*Reassuringly dull cyber security
Advisory Note

National Data Strategy: Blueprint for a new UK data protection regime?

PUBLISHED NOVEMBER 9th 2020:

Recently the government published an updated National Data Strategy. Described by the Digital Secretary as a central part of the government’s wider ambition for a thriving, fast-growing digital sector in the U.K., underpinned by public trust, its professed aim is to “drive the collective vision that will support the UK to build a world-leading data economy”.

Find out what this means for your business with our easy to follow Advisory Notes.

Advisory Note

Data Protection Impact Assessment

PUBLISHED SEPTEMBER 22nd 2020:

A DPIA is a way for you to systematically and comprehensively analyse your processing and help you identify and minimise data protection risks.

Find out what this means for your business with our easy to follow Advisory Notes.

Advisory Note

International cross-border transfers – FAQs

This note aims at presenting answers to some frequently asked questions (FAQs) about international (cross-border) transfers of personal data after the decision of the Court of Justice of the European Union (CJEU) on 16 July 2020. Read more here.

Advisory Note

Real Time Bidding, AdTech & Data Protection

LONDON, MARCH 2nd 2020

Advertisers are competing for available digital advertising space in milliseconds, placing billions of online adverts on webpages and apps in the UK every day by automated means.

Find out about the key data protection issues this causes with our easy to follow Advisory Notes.

Advisory Note

Accessing employee emails

LONDON, FEBRUARY 24th 2020

Organisations often want to access the content of absent or former employees’ mailboxes for business continuity reasons, e.g. when an employee is on long-term leave, has left, or is deceased.

Find out if this interferes with their right to privacy with our easy to follow Advisory Notes.

Advisory Note

Using Biometric Data

LONDON, FEBRUARY 7th 2020

The use of biometric data in an employment context is increasingly common for security reasons and fraud prevention. However, all organisations using or considering using biometric data for these purposes should be aware that the processing of biometric data in accordance with the GDPR can be, and very often is, very challenging and may expose them to significant risks of a data breach.

Understand what it could mean for your business with our simple Advisory Notes.

Advisory Note

Data Protection & Directors Personal Liability

LONDON, JANUARY 27th 2020

It is undeniable that the increasing risk of a data breach or other data protection failure affects practically every business. These increased risks can translate into personal liability for directors in a number of ways. It is therefore imperative that directors of organisations familiarise themselves with the potential liability they face.

Find out what this means for your business with our easy to follow Advisory Notes.

Advisory Note

The California CPA and you

UPDATED JANUARY 14th 2020

On 1st January 2020, the California Consumer Privacy Act (CCPA) came into force.

The CCPA is a new data privacy and consumer protection law designed to give people in California more control over their personal data and ensure that businesses are transparent with their data processing activities.

Find out what this means for your business with our easy to follow Advisory Notes.

Advisory Note

Brexit

UPDATED SEPTEMBER 22nd 2020:

One of the central aims of the GDPR is the facilitation of the free flow of data between all countries in the EEA. In practice this means that, currently, personal data can be transferred between organisations in the UK and the EEA without any specific or additional security measures needing to be put in place.

However, a ‘no-deal’ Brexit will mean the principle of the free flow of personal data will no longer apply and the UK
will be in the same position as virtually any other country outside the EEA.

Find out what this means for your business with our easy to follow Advisory Notes.

Advisory Note

Claims for compensation for data breaches

LONDON, OCTOBER 2nd 2019:

The Court of Appeal’s landmark decision in the case of Lloyd v Google could be summarised as “You breach, you pay”.

Understand what it could mean for your business with our simple Advisory Notes.

Appointing NormCyber as our virtual DPO has given Ferrero the best of both worlds – access to data protection experts who understand what we stand for as a business, without the hefty overheads usually associated with appointing an in-house DPO.

Harpreet Thandi
Regional Counsel, UK & Ireland, Ferrero

We were looking for a virtual DPO service that offered all of the benefits of a fully qualified data protection lawyer, without the overheads of an in-house hire. The DPaaS solution from norm. has been invaluable in helping us to ensure we respect the integrity of our customers’ personal information, while using it to continue to deliver differentiated products and services which support our growing customer base.

Mike Whitfield, Compliance Manager
Marmalade

CSaaS allows me to step away from multi-vendor management as the Security Operations Centre coordinates all of the technology for me.

David Vincent, CTO
Perpetuum

We were in the market for an independent Data Protection Officer service that was well versed with both UK and EU regulators. We’re thrilled to have acquired this service knowing that an expert is available 24/7.

Suzanne McCabe, Head of Project Management
James Hambro & Partners

Norm’s penetration testing layer, along with the suite of CSaaS modules has enabled MA to exceed all its audit requirements for its major clients.

Rob Elisha, ICT and CRM Manager
Montreal Associates

The speed of your Data Protection Officer’s response was very impressive – it was far quicker than I would have expected even from an in-house DPO

Will Blake, Director of Technology and Analytics
CRU Group