18-3bee1bcf2d40/id3/e3933139a6c7ef0f99cfaf28c58e2789.mp3 [id3FileProcessing] => [id3FileSize] => 231790 [parentId] => [guid] => [pubdateTimezone] => Eastern Time (US & Canada) [originalFilename] => Episode 33- Lessons Learned in Year 1 of GDPR, Part 3 - 9_17_19, 9.12 AM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this podcast, data privacy/data security expert Jonathan Armstrong and...
  • Array ( [id] => b3e9a418-c4f0-11e9-a119-d34ecae96522 [createdAt] => 2019-08-22T08:22:50.099-07:00 [updatedAt] => 2019-08-22T10:54:37.802-07:00 [title] => Episode 32- Lessons Learned in Year 1 of GDPR, Part 2 [pubdate] => 2019-09-04T21:00:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/b3e9a418-c4f0-11e9-a119-d34ecae96522/image/uploads_2F1566487305217-8aowkjxsal7-d68997a0c7b71c5429df1d0617501cc4_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 32 [subtitle] => In this episode of Life with GDPR, we continue our three-part series of some of the key lessons learned from the first year of GDPR. [summary] =>

    In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, we continue our three-part series of some of the key lessons learned from the first year of GDPR. Some of the issues and highlights are:

    DPIA Everything. It’s mandatory under GDPR. It is a process analysis so you will need Subject Matter Expertise. How often do you revisit DPIA? Regulators are beginning to look at the process of your DPIA. When new process comes into play, you should do a new DPIA. Do you require DPIA when you hire 3rdparty vendor or in the M&A situation? If not you should do so moving forward.

    Do SARs and DSRs are real good.How do you deal with these types of request? More importantly do you have a centralized team to understand the reason behind the request. Who could make that analysis? Is it a work in progress for your organization? Robust response to SARs is critical, as they are here to stay as core component of GDPR.

    Respect the time. Time limits are much more generous in the US. Some regulators suggest not to be obsessed with time. Will courts allow ‘reasonable delay’? Corporations trying to extend the 72 hour by time zone arguments and other ridiculous argument by US corporations. (Listen for the Thanksgiving Weekend exemption) Regulators can fine you for being late. Are US companies getting the message? It’s a mixed bag, some are not doing so.

    For more information on Cordery Compliance, go their website here.

    For more information on data breaches, see here.

    Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/b3e9a418-c4f0-11e9-a119-d34ecae96522/stripped_598c2a51e83dcff4aa7f71e3aa290862.mp3 [downloadUrl] => http://traffic.megaphone.fm/CSN5956177675.mp3 [size] => 60512129 [duration] => 1512.8 [uid] => CSN5956177675 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/b3e9a418-c4f0-11e9-a119-d34ecae96522/id3/a87cd5fea3249e96df3aae44bf4b6033.mp3 [id3FileProcessing] => [id3FileSize] => 231032 [parentId] => [guid] => [pubdateTimezone] => Eastern Time (US & Canada) [originalFilename] => Episode 32- Lessons Learned in Year 1 of GDPR, Part 2 - 8_22_19, 12.39 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this podcast, data privacy/data security expert Jonathan Armstrong and...
  • Array ( [id] => 7c4bb88e-c2bb-11e9-9f92-73516c8a74c2 [createdAt] => 2019-08-19T12:56:51.136-07:00 [updatedAt] => 2019-08-19T13:38:47.507-07:00 [title] => Episode 31-Lessons Learned in Year 1 of GDPR, Part 1 [pubdate] => 2019-08-21T21:00:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/7c4bb88e-c2bb-11e9-9f92-73516c8a74c2/image/uploads_2F1566244499615-qyes07ebj9-3d884792924fbdddb4fb7d8e2f13886c_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 31 [subtitle] => In this part 1 of a three-part podcast series, Jonathan Armstrong and I consider 10 lessons learned from the first year of GDPE enforcement. [summary] =>

    In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, we begin a three-part series of some of the key lessons learned from the first year of GDPR. Some of the highlights in this episode include:

    Do you have a plan? You need to have a plan for a data breach because it is not if but when you will be hacked. Armstrong advises you can be two plans; one for all employees which is straight-forward so that all employees will be able to understand it. You should have a second plan, which you rehearse which is for all compliance/IT/data security. It should be process driven so it allows flexibility for those responding.

    Know your data and know your third parties. Many companies have disaggregated data because they have so many vendors and platforms where data is stored. You must know who has your data. Do you have visibility into 3rd, 4thand 5thparties from the data perspective? You should also capture where data is going in an organization, particularly customer and employee data. Finally, and sadly overlooked by many US companies is the question of data protection of a US parent when a UK/EU sub is audited?

    Assemble your data response team now and practice, practice, practice.You need to look at your data security response. What does the A Team teach you about data response? You should strive for strength in diverse skills and practice your response. Look at PR rapid response, your compliance, your legal response all in addition to your IT/data security response. Regulators looking at share price drop off, this shows the need for a rapid, practiced response.

    For more information on Cordery Compliance, go their website here.

    For more information on data breaches, see here.

    Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/7c4bb88e-c2bb-11e9-9f92-73516c8a74c2/stripped_90c25e4b84e5626e3292f310d6e6dc89.mp3 [downloadUrl] => http://traffic.megaphone.fm/CSN1054251628.mp3 [size] => 70201468 [duration] => 1755.04 [uid] => CSN1054251628 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/7c4bb88e-c2bb-11e9-9f92-73516c8a74c2/id3/b80ccc0fca95550605f6025f96786178.mp3 [id3FileProcessing] => [id3FileSize] => 231516 [parentId] => [guid] => [pubdateTimezone] => Eastern Time (US & Canada) [originalFilename] => Episode 31- Lessons Learned in Year 1 of GDPR, Part 1 - 8_19_19, 2.34 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this podcast, data privacy/data security expert Jonathan Armstrong and...
  • Array ( [id] => 86b174cc-a1ae-11e9-a364-9323dd931443 [createdAt] => 2019-07-08T11:30:56.747-07:00 [updatedAt] => 2019-07-08T11:31:17.557-07:00 [title] => Life With GDPR: Episode 30- British Airways GDPR Enforcement Action [pubdate] => 2019-07-10T21:00:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/86b174cc-a1ae-11e9-a364-9323dd931443/image/uploads_2F1562610494990-7q2sxtqvq4q-575ccb4261612f23dda1a102b9373381_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 30 [subtitle] => In this episode f Life with GDPR, Jonathan Armstrong and I discuss the proposed UK Data Protection Regulator fine against British Airways for its September 2018 reported data breach. [summary] =>

    In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, we discuss the recently announced proposed fine by the UK Data Protection Regulator against British Airways (BA) after its data breach. She intends to fine the airline £183.39 million (approximately $230MM).

    Some of the highlights in this episode include:This proposed fine represents the largest GDPR fine in the UK.As the fine is now open to comment by BA and other national data protection regulators, the amount of the final fine may change.The BA CEO comes out swinging against this fine.What was the role of the ICO as ‘lead regulator’?Will BA’s tone-deaf posturing hurt or help it with the final penalty?What did BA know and when did they know (yes that is the famous Watergate question) will be a critical analysis.What remedial measures did BA engage in after it became aware of the breach?What are the lessons to be learned by the data privacy officer?For more information on Cordery Compliance, go their website here.

    For additional reading see the Cordery Compliance article, “UK Data Protection Regulator Announces Intention to Fine BA after Data Breach”.

    Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/86b174cc-a1ae-11e9-a364-9323dd931443/stripped_4a67669ccace727daa77708a71275397.mp3 [downloadUrl] => http://traffic.megaphone.fm/CSN1654600688.mp3 [size] => 59263476 [duration] => 1481.59 [uid] => CSN1654600688 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/86b174cc-a1ae-11e9-a364-9323dd931443/id3/253dcd09d621934d71491127e62f933b.mp3 [id3FileProcessing] => [id3FileSize] => 230472 [parentId] => [guid] => [pubdateTimezone] => Eastern Time (US & Canada) [originalFilename] => Episode 30-BA Enforcement Action - 7_8_19, 1.05 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this podcast, data privacy/data security expert Jonathan Armstrong and...
  • Array ( [id] => f13c7ff4-83f3-11e9-b496-17218f04f840 [createdAt] => 2019-05-31T15:32:15.885-07:00 [updatedAt] => 2019-05-31T15:32:49.834-07:00 [title] => Life With GDPR: Episode 29- GDPR Year 1 Review-Part II, the Issues [pubdate] => 2019-06-05T21:03:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/f13c7ff4-83f3-11e9-b496-17218f04f840/image/uploads_2F1559341700822-cq9423q9f4p-6c8137060799287b2aa1a5f11ca44b11_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 29 [subtitle] => [summary] =>

    In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. This episode is the first of a two-part series where  Jonathan Armstrong and myself consider some of the highlights from the first year of GDPR implementation and enforcement. In this Part I we considered some of the enforcement numbers. In this Part II, we discuss some of the substantive issues. Some of the highlights in this episode include: Security issues-multiple regulators for large breaches and questions of whether TOMs are adequate. 6 Principles of GDPR-highest is around transparency.Data Subject Rights are seen as the biggest corporate pain points.DPIAs have been embraced by many companies and are seen by regulators as the backbone of a corporate compliance program around data security/data privacy. Industry sweeps are beginning to occur. Mixed quality of legal advice is hurting many companies in their compliance efforts. Some significant cases are headed to trial and then appeal. GDPR is here to stay. For more information on Cordery Compliance, go their website here.For additional reading see the Cordery Compliance article, “GDPR One Year On”.Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/f13c7ff4-83f3-11e9-b496-17218f04f840/stripped_b2a1b4b93500889c7b675c494c1da937.mp3 [downloadUrl] => http://traffic.megaphone.fm/CSN1194916590.mp3 [size] => 77156309 [duration] => 1928.91 [uid] => CSN1194916590 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/f13c7ff4-83f3-11e9-b496-17218f04f840/id3/ca5af34836ed3ea6f2d802cf71d0de2a.mp3 [id3FileProcessing] => [id3FileSize] => 162333 [parentId] => [guid] => [pubdateTimezone] => Eastern Time (US & Canada) [originalFilename] => Episode 29-1st Year Wrap Up - 5_27_19, 12.12 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this podcast, data privacy/data security expert Jonathan Armstrong and...
  • Array ( [id] => e8383c62-8151-11e9-aa38-db0246888451 [createdAt] => 2019-05-28T07:07:19.953-07:00 [updatedAt] => 2019-05-28T07:08:04.924-07:00 [title] => Life With GDPR: Episode 28- GDPR Year 1 Review-Part I, the Numbers [pubdate] => 2019-05-29T21:10:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/e8383c62-8151-11e9-aa38-db0246888451/image/uploads_2F1559052178492-dzh2kwrwser-26097cd955736eda9b0e1833f95fadec_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 28 [subtitle] => In this episode Jonathan Armstrong and myself begin a two-part podcast series where we review the first year of GDPR. In this episode we consider the numbers from Year 1. [summary] =>

    In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. This episode is the first of a two-part series where  Jonathan Armstrong and myself consider some of the highlights from the first year of GDPR implementation and enforcement. In this Part I of this two-part series we consider some of the enforcement numbers. In Part II, we will consider some of the substantive issues. Some of the highlights in this episode include: EDPB says just over 150,000 complaints files EU under GDPR. Robust enforcement by both regulators and private bodies/citizens.UK leads with the largest number of complaints filed, followed by Germany then France.Around 950 complaints have reach courts. Italy is the country which has seen the largest number of court cases. Several countries are increasing inspections which could lead to enforcement actions.  For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/e8383c62-8151-11e9-aa38-db0246888451/stripped_a2a613e60682b8723263461f64335a00.mp3 [downloadUrl] => http://traffic.megaphone.fm/CSN3869473445.mp3 [size] => 25678366 [duration] => 641.96 [uid] => CSN3869473445 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/e8383c62-8151-11e9-aa38-db0246888451/id3/e6b84a85f89e314f83dc9a3d09aece68.mp3 [id3FileProcessing] => [id3FileSize] => 162055 [parentId] => [guid] => [pubdateTimezone] => Eastern Time (US & Canada) [originalFilename] => Episode 28-1St Year Enforcement Numbers - 5_27_19, 12.11 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this podcast, data privacy/data security expert Jonathan Armstrong and...
  • Array ( [id] => c600cddc-769b-11e9-85b8-4b0e463d0b43 [createdAt] => 2019-05-14T15:58:22.531-07:00 [updatedAt] => 2019-05-14T15:58:45.159-07:00 [title] => Life With GDPR: Episode 27- BountyUK Ltd. Notice of Monetary Penalty [pubdate] => 2019-05-15T21:06:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/c600cddc-769b-11e9-85b8-4b0e463d0b43/image/uploads_2F1557874412527-rskd2d8b7b-b70a2252d7bf1630becb7a221f077aad_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 27 [subtitle] => In this episode Cordery Compliance Partner Jonathan Armstrong and myself break down the recently released BountyUK Ltd. data privacy enforcement action. [summary] =>

    In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, I visit with Jonathan Armstrong about a recent enforcement action against Bounty UK Ltd. by the UK data protection regulator. Some of the issues and highlights are: The enforcement action came out of the Facebook/Cambridge Analytica investigation. Déjà vu all over again?Why did the company receive 80% of the highest possible fine?How does this case mimic the Emma’s Diary enforcement action?What are the lessons to be learned? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/c600cddc-769b-11e9-85b8-4b0e463d0b43/stripped_804abde12ae766e3679f52d1cd59bc71.mp3 [downloadUrl] => http://traffic.megaphone.fm/CSN5006169486.mp3 [size] => 70082350 [duration] => 1752.06 [uid] => CSN5006169486 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/c600cddc-769b-11e9-85b8-4b0e463d0b43/id3/bb7e7bed9162b24f2a9f3db07a848847.mp3 [id3FileProcessing] => [id3FileSize] => 161299 [parentId] => [guid] => [pubdateTimezone] => Eastern Time (US & Canada) [originalFilename] => Episode 27-BountyUK Ltd. - 5_14_19, 5.06 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this podcast, data privacy/data security expert Jonathan Armstrong and...
  • Array ( [id] => 88a6776c-69e8-11e9-8c23-0f5ce1ded0b8 [createdAt] => 2019-04-28T12:05:05.727-07:00 [updatedAt] => 2019-04-28T12:05:22.555-07:00 [title] => Life With GDPR: Episode 26- The Importance of Passwords [pubdate] => 2019-05-01T22:03:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/88a6776c-69e8-11e9-8c23-0f5ce1ded0b8/image/uploads_2F1556478264851-db7exlwgexo-c32afc36acb0efb6a9c57a2fb85221d9_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 26 [subtitle] => Life With GDPR: Episode 26- The Importance of Passwords [summary] =>

    In this episode, I visit with Jonathan Armstrong a topic which does not seem to garner the attention that it deserves in data protection; that being passwords. Some of the issues and highlights are: What is two-factor authentication? How, when and where should your use it?What are the most common passwords still in use?Why are passwords one of the most basic forms of data security protection?What are the lessons to be learned? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/88a6776c-69e8-11e9-8c23-0f5ce1ded0b8/stripped_24e74b2fdc8960f727f50fb3278894a2.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS9140819275.mp3 [size] => 43689272 [duration] => 1092.23 [uid] => ACS9140819275 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/88a6776c-69e8-11e9-8c23-0f5ce1ded0b8/id3/ba75963ac22ef426398f463d7cf73c23.mp3 [id3FileProcessing] => [id3FileSize] => 32185 [parentId] => [guid] => [pubdateTimezone] => Central Time (US & Canada) [originalFilename] => Episode 26-Passwords - 4_17_19, 4.54 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode, I visit with Jonathan Armstrong a topic...
  • Array ( [id] => 5232c0b6-6112-11e9-b3a1-0f0be362fde1 [createdAt] => 2019-04-17T06:11:32.773-07:00 [updatedAt] => 2019-04-17T14:41:58.488-07:00 [title] => Life With GDPR: Episode 25- Data Breach=Deadly Consequences [pubdate] => 2019-04-17T22:05:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/5232c0b6-6112-11e9-b3a1-0f0be362fde1/image/uploads_2F1555506301065-glzwgp4k0ic-dcedc4bdd32a2b8ff18fa0d7a0adb91a_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 25 [subtitle] => Life With GDPR: Episode 25- Data Breach=Deadly Consequences [summary] =>

    In this episode, I visit with Jonathan Armstrong to consider the recent regulatory fine leveled against London Borough of Newham £145,000 for a data breach involving the data of more than 200 people. It presents a situation where a data breach was literally a matter of life and death. Some of the issues and highlights are: What was the data and why was it so sensitive? How was the data leaked?How did the authorities determine the data breach?What as the basis of the Information Commissioner’s Office (ICO) fine?What are the lessons to be learned? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/5232c0b6-6112-11e9-b3a1-0f0be362fde1/stripped_7bcf782e7dde7a3cbdb8319d33e78c14.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS3875045973.mp3 [size] => 39944358 [duration] => 998.61 [uid] => ACS3875045973 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/5232c0b6-6112-11e9-b3a1-0f0be362fde1/id3/6a39f9076c4b76f9ed3fc5d41de583b4.mp3 [id3FileProcessing] => [id3FileSize] => 32445 [parentId] => [guid] => [pubdateTimezone] => Central Time (US & Canada) [originalFilename] => Episode 25-Newham Enforcement Action - 4_17_19, 4.34 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode, I visit with Jonathan Armstrong to consider...
  • Array ( [id] => eaeef786-4833-11e9-b9b9-5f52d6d03152 [createdAt] => 2019-03-16T14:39:03.342-07:00 [updatedAt] => 2019-03-16T14:39:30.510-07:00 [title] => Life With GDPR: Episode 24- Phishing [pubdate] => 2019-03-27T22:00:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/eaeef786-4833-11e9-b9b9-5f52d6d03152/image/uploads_2F1552772193954-tklah8538jd-0c1d68bfffeb97ccae4c4290b18fae1a_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 24 [subtitle] => Life With GDPR: Episode 24- Phishing [summary] =>

    In this episode, I visit with Jonathan Armstrong consider the increasing business risk around phishing. There have recently been some multi-million-dollar losses around phishing so you need to be prepared. Some of the issues and highlights are: What is phishing? The largest number of data breach have come through phishing. Why has it become such a business risk?What are the requirements a company take against phishing under GDPR?What are the three key concepts in data protection?Modern phishing attacks are very sophisticated.What are some of the most intricate frauds seen in this area? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/eaeef786-4833-11e9-b9b9-5f52d6d03152/stripped_d77d9e92fa4e830b7f4f4c69a91996e0.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS1126302915.mp3 [size] => 39290252 [duration] => 982.26 [uid] => ACS1126302915 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/eaeef786-4833-11e9-b9b9-5f52d6d03152/id3/bd1013bfb61c30af5d824785ef3442bc.mp3 [id3FileProcessing] => [id3FileSize] => 32453 [parentId] => [guid] => [pubdateTimezone] => Central Time (US & Canada) [originalFilename] => Episode 24-Phishing - 3_13_19, 3.25 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode, I visit with Jonathan Armstrong consider the...
  • Array ( [id] => 1eb993b2-4831-11e9-a396-077938cb25fe [createdAt] => 2019-03-16T14:19:01.743-07:00 [updatedAt] => 2019-03-16T14:19:26.363-07:00 [title] => Life With GDPR: Episode 23- Looking into the 2019 Crystal Ball [pubdate] => 2019-03-20T22:00:00.000-07:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/1eb993b2-4831-11e9-a396-077938cb25fe/image/uploads_2F1552770728311-3ezu36u4bzh-9a2110beeae9134997bc2f52261b12fc_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 23 [subtitle] => Life With GDPR: Episode 23- Looking into the 2019 Crystal Ball [summary] =>

    In this episode, I visit with Jonathan Armstrong consider some of his predictions for the rest of 2019. Even if these predictions do not become fully formed, you should consider them in light of your data privacy/data protection policies and protocols. Some of the issues and highlights are: Drones-what are the GDPR implications. The number of data breach notifications under GDPR. Through the end of January there were over 42,000 in the EU alone.Will AI and self-driving cars follow the rules on safe driving standards, or will there be new rules for the road? What will be the effects of data, big data and AI in elections going forward? What will be the fallout from Cambridge Analytica going forward?How will businesses respond to the industrialization of internet crime? What happens when there is a Zero-Day exploit?Cybersecurity insurance. Will standard insurance rules and regulations apply, or will new policy language be drafted for such coverage? For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/1eb993b2-4831-11e9-a396-077938cb25fe/stripped_e4127a503de1171623f4e087395d96e9.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS4736928507.mp3 [size] => 66634186 [duration] => 1665.85 [uid] => ACS4736928507 [originalUrl] => [bitrate] => 320 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/1eb993b2-4831-11e9-a396-077938cb25fe/id3/510c8ea7e25da08cd791532224cd4d26.mp3 [id3FileProcessing] => [id3FileSize] => 33301 [parentId] => [guid] => [pubdateTimezone] => Central Time (US & Canada) [originalFilename] => Episode 23-Predictions for 2019 - 3_13_19, 2.49 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode, I visit with Jonathan Armstrong consider some...
  • Array ( [id] => 68218d58-24d1-11e9-814c-ab8c89ec1cc7 [createdAt] => 2019-01-30T12:55:42.520-08:00 [updatedAt] => 2019-01-30T12:56:39.420-08:00 [title] => Life With GDPR: Episode 22- Morrisons’ and vicarious liability [pubdate] => 2019-02-13T22:00:00.000-08:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/68218d58-24d1-11e9-814c-ab8c89ec1cc7/image/uploads_2F1548881658830-0f9h1uj3znsp-f47ec7ca77724f9c7dd1542c6dcee7e8_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 22 [subtitle] => Episode 22- Morrisons’ and vicarious liability [summary] =>

    In this episode, I visit with Jonathan Armstrong on the recent UK court of appeals decision in the Morrisons’ case. This decision stretched the limits of vicarious liability for a corporation to the absolute breaking point and has significant implications in the broader data privacy-data protection space. Jonathan and I go full lawyer-geek to discuss the legal theories, underlying facts and what it all may mean. Some of the issues and highlights are: The case is instructive for how to do (or perhaps not do) regular business under GDPR on data privacy. If a file is too large to email, it presents a higher data protection risk and must be so managed.Should you do risk assessments on individual employees around data privacy-data protection? How can vicarious liability exist for ultra vires conduct by an employee?How do you properly scope an investigation to ascertain an individual’s mindset?A company must require its vendors to exercise appropriate data protection and control. Will Morrisons apply to the UK Supreme Court for relief? For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/68218d58-24d1-11e9-814c-ab8c89ec1cc7/stripped_5caceef89d0f59d46cf0f30ee9cc24f9.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS2506757095.mp3 [size] => 19294981 [duration] => 1607.92 [uid] => ACS2506757095 [originalUrl] => [bitrate] => 96 [samplerate] => 44100 [channelMode] => mono [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/68218d58-24d1-11e9-814c-ab8c89ec1cc7/id3/0663da39893c27f354b42b7f15a9f868.mp3 [id3FileProcessing] => [id3FileSize] => 33893 [parentId] => [guid] => [pubdateTimezone] => Central Time (US & Canada) [originalFilename] => Episode 22-Morrisons - 1_29_19, 9.19 AM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode, I visit with Jonathan Armstrong on the...
  • Array ( [id] => 8d147c68-24ce-11e9-b45d-c7a8bdc13d2f [createdAt] => 2019-01-30T12:35:16.020-08:00 [updatedAt] => 2019-01-30T12:35:26.629-08:00 [title] => Life With GDPR: Episode 21- Cambridge Analytica Subject Access Case [pubdate] => 2019-01-30T22:00:00.000-08:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/8d147c68-24ce-11e9-b45d-c7a8bdc13d2f/image/uploads_2F1548880467313-6dfxnrhxzmy-a0763211a86061c6f7229f0dcba1f771_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 21 [subtitle] => Cambridge Analytica Subject Access Case [summary] =>

    In this episode I visit with Jonathan Armstrong on the recent fine levied by British regulators against the insolvent institution Cambridge Analytica for violations of the British privacy law which was in place before GDPR went live. The case involved Cambridge Analytica denying aggrieved parties subject access requests and associated rights. Some of the issues and highlights are: The case demonstrates how not to interact with regulators as Cambridge Analytica’s pleadings were unnecessarily demeaning. The settlement with the company left open the possibility of criminal charges against individuals.How wide is the jurisdiction of the ICO? This case tested the limits. Always remember data subjects have rights.What are the key takeaways on the case?A vigorous defense of a civil action can lead to higher regulatory fines. What does a corporate regime change mean for regulatory enforcement? For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/8d147c68-24ce-11e9-b45d-c7a8bdc13d2f/stripped_f2a074a9263ef9ebf4521d4be5b99086.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS4413925118.mp3 [size] => 13320568 [duration] => 1110.05 [uid] => ACS4413925118 [originalUrl] => [bitrate] => 96 [samplerate] => 44100 [channelMode] => mono [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/8d147c68-24ce-11e9-b45d-c7a8bdc13d2f/id3/f6b62ed8decc3296ca3470cf61e02167.mp3 [id3FileProcessing] => [id3FileSize] => 33511 [parentId] => [guid] => [pubdateTimezone] => Central Time (US & Canada) [originalFilename] => Episode 21-Cambridge Analytica - 1_29_19, 8.59 AM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode I visit with Jonathan Armstrong on the...
  • Array ( [id] => ee0bd970-1e80-11e9-89e3-2bb29de304f4 [createdAt] => 2019-01-22T12:04:30.976-08:00 [updatedAt] => 2019-01-22T12:04:54.405-08:00 [title] => Life With GDPR: Episode 20-Google Fined €50 for GDPR Violations [pubdate] => 2019-01-24T22:00:00.000-08:00 [author] => [imageFile] => https://megaphone.imgix.net/podcasts/ee0bd970-1e80-11e9-89e3-2bb29de304f4/image/uploads_2F1548187432724-vzkyl7rbb5-c20a132c1452e9e823f8d5db7787d869_2FLife%2Bafter%2BGDPR-1.0.jpg?ixlib=rails-2.1.2 [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 20 [subtitle] => Episode 20-Google Fined €50 for GDPR Violations [summary] =>

    In this episode I visit with Jonathan Armstrong and André Bywater on the recent fine levied by the French Data Privacy regulator CNIL against Google for violations under GDPR. Some of the highlights are: The case is the first major GDPR fine against a US company.It demonstrates the lack of forum shopping available to US companies which are looking for a softer regulatory approach.How did the regulators investigate, review and assess a fine and penalty so quickly as GDPR only came into effect last May?What were the two basis of legal violations under GDPR?What are the key takeaways on the case?How was the quantum amount determined? Is it reasonable? Will Google appeal to the European Court of Justice?  For a more detailed reading, see the Cordery Client alert, here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/ee0bd970-1e80-11e9-89e3-2bb29de304f4/stripped_62e0a90f0ed06fbaa31624e1b28f212c.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS5236463494.mp3 [size] => 19330403 [duration] => 1610.87 [uid] => ACS5236463494 [originalUrl] => [bitrate] => 96 [samplerate] => 44100 [channelMode] => mono [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/27fd5d8c-d617-11e8-a728-533c66bc2ca3/episodes/ee0bd970-1e80-11e9-89e3-2bb29de304f4/id3/68c859f350b5fdcedf3a483790e59ab9.mp3 [id3FileProcessing] => [id3FileSize] => 33141 [parentId] => [guid] => [pubdateTimezone] => Central Time (US & Canada) [originalFilename] => Episode 20-Google - 1_22_19, 1.47 PM.mp3 [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode I visit with Jonathan Armstrong and André...
  • Array ( [id] => fc7a9a10-d721-11e8-9617-3f0fb9231df5 [createdAt] => 2018-10-01T13:36:13.446-07:00 [updatedAt] => 2018-10-23T17:16:00.639-07:00 [title] => Life With GDPR: Episode 15 [pubdate] => 2018-08-30T09:00:00.000-07:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 15 [subtitle] => The Weaponization of Data Privacy/Protection Laws [summary] =>

    The Administration’s attacks on allies, perhaps former allies and other in the area of trade and sanctions has not occurred in vacuum. Many other countries and groups such as the EU have retaliated with counter-sanctions. One area that the current administration does not seem to have considered too well is EU data privacy and data protection. In this episode of Life with GDPR we explore this issue in the age of trade policy as conflict. 

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/a352b842-c5b9-11e8-ae30-1313de16cef7/stripped_48e1e516830f1d78690e2b317af77a7d.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS6744966345.mp3 [size] => 21400555 [duration] => 891.69 [uid] => ACS6744966345 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_15-Weaponization_of_Data_Protection_Laws_-_8_9_18_4.37_PM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/a352b842-c5b9-11e8-ae30-1313de16cef7/id3/aae17ece50fb4b7bbc669ef98df1e599.mp3 [id3FileProcessing] => [id3FileSize] => 66763 [parentId] => a352b842-c5b9-11e8-ae30-1313de16cef7 [guid] => 197603ed385641e7a0ca150fc6ff0e74 [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • The Administration’s attacks on allies, perhaps former allies and other...
  • Array ( [id] => 11ef4cc4-d722-11e8-8e71-a7e3abb767e8 [createdAt] => 2018-10-01T13:36:24.235-07:00 [updatedAt] => 2018-10-23T17:16:36.539-07:00 [title] => Life with GDPR-Episode 14 [pubdate] => 2018-08-23T09:00:00.000-07:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 14 [subtitle] => The Jehovah's Witness Case and data privacy [summary] =>

    The recent case involving the Jehovah's Witnesses and data privacy in the UK raised some very interesting legal issues. It also demonstrated just how broad the reach of GDPR could be. In this podcast Jonathan Armstrong and I unpack the case, detailing the underlying facts, the Court's rationale behind its decision and conclude with some of the implications for not only corporations but also individuals and data privacy practitioners. 

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/a9c11c28-c5b9-11e8-ae30-4fa9df4664d0/stripped_9c97afb2c50e717ef090232f0101cb9a.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS2110741155.mp3 [size] => 38163644 [duration] => 1590.15 [uid] => ACS2110741155 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_14-Jehovas_Witness_case_-_8_2_18_11.46_AM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/a9c11c28-c5b9-11e8-ae30-4fa9df4664d0/id3/99bfaecb482fa8e4229dc782a9cad2aa.mp3 [id3FileProcessing] => [id3FileSize] => 66743 [parentId] => a9c11c28-c5b9-11e8-ae30-4fa9df4664d0 [guid] => f568d3e4d07548ea9c74a8c9b958c8d5 [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • The recent case involving the Jehovah's Witnesses and data privacy...
  • Array ( [id] => 1fb0326a-d722-11e8-8c0f-8fcee8fb787c [createdAt] => 2018-10-01T13:36:33.808-07:00 [updatedAt] => 2018-10-23T17:16:59.605-07:00 [title] => Life With GDPR: Episode 13 [pubdate] => 2018-08-09T09:00:00.000-07:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 13 [subtitle] => Thoughts, Reflections and Observations at 2 Months [summary] =>

    The General Data Protection Regulation (GDPR) which went live on May 25, 2018. What has happened since then in the data privacy and data protection world? In this episode, Jonathan Armstrong, partner at Cordery Compliance and I explore what is going on publicly and what has been going on behind the scenes as well. Armstrong provides his thoughts, reflections and observations on the activity which have and will impact companies and individuals going forward.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/af75c2cc-c5b9-11e8-ae30-73660d5d186f/stripped_1d04edb1cb9a3f545117ffc4ea3e3e98.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS6687166096.mp3 [size] => 24182282 [duration] => 1007.6 [uid] => ACS6687166096 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_13-GDPR_2_months_in_-_8_2_18_11.22_AM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/af75c2cc-c5b9-11e8-ae30-73660d5d186f/id3/aee69c63cedd27cadae77360c78053ba.mp3 [id3FileProcessing] => [id3FileSize] => 66807 [parentId] => af75c2cc-c5b9-11e8-ae30-73660d5d186f [guid] => c62afe462cf64553a8928dfe45078139 [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • The General Data Protection Regulation (GDPR) which went live on...
  • Array ( [id] => 378d0002-d722-11e8-9617-f39cc67c6998 [createdAt] => 2018-10-01T13:36:47.375-07:00 [updatedAt] => 2018-10-23T17:17:39.647-07:00 [title] => Life After GDPR: Episode 11 [pubdate] => 2018-06-27T16:00:00.000-07:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 11 [subtitle] => Data Transfers after GDPR [summary] =>

    How does a company transfer data from the European Union (EU) to the US under the General Data Protection Regulation (GDPR) which went live on May 25, 2018? I recently had the opportunity to visit Jonathan Armstrong, partner at Cordery Compliance in London and an internationally renowned data privacy/data protection expert on this topic. Armstrong noted there have been some changes which may significantly impact this issue going forward. There are basically four ways to affect such a transfer. 

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/b78c39e6-c5b9-11e8-ae30-135cd229212b/stripped_25602f8f7d0297c66617663894ce788a.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS1163180918.mp3 [size] => 19010664 [duration] => 792.11 [uid] => ACS1163180918 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_11-Data_Transfers_Under_GDPR_-_6_12_18_3.50_PM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/b78c39e6-c5b9-11e8-ae30-135cd229212b/id3/dec579b400b2d1ede97267b126d22a9c.mp3 [id3FileProcessing] => [id3FileSize] => 66835 [parentId] => b78c39e6-c5b9-11e8-ae30-135cd229212b [guid] => 5792dd6398b34e7b988c36ca0ab8df62 [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • How does a company transfer data from the European Union...
  • Array ( [id] => 917895e0-d722-11e8-b89a-1383ea8a6e2d [createdAt] => 2018-10-01T13:36:49.035-07:00 [updatedAt] => 2018-10-23T17:20:10.493-07:00 [title] => Life With GDRP-Epiosde 10 [pubdate] => 2018-06-21T09:00:00.000-07:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 10 [subtitle] => Non-Financial Remedies under GDPR [summary] =>

    While most practitioners focused on the heavy fines and penalties available under GDPR of up to 4% of total global revenues or other very large fines, there are other remedies that each EU and UK data regulator can levy or put into place that may require considerable corporate cost and effort. 

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/b889dbaa-c5b9-11e8-ae30-4f14c2f0962c/stripped_39c1d71392d12b549e8c9cdaa3d1a52c.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS5944059386.mp3 [size] => 21793018 [duration] => 908.04 [uid] => ACS5944059386 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_10-Non-Financial_Remedies_-_6_12_18_11.41_AM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/b889dbaa-c5b9-11e8-ae30-4f14c2f0962c/id3/acc45e1ccfcefb25aeb611a1a523f9a1.mp3 [id3FileProcessing] => [id3FileSize] => 66437 [parentId] => b889dbaa-c5b9-11e8-ae30-4f14c2f0962c [guid] => 392a5552a7484c7b87bb51d4ddca017c [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • While most practitioners focused on the heavy fines and penalties...
  • Array ( [id] => b03e190a-d722-11e8-a498-13b819bab028 [createdAt] => 2018-10-04T13:02:42.281-07:00 [updatedAt] => 2018-10-23T17:21:02.151-07:00 [title] => Countdown to GDPR: Episode 7 [pubdate] => 2018-05-17T09:00:00.000-07:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 7 [subtitle] => Data Security and Data Breaches [summary] =>

    In this episode, Jonathan Armstrong and I discuss the backbone of the new General Data Protection Regulation (GDPR), which is data protection and the ancillary topic of responding to data breaches. 

    [audioFile] => [downloadUrl] => http://traffic.megaphone.fm/ACS7642223003.mp3 [size] => 0 [duration] => 0.0 [uid] => ACS7642223003 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_7-Data_Security_and_data_breach_response_-_5_15_18_11.05_AM.m4a?dest-id=362679 [bitrate] => [samplerate] => [channelMode] => [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/73d0934c-c810-11e8-be13-7f16b311f0f5/id3/3b17d98ece138664f13c7a9055321959.mp3 [id3FileProcessing] => [id3FileSize] => 66249 [parentId] => 73d0934c-c810-11e8-be13-7f16b311f0f5 [guid] => 0b6a4f6d6078bb07b608d6cbb5ab8ff9 [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode, Jonathan Armstrong and I discuss the backbone...
  • Array ( [id] => 9f828df8-d722-11e8-b802-e372ab3ce9ce [createdAt] => 2018-10-04T13:02:55.509-07:00 [updatedAt] => 2018-10-23T17:20:34.062-07:00 [title] => Countdown to GDPR-Episode 6 [pubdate] => 2018-04-26T09:00:00.000-07:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 6 [subtitle] => GDPR for Communication Professionals [summary] =>

    In this episode of Countdown to GDPR, Jonathan Armstrong and myself are interviewed by Laura Petrolino, the Chief Client Officer at Arment Dietrich, Inc. on the applicability of GDPR to the professional communications industry. It was a fascinating way to discuss some of the key points of GDPR in the context of one industry/profession. 

    [audioFile] => [downloadUrl] => http://traffic.megaphone.fm/ACS8921451999.mp3 [size] => 0 [duration] => 0.0 [uid] => ACS8921451999 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_6_-_4_23_18_9.44_AM.m4a?dest-id=362679 [bitrate] => [samplerate] => [channelMode] => [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/7bb2e416-c810-11e8-be13-e7caf3ef5d8c/id3/d6527c018dfb77dd2e26e8e6f0351aff.mp3 [id3FileProcessing] => [id3FileSize] => 66533 [parentId] => 7bb2e416-c810-11e8-be13-e7caf3ef5d8c [guid] => 5f0a063eae5f9ad9d4d2d7164955051b [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode of Countdown to GDPR, Jonathan Armstrong and...
  • Array ( [id] => 83a22dbe-d722-11e8-94ef-ebd52ebaced5 [createdAt] => 2018-10-04T13:02:59.705-07:00 [updatedAt] => 2018-10-23T17:19:47.286-07:00 [title] => Countdown to GDPR-Episode 5 [pubdate] => 2018-04-12T09:00:00.000-07:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 5 [subtitle] => Vendors in GDPR Compliance [summary] =>

    In this episode of Countdown to GDPR, Jonathan Armstrong, a partner at Cordery Compliance in London and I consider the roles of vendors in GDPR. These roles are both in complying with GDPR and substantively following the regulation itself. The first area is a vendor which is a subject matter expert in the areas of data protection and data privacy. The second is in managing vendor risk under GDPR. 

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/7e33316e-c810-11e8-be13-437724c2349c/stripped_e32107df2c918111481dd2f310a9d4c7.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS8430462817.mp3 [size] => 19107213 [duration] => 796.13 [uid] => ACS8430462817 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_5-the_Role_of_Vendors_-_4_11_18_4.01_PM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/7e33316e-c810-11e8-be13-437724c2349c/id3/b6a2aa6943e3adbfd52d09e2504bc478.mp3 [id3FileProcessing] => [id3FileSize] => 66637 [parentId] => 7e33316e-c810-11e8-be13-437724c2349c [guid] => fc05ff7d913c3d10060783096ca1fdb7 [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode of Countdown to GDPR, Jonathan Armstrong, a...
  • Array ( [id] => 7a5d4c20-d722-11e8-bddd-4f6695cf4698 [createdAt] => 2018-10-04T13:03:05.773-07:00 [updatedAt] => 2018-10-23T17:19:31.732-07:00 [title] => Countdown to GDPR-Episode 4 [pubdate] => 2018-03-29T09:00:00.000-07:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 4 [subtitle] => Data Protection Impact Assessments [summary] =>

    In this episode, we take up a key element in the upcoming General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018, that being the issue of the Data Protection Impact Assessment.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/81d1123c-c810-11e8-be13-23e48d5c9183/stripped_4e391a1cb0e3eab2d60fc2b3468bf3ad.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS9793220583.mp3 [size] => 17173733 [duration] => 715.57 [uid] => ACS9793220583 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_4-DPIAs_-_3_28_18_12.42_PM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/81d1123c-c810-11e8-be13-23e48d5c9183/id3/b2a5fd6f9731d9212c0c0e15b343001d.mp3 [id3FileProcessing] => [id3FileSize] => 66261 [parentId] => 81d1123c-c810-11e8-be13-23e48d5c9183 [guid] => 0a629d2d5ded0002667e73d1ae7df60d [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode, we take up a key element in...
  • Array ( [id] => 7075363c-d722-11e8-ae93-972b9e762d45 [createdAt] => 2018-10-04T13:03:12.570-07:00 [updatedAt] => 2018-10-23T17:19:15.133-07:00 [title] => Countdown to GDPR-Episode 3 [pubdate] => 2018-03-07T09:00:00.000-08:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 3 [subtitle] => Policies and Procedures [summary] =>

    In this episode we explore the basic policies and procedures that you need to have in place to comply with the General Data Protection Regulation or GDPR.

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/85de21b2-c810-11e8-be13-73ba26b44334/stripped_2a72b03228f06966cdedcf3b951f2bc1.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS9937510312.mp3 [size] => 21115298 [duration] => 879.8 [uid] => ACS9937510312 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_3-Policies_and_Procedures_-_3_4_18_11.26_AM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/85de21b2-c810-11e8-be13-73ba26b44334/id3/5632dc9be3b7b668085d71d8391ed6ef.mp3 [id3FileProcessing] => [id3FileSize] => 66139 [parentId] => 85de21b2-c810-11e8-be13-73ba26b44334 [guid] => 553d12a448b4a3df608fbe8c89930737 [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In this episode we explore the basic policies and procedures...
  • Array ( [id] => 637c2e36-d722-11e8-94ef-0b5a7f0f20c5 [createdAt] => 2018-10-04T13:03:14.935-07:00 [updatedAt] => 2018-10-23T17:18:53.356-07:00 [title] => Countdown to GDPR-Episode 2 [pubdate] => 2018-02-28T09:00:00.000-08:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 2 [subtitle] => The Role of a Data Protection Officer [summary] =>

    In today’s episode of Countdown to General Data Protection Regulation (GDRP), Jonathan Armstrong, a partner at Cordery Compliance Ltd in London, and myself consider the role of the Data Protection Officer (DPO) in complying with the new regulations which go live on May 25, 2018. 

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/874718c4-c810-11e8-be13-43bb63eba0d1/stripped_c0b693d3675e807bf3e10b62763a2f83.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS8336028406.mp3 [size] => 18440150 [duration] => 768.34 [uid] => ACS8336028406 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_2-DPO_-_2_28_18_5.51_AM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/874718c4-c810-11e8-be13-43bb63eba0d1/id3/794c4ebd67ff7eefba5b24989da72748.mp3 [id3FileProcessing] => [id3FileSize] => 66419 [parentId] => 874718c4-c810-11e8-be13-43bb63eba0d1 [guid] => 8ecf61d398d3094d1171609d16a42d93 [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • In today’s episode of Countdown to General Data Protection Regulation...
  • Array ( [id] => 591ea180-d722-11e8-ad86-33b6c8781a22 [createdAt] => 2018-10-04T13:03:18.550-07:00 [updatedAt] => 2018-10-23T17:18:35.973-07:00 [title] => Countdown to GDPR-Episode 1 [pubdate] => 2018-02-20T09:00:00.000-08:00 [author] => [imageFile] => [explicit] => [episodeType] => full [seasonNumber] => [episodeNumber] => 1 [subtitle] => Introduction to GDPR [summary] =>

    Whether you are ready or not, the EU General Data Protection Regulation (GDPR) goes live on May 25, 2018. It will impact companies doing business in London as much as any other EU legislation. To help US companies prepare, Jonathan Armstrong and myself have started a countdown to GDPR podcast. In this premier episode we discuss what is GDPR and why it is so important that you begin preparing now. 

    [audioFile] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/896eb44a-c810-11e8-be13-bbc2f79414ec/stripped_e09ac67b705993b03b3293b130afb3a9.mp3 [downloadUrl] => http://traffic.megaphone.fm/ACS2170111009.mp3 [size] => 22611800 [duration] => 942.16 [uid] => ACS2170111009 [originalUrl] => https://traffic.libsyn.com/secure/fcpacompliancereport/Episode_1_-_2_19_18_2.39_PM.mp3?dest-id=362679 [bitrate] => 192 [samplerate] => 44100 [channelMode] => stereo [vbr] => [audioFileProcessing] => [podcastId] => 27fd5d8c-d617-11e8-a728-533c66bc2ca3 [preCount] => 1 [postCount] => 1 [insertionPoints] => Array ( ) [id3File] => https://megaphone-prod.s3.amazonaws.com/podcasts/94b64056-c5b9-11e8-a148-137a19d11967/episodes/896eb44a-c810-11e8-be13-bbc2f79414ec/id3/05b8c870e325b528baa9d626fa367c7d.mp3 [id3FileProcessing] => [id3FileSize] => 66625 [parentId] => 896eb44a-c810-11e8-be13-bbc2f79414ec [guid] => dce8fad3d693271f3adc732985f905a9 [pubdateTimezone] => Pacific Time (US & Canada) [originalFilename] => [preOffset] => 0.0 [postOffset] => 0.0 [spotifyIdentifier] => [expectedAdhash] => [audioFileUpdatedAt] => [draft] => [externalId] => [customFields] => )
  • Whether you are ready or not, the EU General Data...

Life with GDPR

Tom Fox

Independent Consultant

Thomas Fox has practiced law in Houston for 30 years. He is an Independent Consultant, assisting companies with anti-corruption and anti-bribery compliance and international transaction issues. He specializes in bring business solutions to compliance problems. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously division counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division.

Tom is the author of the award winning FCPA Compliance and Ethics Blog and the international best-selling book “Lessons Learned on Compliance and Ethics”. He is the author of the seminal text on the ‘Nuts and Bolts’ of anti-corruption compliance, Doing Compliance which was published in October 2015 by Compliance Week. Tom writes and comments frequently on issues related to compliance and ethics. In addition to his daily blog and bi-weekly podcast, he is a monthly columnist and weekly blogger for Compliance Week; a monthly columnist and frequent contributor to the SCCE Magazine and a Contributing Editor to the FCPA Blog. He is a well-known and frequent speaker on issues related to compliance and ethics, the use of social media in compliance and corporate leadership. He is founder of the Compliance Podcast Network.
Share This