With the GDPR and the legal situation we have regarding data protection within the EU, we often talk about how difficult, if not impossible, it is to use some of the world's largest cloud services. The recent dilemma of the invalidation of the important, legal, mechanism - Privacy Shield - makes it all the more difficult.
But what if one refuses to believe that there are any good alternatives? What if one firmly believes that the digital transformation can not be carried out with any other provider?
Well, then one should probably, first and foremost, realise how much one is depending on one single supplier and think about how healthy that might be. First and far most from a business continuity perspective but also when it comes to ones' data subjects' personal integrity.
But let's not be so negative all the time. We have really given this some thought and here are some tips for European companies who wants to, or just needs to, keep using Microsoft 365.
Today, we highlight one of the first, really big, cases of class action lawsuits brought against Oracle and Salesforce with the support of the GDPR. We're talking about ridiculous amounts of money and it will of course be extremely exciting to follow the development in both cases.
We recently read a Swedish debate article written by the President of a Swedish interest group for IT and telecom companies, and feel the need to put our foot down on what exactly inhibits the digital transformation in our public sector. Spoiler: Contrary to what the article is trying to portray, it is not our laws and regulations - which in turn prevents from using American hyper scalers, that is the culprit.
Today we're talking about the case of the Finnish psychotherapy company Vastaamo who got hacked. When the scandal was made public a few days ago, it also emerged that individual patients have been blackmailed and that patient records are now being spread on the darknet. We also discuss a question that we received from one of our listeneres, about the right to review sub-contractors.
"But does it ever happen in real life or is it just something that lawyers in their ivory towers think is going to happen?"
Today we're discussing a recent case in which the clothing retail company H&M has been fined €35 million for violations against GDPR in Germany. We also discuss risk assessments and why it's necessary to start looking beyond GDPR and towards other laws and ethics that puts personal integrity at risk.
The deadline for the Brexit transition period is currently December 31, 2020. With current news evolving around the pandemic and other large events, it is easy to forget what's about to happen. In this episode we want to remind you all that Brexit is well underway and what it will mean for data transfers to the UK, with the current legislation in the EU and the UK.
Today we're discussing the value of investing in your coworkers' identity. As usual, this is of course tied to information security and you will learn how.
We also have a cliffhanger bout Brexit and a statement by the EU about data transfers to the UK.
Today we're talking about data transfers to a third country with a focus on the U.S. due to the fall of Privacy Shield.
The Swedish Data Protection Agency has produced an excellent guide on the matter and today we're covering it thoroughly.
With the fall of Privacy Shield, everything regarding global digitalisation has turned upside down. Are we allowed to transfer, process and make data available to the U.S. Which legal mechanisms can you use to do so? What are Standard Contractual Clauses? We will of course not cover all of this in one go but rest assured that we'll come back to this subject in future episodes.
"The Old Directive" as mentioned by Kim
Transfer of data to a third country
Today we're discussing group culture, specifically how a Blame, Complain, and Defend-culture impacts information security. If you are one of those who thinks that information security is all about technical measures - tune in to this and listen to a different opinion.
On July 16, the Court of Justice of the European Union invalidated Privacy Shield as a mechanism for legal data transfers between the EU and the US. In this episode we're discussing this important ruling and a FAQ that the European Data Protection Board has compiled for stakeholders that are transferring personal data to cloud services such as Microsoft 365, Amazon AWS, Azure and Google G Suite.
Video: Max Schrems at the Hearing of the European Parliament on EU-US Data Transfers (26:30)
European Data Protection Board publishes FAQ document on CJEU judgment
The biggest challenge in information security is the human factor. This is why it is equally important to stay mentally active as it is physically.
Join us for some discussions about sudden changes, leadership and mental training.
"People will always find a way to mess up both your tech and your procedures. So [information security] comes down to people."
Join us as we discuss the different stages of group development and how group dynamics is tied to information security.
After four years of teaching and discussing information security, regulatory compliance, and many other topics in Swedish, it is now time for us to reach out to a broader audience. Welcome to The [InfoSec] Stack where we will do our best to teach and discuss information security, regulatory compliance and many other topics.