Skip to main content
CLOSE

Charities

Close

Corporate and Commercial

Close

Employment and Immigration

Close

Environmental, Social, and Corporate Governance

Close

Fraud and Investigations

Close

Individuals

Close

Litigation

Close

Planning, Infrastructure and Regeneration

Close

Public Law

Close

Real Estate

Close

Restructuring and Insolvency

Close

Energy

Close

Entrepreneurs

Close

Private Wealth

Close

Real Estate

Close

Tech and Innovation

Close

Transport and Infrastructure

Close
Home / News and Insights / Insights / GDPR Advent Calendar (Door 1)

I’m not ashamed to admit that I am busy counting down the days at the moment. Having spent a lot of this year feeling like I was one of the few people getting excited about it, it now feels like it’s suddenly everywhere. And before much longer there will be that glorious morning when I wake up, eyes aglow, to see what the world looks like blanketed under a wonderful canopy of new data privacy legislation.

Still, that’s not until next May, and in the meantime there’s Christmas to get past so that we can start focusing again on the exciting stuff like Article 29 Working Party guidance, and the next Commons stage of the UK Data Protection Bill.

So, to help the time pass, I have prepared a series of posts which I am going to be putting out on a daily basis over the next three and a half weeks. Through these I am going to use what I must stress is an entirely imaginary case study to pick up on a number of the data privacy issues that I have been asked about this year and flagging up some of the ways in which we really will be operating in a new regulatory landscape from the middle of next year.

So, without further ado – let’s open Door 1:

I have a client, let’s call him Nick. He operates a large business, employing many thousands of staff. The business is engaged year round in toy manufacturing, but also has a business critical logistics arm which, once a year, becomes the exclusive focus of the business’s activities.

The logistics business is the public-facing part of Nick’s operation. For its success it relies on maintaining extremely accurate records of young people, which necessarily include a range of personal data both about the children themselves (name, age, address) and their activities during the year (which are processed in order to establish levels of naughtiness or niceness). Some years ago, Nick discovered that managing this list was becoming unwieldy and appointed a third party organisation (External Logistics Force, or “ELF”) to process this data on behalf of his organisation.

So, it’s December 1st and Nick has just been informed that an ELF employee has accidentally left a portion of the above records on an unencrypted and publicly accessible cloud server, for several months earlier this year. He has been told by ELF that they have just discovered this and are working to investigate and shut down the breach, but urgently needs to know what he should do next.

Come back tomorrow to find out about our first steps to assist him in those first critical 24 hours…

Related Articles

Our Offices

London
One Bartholomew Close
London
EC1A 7BL

Cambridge
50/60 Station Road
Cambridge
CB1 2JH

Reading
The Anchorage, 34 Bridge Street
Reading RG1 2LU

Southampton
4 Grosvenor Square
Southampton SO15 2BE

 

Reading
The Anchorage, 34 Bridge Street
Reading RG1 2LU

Southampton
4 Grosvenor Square
Southampton SO15 2BE

  • Lexcel
  • CYBER ESSENTIALS PLUS

© BDB Pitmans 2024. One Bartholomew Close, London EC1A 7BL - T +44 (0)345 222 9222

Our Services

Charities chevron
Corporate and Commercial chevron
Employment and Immigration chevron
Environmental, Social, and Corporate Governance chevron
Fraud and Investigations chevron
Individuals chevron
Litigation chevron
Planning, Infrastructure and Regeneration chevron
Public Law chevron
Real Estate chevron
Restructuring and Insolvency chevron

Sectors and Groups

Private Wealth chevron
Real Estate chevron
Transport and Infrastructure chevron