Today we're discussing a recent case in which the clothing retail company H&M has been fined €35 million for violations against GDPR in Germany. We also discuss risk assessments and why it's necessary to start looking beyond GDPR and towards other laws and ethics that puts personal integrity at risk.
The deadline for the Brexit transition period is currently December 31, 2020. With current news evolving around the pandemic and other large events, it is easy to forget what's about to happen. In this episode we want to remind you all that Brexit is well underway and what it will mean for data transfers to the UK, with the current legislation in the EU and the UK.
Today we're discussing the value of investing in your coworkers' identity. As usual, this is of course tied to information security and you will learn how.
We also have a cliffhanger bout Brexit and a statement by the EU about data transfers to the UK.
Today we're talking about data transfers to a third country with a focus on the U.S. due to the fall of Privacy Shield.
The Swedish Data Protection Agency has produced an excellent guide on the matter and today we're covering it thoroughly.
With the fall of Privacy Shield, everything regarding global digitalisation has turned upside down. Are we allowed to transfer, process and make data available to the U.S. Which legal mechanisms can you use to do so? What are Standard Contractual Clauses? We will of course not cover all of this in one go but rest assured that we'll come back to this subject in future episodes.
"The Old Directive" as mentioned by Kim
Transfer of data to a third country
Today we're discussing group culture, specifically how a Blame, Complain, and Defend-culture impacts information security. If you are one of those who thinks that information security is all about technical measures - tune in to this and listen to a different opinion.
On July 16, the Court of Justice of the European Union invalidated Privacy Shield as a mechanism for legal data transfers between the EU and the US. In this episode we're discussing this important ruling and a FAQ that the European Data Protection Board has compiled for stakeholders that are transferring personal data to cloud services such as Microsoft 365, Amazon AWS, Azure and Google G Suite.
Video: Max Schrems at the Hearing of the European Parliament on EU-US Data Transfers (26:30)
European Data Protection Board publishes FAQ document on CJEU judgment
The biggest challenge in information security is the human factor. This is why it is equally important to stay mentally active as it is physically.
Join us for some discussions about sudden changes, leadership and mental training.
"People will always find a way to mess up both your tech and your procedures. So [information security] comes down to people."
Join us as we discuss the different stages of group development and how group dynamics is tied to information security.
After four years of teaching and discussing information security, regulatory compliance, and many other topics in Swedish, it is now time for us to reach out to a broader audience. Welcome to The [InfoSec] Stack where we will do our best to teach and discuss information security, regulatory compliance and many other topics.