GDPRtopics

11 July 2017 at 10:46am

GDPR: Web forms and consent

Andrew Cormack
Data Protection Regulation
GDPRtopics
Looking at yet another of those web registration forms that seems to collect more data than required, it occurred to me that there might be quite a neat way to meet the General Data Protection Regulation's requirements for positive, recorded consent.
Read more
5 July 2017 at 9:59am

Article 29 WP on Workplace Monitoring

Andrew Cormack
Data Protection Regulation
GDPRtopics
GDPRprocess
Monitoring
The Article 29 Working Party has produced new guidance on data processing in the workplace, to account for the very significant changes that have occurred since their previous guidance in 2001. Although the focus is on "employee monitoring", it is likely to be relevant to other situations where an organisation has significant power over those who use its premises and equipment. The guidance considers the requirements under both the Data Protection Directive and, from next year, the GDPR.
Read more
14 June 2017 at 11:30am

GDPR: Attendance Monitoring

Andrew Cormack
Data Protection Regulation
GDPRtopics
A question recently arose about monitoring students' attendance at lectures and tutorials, and how this fitted into data protection law. Since the main purpose of such monitoring seems to be to identify and assist students who don't attend, and whose presence is therefore not recorded or processed, there seem to be a number of both practical and legal issues to think about.
Read more
27 April 2017 at 2:42pm

ICO request for feedback on profiling under the GDPR

Andrew Cormack
Data Protection Regulation
GDPRtopics
Learning Analytics
We've just responded to the ICO's request for feedback on Profiling under the General Data Protection Regulation.
Read more
5 May 2017 at 8:48am

GDPR: Alumni processes

Andrew Cormack
Data Protection Regulation
ePrivacy Regulation
Alumni
GDPRtopics
Most universities maintain databases of alumni, for purposes including keeping them informed about the organisation, offering services and seeking donations. These activities have a lot in common with other charities, so the Information Commissioner's guidance is relevant.
Read more
19 April 2017 at 9:38am

GDPR: Official CSIRTs?

Andrew Cormack
Data Protection Regulation
incident response
GDPRtopics
A couple of organisations have asked me recently whether the General Data Protection Regulation (GDPR) requires them to get some sort of external recognition of their incident response team. Here's why I don't think it does. Recital 49 of the Regulation says:
Read more
19 April 2017 at 9:41am

Consent for Learning Analytics: Practical Guidelines

Andrew Cormack
Learning Analytics
Data Protection Act
Data Protection Regulation
GDPRtopics
Recently I've been doing some work with Niall Sclater on how education organisations might inform students about the use of learning analytics, and when they might seek students' consent. The resulting blog post is at https://analytics.jiscinvolve.org/wp/2017/02/16/consent-for-learning-analytics-some-practical-guidance-for-institutions/
Read more
19 April 2017 at 9:43am

Incident Response and the GDPR

Andrew Cormack
incident response
Data Protection Regulation
GDPRtopics
After (too) many years, I’ve turned the ideas from my original TF-CSIRT documents into a formal academic paper, which has just been published in the open access law journal, SCRIPTed: Andrew Cormack, "Incident Response: Protecting Individual Rights Under the General Data Protection Regulation", (2016) 13:3 SCRIPTed 258 https://script-ed.org/?p=3180
Read more
19 April 2017 at 9:44am

Learning Analytics - an updated model

Andrew Cormack
Learning Analytics
Data Protection Act
Privacy
GDPRtopics
At Jisc's Learning Analytics Network meeting last month I presented an updated version of my suggested legal model for Learning Analytics.
Read more
19 April 2017 at 9:46am

ECJ rules in favour of security and incident response

Andrew Cormack
incident response
Data Protection Regulation
GDPRtopics
The recent European Court case of Breyer v Germany provides welcome support for those who wish to protect the security of on-line services.
Read more
Subscribe to GDPRtopics