no drama.

Reassuringly dull news about cyber security and data protection

News

Sport & cyber security

The NCSC releases new report that reveals 70% of sports institutions in the UK have suffered a cyber attack. Read more here.

Advisory Note

International cross-border transfers – FAQs

This note aims at presenting answers to some frequently asked questions (FAQs) about international (cross-border) transfers of personal data after the decision of the Court of Justice of the European Union (CJEU) on 16 July 2020. Read more here.

News

Government’s test and trace scheme is unlawful

The Department of Health and Social Care (DHSC) has conceded the initiative to trace contacts of people infected with Covid-19 was launched without carrying out a Data Protection Impact Assessment (DPIA) – an assessment of its impact on privacy. Read more here.

News

Record Subject Access Request fine

The Dutch Data Protection Authority (DPA) has fined an organisation, BKR, €830,000 for charging fees and discouraging individuals who wanted to access their personal data. Read more here.

News

The DPC issues €75,000 fine

The DPC (the Irish equivalent of the ICO) has fined ‘Tusla’, Ireland’s child and family agency, €75,000. Read more here.

News

Online advertising, mobile phones and privacy

Apple has just announced that when iOS 14 is launch it will require advertisers (and others, such as app developers) who want access a user’s IDFA (‘ID For Advertisers’) to obtain opt-in consent. Read more here.

Comment

Return to sender

Find out what you need to do if you’ve ever done one of these common email errors by reading this simple guidance from norm’s Data Protection Team.

Webinars

Help! We’ve been breached – now what?

10:00AM BST, THURSDAY 21st MAY 2020

During this webinar we outline the measures all companies should take in order to prepare themselves for a breach. Our experts cover the people, process and data protection elements of responding to a security incident, and how to stop it becoming a crisis.

Webinars

Managing and mitigating cyber risk in uncertain times

10:00AM BST, THURSDAY 7th MAY 2020

Wach Paul Cragg, CTO to find out how your business can reduce the risk and potential consequences of a cyber security breach today. This session will feature valuable tips and practical advice for any organisation that wants to mitigate cyber risk and safeguard core business functions today.

Webinars

A break from the norm: GDPR & Data Protection in the context of Covid-19

10:00AM BST, THURSDAY 23rd APRIL 2020

Can an individual’s right to privacy be waived in the face of the public interest? What obligations – if any – do businesses have to provide public health authorities with information about employees who are self-isolating or have Coronavirus symptoms? Watch this session to find out the answers to these questions and more.

Articles

Speedy, simple and free – Secure home working tips

LONDON, APRIL 2nd 2020

The current Coronavirus pandemic means that many organisations are now enforcing remote working practices for the majority, if not all, of their employees. But what does this mean for your business’ cyber security.

Find out by reading this insightful article written by norm.

Advisory Note

Real Time Bidding, AdTech & Data Protection

LONDON, MARCH 2nd 2020

Advertisers are competing for available digital advertising space in milliseconds, placing billions of online adverts on webpages and apps in the UK every day by automated means.

Find out about the key data protection issues this causes with our easy to follow Advisory Notes.

Advisory Note

Accessing employee emails

LONDON, FEBRUARY 24th 2020

Organisations often want to access the content of absent or former employees’ mailboxes for business continuity reasons, e.g. when an employee is on long-term leave, has left, or is deceased.

Find out if this interferes with their right to privacy with our easy to follow Advisory Notes.

Advisory Note

Using Biometric Data

LONDON, FEBRUARY 7th 2020

The use of biometric data in an employment context is increasingly common for security reasons and fraud prevention. However, all organisations using or considering using biometric data for these purposes should be aware that the processing of biometric data in accordance with the GDPR can be, and very often is, very challenging and may expose them to significant risks of a data breach.

Understand what it could mean for your business with our simple Advisory Notes.

Advisory Note

Data Protection & Directors Personal Liability

LONDON, JANUARY 27th 2020

It is undeniable that the increasing risk of a data breach or other data protection failure affects practically every business. These increased risks can translate into personal liability for directors in a number of ways. It is therefore imperative that directors of organisations familiarise themselves with the potential liability they face.

Find out what this means for your business with our easy to follow Advisory Notes.

Advisory Note

The California CPA and you

UPDATED JANUARY 14th 2020

On 1st January 2020, the California Consumer Privacy Act (CCPA) came into force.

The CCPA is a new data privacy and consumer protection law designed to give people in California more control over their personal data and ensure that businesses are transparent with their data processing activities.

Find out what this means for your business with our easy to follow Advisory Notes.

News

ThinkMarble becomes norm.

LONDON, DECEMBER 10th 2019

ThinkMarble Limited has rebranded as ‘norm’ – offering ‘reassuringly dull Cyber Security’ in a move to demystify the market.

News

One YMCA appoints norm.

LONDON, DECEMBER 10th 2019

Following a rigorous evaluation process One YMCA has selected norm’s specialist Data Protection as a Service solution.

News

The House of Garrard appoints norm.

LONDON, DECEMBER 10th 2019

NormCyber Limited has been appointed specialist Data Protection as a Service (DPaaS) provider to the iconic jewellers Garrard & Co.

Advisory Note

Brexit

UPDATED NOVEMBER 8th 2019:

One of the central aims of the GDPR is the facilitation of the free flow of data between all countries in the EEA.

Leaving the EU on a ‘no-deal’ basis would mean this principle no longer applies and the UK will be in the same position as virtually any other country outside the EEA.

Find out what this means for your business with our easy to follow Advisory Notes.

Advisory Note

Claims for compensation for data breaches

LONDON, OCTOBER 2nd 2019:

The Court of Appeal’s landmark decision in the case of Lloyd v Google could be summarised as “You breach, you pay”.

Understand what it could mean for your business with our simple Advisory Notes.

News

David Perez appointed as new CEO

Thursday 10th October 2019 ThinkMarble Limited is pleased to announce that it is making a leadership change to underpin its exciting growth plans. David Perez has joined the UK based Cyber-Security-as-a-Service (CSaaS) business as CEO and replaces Andy Miles who is the Founder and now former CEO of the business. Andy will remain heavily involved…

Comment

Suprema data breach

The Suprema data breach, in which researchers say they discovered the fingerprints, voice data, facial images, unencrypted usernames and passwords of more than one million people was publicly available, has drawn the condemnation of security experts and data privacy experts. Read what Norm’s Director of Legal Services, Robert Wassall, told Verdict about the possible implications…

Comment

Monzo PIN breach

Read what Norm’s Director of Legal Services, Robert Wassall, told Verdict about the possible implications of the Monzo case.

News

ThinkMarble service available on G-Cloud 11

LONDON, JULY 2nd 2019

ThinkMarble, the world-class, component-level, end-to-end, Cyber Security Operator, today announced its services are now available to public-sector bodies via the latest Crown Commercial Service (CCS) framework, G-Cloud 11.

News

Wright joins ThinkMarble in new Operations role

LONDON, UK – Monday 21st January 2019Think Marble is pleased to announce that, as part of its growth strategy, it has appointed Demyon Wright to the new role of Operations Director within the business. Demyon joins ThinkMarble with nearly 15 years of experience as a Head of Service Management in the industry and an impressive…

I’m thrilled to have signed off on the CSaaS offering.  I’m looking forward to having the most complete cyber security package for the mid-market and continuing our successful working relationship with norm.

Richard Taylor, CIO
Summit Therapeutics

CSaaS allows me to step away from multi-vendor management as the Security Operations Centre coordinates all of the technology for me.

David Vincent, CTO
Perpetuum

The biggest factor was that they had a data protection lawyer in-house who worked for them, which meant there was someone we could directly go to with specific questions about the (GDPR) regulation.

Phil Everitt, Management Information Systems Manager
Leicester Tigers

We were in the market for an independent Data Protection Officer service that was well versed with both UK and EU regulators. We’re thrilled to have acquired this service knowing that an expert is available 24/7.

Suzanne McCabe, Head of Project Management
James Hambro & Partners

Norm’s penetration testing layer, along with the suite of CSaaS modules has enabled MA to exceed all its audit requirements for its major clients.

Rob Elisha, ICT and CRM Manager
Montreal Associates

The speed of your Data Protection Officer’s response was very impressive – it was far quicker than I would have expected even from an in-house DPO

Will Blake, Director of Technology and Analytics
CRU Group