<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link rel="alternate" hreflang="en-GB"
                       href="https://www.itpro.com/uk/feeds/tag/data-protection"
                       type="application/rss+xml"/>
                            <title><![CDATA[ Latest from ITPro UK in Data-protection ]]></title>
                <link>https://www.itpro.com/uk/security/data-protection</link>
        <description><![CDATA[ All the latest data-protection content from the ITPro  UK team ]]></description>
                                    <lastBuildDate>Tue, 16 Jun 2026 07:00:00 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ The growing channel opportunity around data sovereignty ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/the-growing-channel-opportunity-around-data-sovereignty</link>
                                                                            <description>
                            <![CDATA[ Why partners have an important role in ensuring client data sovereignty ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nrmAywndMVEGVuCYfJdLN4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/p6SHUCH4Cp9Ao9UbtkVNMK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 16 Jun 2026 07:00:00 +0000</pubDate>                                                                                                                                <updated>Wed, 17 Jun 2026 09:23:42 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ David Byrnes ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/xZV6mT45DzcQWUX3oK2x5K.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/p6SHUCH4Cp9Ao9UbtkVNMK-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Digital transformation concept image showing human hand touching digital interface with glowing data points.]]></media:description>                                                            <media:text><![CDATA[Digital transformation concept image showing human hand touching digital interface with glowing data points.]]></media:text>
                                <media:title type="plain"><![CDATA[Digital transformation concept image showing human hand touching digital interface with glowing data points.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/p6SHUCH4Cp9Ao9UbtkVNMK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Research shows that a third of organizations experienced a data sovereignty incident last year. It is not a case of blind ignorance, though. Indeed, our own <a href="https://www.kiteworks.com/sites/default/files/resources/kiteworks-report-2026-data-sovereignty-compliance-incidents.pdf"><u>Data Sovereignty Report</u></a> found that 44% of respondents describe themselves as “very well informed” about data sovereignty requirements. </p><p>Businesses know the rules. Yet, one in three of them got hit by a sovereignty incident anyway. That gap is the single biggest commercial opportunity in the UK channel right now. It’s getting worse, and the businesses that need help the most are the ones least equipped.</p><h2 id="why-does-this-matter">Why does this matter?</h2><p>Customers don’t buy sovereignty from a vendor slide deck. They buy it from a trusted partner that maps their data flows, identifies where the architecture can’t enforce the policy promises, and builds a remediation plan that passes the audit. </p><p>Over four-in-ten (44%) businesses flag concerns about whether their cloud providers can genuinely guarantee sovereignty. Those concerns are well-founded, but the question most customers are asking is the wrong one. It shouldn’t be “where is my data stored? </p><p>Ring-fencing data by geography is neither new nor technically difficult. What is far harder, and most customers have never genuinely confronted, is the question of legal jurisdiction. </p><p>Consider the architecture that many on these shores believe is sovereign. A major US cloud provider may operate a German-based subsidiary, staffed by EU nationals, marketed explicitly as a sovereign offering. But the parent company remains subject to US law, and no subsidiary structure changes that. A lawful US warrant, a trade embargo, or an executive order doesn’t stop at the border of a local data centre. </p><p>Plus, events that would have seemed far-fetched a few years ago (sweeping trade disputes, unilateral policy shifts, foreign data access demands) are no longer theoretical. They are the operating environment of today. And if any of those scenarios materialise, clients and MSPs relying on a geo-residency promise could face real, material exposure. </p><h2 id="target-the-mid-market">Target the mid-market</h2><p>It is the mid-market where the real urgency lives. Sovereignty maturity generally scales with organization size. Among companies with over 20,000 employees, roughly 45% spend above £5 million annually. At the other end, organizations with 500 to 999 employees sit at just 19% in high-tier spending. </p><p>Large enterprises often have internal sovereignty teams and dedicated compliance architects. Mid-market organizations, however, have the same regulatory obligations and enforcement exposure, yet only a fraction of the resources. They are the ones that need a partner who can deliver sovereign infrastructure without requiring them to hire a team of specialists to run it. </p><p>And time is ticking. GDPR fines now exceed €5.6 billion, and the EU AI Act introduces penalties up to €35 million or 7% of worldwide turnover. For a UK business operating in Europe post-Brexit, the regulatory surface area has never been larger.</p><h2 id="four-questions-to-consider">Four questions to consider...</h2><p>These are the key questions you need to get your customers asking themselves. </p><ul><li><strong>Which legal jurisdiction ultimately governs our data?</strong> A cloud provider can locate a data centre here and market it as a sovereign offering. But they are still subject to the laws of the country where the parent company is headquartered. If a lawful warrant, a trade dispute, or a government access demand lands on that parent company, the local subsidiary’s address offers limited protection. Jurisdiction follows the entity, not the building.</li><li><strong>Who controls the encryption keys?</strong> If the provider retains the ability to decrypt customer data, the customer doesn’t have sovereignty. They have a residency promise with a legal back door. Sole encryption key ownership, retained within the customer’s environment, is the line between sovereignty that holds and sovereignty that folds under a government access request.</li><li><strong>Where is data processed, not just stored?</strong> Cloud platforms can store data here in the UK, yet process it abroad without the customer knowing. For regulated industries, that invisible border crossing is a compliance violation waiting to happen.</li><li><strong>Can you prove it?</strong> Regulators and procurement teams no longer accept “we believe we’re compliant.” They want immutable audit trails, residency logs, and compliance documentation produced on demand. That’s the shift from stated compliance to provable control.</li></ul><p>Channel partners should look at this as an architecture engagement. Map the data flows. Deploy a platform that enforces residency at the infrastructure level, retains key custody in-jurisdiction, and generates audit evidence. That’s a services-rich, high-value, recurring-revenue conversation. Plus, it renews, because sovereignty isn’t a project. It’s a permanent operating condition.</p><h2 id="the-conversation-to-have">The conversation to have </h2><p>Partners winning the sovereignty conversation are the ones leading with the jurisdiction question, targeting the mid-market, and building sovereignty practices that go beyond the data map. </p><p>The data doesn’t lie. What separates the firms that avoided incidents from those that did is operational depth. Architecture, controls, and evidence. </p><p>However, what will separate the channel partners that will win in the future will be something more foundational. It’s all about the willingness to have the conversations that the vendors won’t. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The sovereignty gap: why MSPs must rethink recovery in the SaaS era ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/the-sovereignty-gap-why-msps-must-rethink-recovery-in-the-saas-era</link>
                                                                            <description>
                            <![CDATA[ SaaS growth exposes sovereignty gap, forcing MSPs to rethink recovery ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">wR55Bm2WZsh9CLHDYQnFw3</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/EUpDF4vK4HDQ9BNPsEv8qZ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 07 May 2026 07:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Alex Walsh ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/QFhmUmMHGDbk8LUZkyFgo6.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/EUpDF4vK4HDQ9BNPsEv8qZ-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cloud symbol sitting on top of storage pods with data flows linking each individual pod together.]]></media:description>                                                            <media:text><![CDATA[Cloud symbol sitting on top of storage pods with data flows linking each individual pod together.]]></media:text>
                                <media:title type="plain"><![CDATA[Cloud symbol sitting on top of storage pods with data flows linking each individual pod together.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/EUpDF4vK4HDQ9BNPsEv8qZ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As the <a href="https://www.itpro.com/business/policy-and-legislation/what-dora-means-for-business"><u>Digital Operational Resilience Act (DORA)</u></a> and the <a href="https://www.itpro.com/business/policy-and-legislation/nis2-why-are-firms-struggling-to-comply"><u>Network and Information Systems Directive 2 (NIS2)</u></a> reshape Europe’s regulatory landscape, data sovereignty is no longer a legal abstraction - it is becoming a practical and operational responsibility for Managed Service Providers (MSPs).</p><p>Customers are no longer asking where their data is stored. Instead, they are asking who controls it, how quickly it can be recovered, and whether that recovery will stand up to regulatory scrutiny.</p><p>These questions are landing directly with service providers managing SaaS applications, backup, and critical data environments. Sovereignty is no longer a compliance checkbox; it needs to be a core part of the service MSPs are expected to deliver.</p><h2 id="from-infrastructure-management-to-data-custodianship">From infrastructure management to data custodianship</h2><p>For many organizations, MSPs now sit at the center of the data protection strategy. They manage SaaS environments, oversee backup, and ensure continuity in the event of disruption. This shifts their role significantly, meaning MSPs are no longer just operators of infrastructure; they are custodians of data control.</p><p>The challenge is that sovereignty is still often framed as a question of jurisdiction. However, in reality, it is operational. It depends on whether data can be accessed, controlled, and recovered when systems fail or access is lost.</p><h2 id="from-uptime-and-capacity-to-resilience">From uptime and capacity to resilience</h2><p>Historically, MSP offerings have been built around availability, performance, and cost efficiency. Uptime and capacity defined value, and backup was often treated as a background function.</p><p>That model is changing.</p><p>Regulation and customer expectations are driving a move toward demonstrable resilience. It is no longer enough to say data is protected - MSPs must prove that it can be recovered, within defined timeframes, and under real-world conditions.</p><p>Operational data reinforces this shift. We recently published the <em>Keepit Annual Data Report 2026, </em>which shows that:</p><ul><li>Some 90% of restore actions are single-file recoveries, reflecting how frequently real-world data loss occurs</li><li>Most restore activity happens during working hours, highlighting that recovery is an everyday operational need, not a rare event</li></ul><p>Resilience is not theoretical; it is tested daily in small but critical ways, and MSPs are increasingly expected to support that reality.</p><h2 id="the-hidden-dependency-risk-in-saas">The hidden dependency risk in SaaS</h2><p>The widespread adoption of SaaS has made recovery more complex.</p><p>Most organizations rely on multiple SaaS platforms to run critical parts of their business, often assuming those platforms provide comprehensive data protection. In reality, responsibility is shared.</p><p>SaaS providers ensure availability, but long-term data protection and recoverability often sit elsewhere. For MSPs, this introduces a dependency risk that is not always visible to customers.</p><p>If access to a SaaS platform is disrupted, whether by cyber incident, misconfiguration, or outage, recovery may be constrained by the platform itself. This creates the sovereignty gap: the difference between having data stored somewhere and having meaningful control over it when it matters most.</p><h2 id="a-maturity-gap-and-an-opportunity-to-guide-readiness">A maturity gap and an opportunity to guide readiness</h2><p>Restore behavior scales with organization size, according to our research. Indeed, 28% of SMBs restore regularly, versus 91% of commercial and 95% of enterprise organizations. </p><p>This is often a natural outcome of resourcing - larger firms have more dedicated IT capacity, while SMBs may treat restores as an “as-needed” task. Even major outage events didn’t produce a measurable increase in restore testing, showing that awareness alone doesn’t create routine readiness. </p><p>That’s where MSPs and vendors can make the difference: lightweight, guided recovery checks that build confidence quickly and raise maturity over time - supported by assistance that helps admins take the right steps when it matters.</p><h2 id="designing-services-for-sovereignty">Designing services for sovereignty</h2><p>Closing the sovereignty gap requires a rethink of service design.</p><p>Sovereignty cannot be addressed through policy alone. It must be embedded into how services are built and delivered. That means:</p><ul><li>Ensuring data can be recovered independently of the primary SaaS environment</li><li>Reducing reliance on single vendors or platforms</li><li>Regularly testing recovery processes</li><li>Providing customers with clear visibility into recovery capabilities</li></ul><p>It also means answering increasingly detailed questions. What happens if access to a SaaS platform is lost? How quickly can data be restored? Where are the dependencies in the recovery chain?</p><p>These are no longer theoretical scenarios. They are becoming part of standard due diligence, particularly in regulated industries.</p><h2 id="from-service-provision-to-assurance">From service provision to assurance</h2><p>As expectations evolve, so too does the role of the MSP. Providers are moving beyond managing infrastructure to delivering assurance. </p><p>Customers are no longer simply buying services; they are seeking confidence that their data is protected, operations remain uninterrupted, and regulatory obligations are met.</p><p>Conversations that once centered on speed, capacity, and cost are now shifting toward reliability, governance, and responsibility.</p><p>For MSPs, this shift presents a clear opportunity. Those who can define and deliver a credible sovereignty strategy will stand out in a market where performance alone is no longer enough. The ability to demonstrate ownership, stability, and continuity is becoming the differentiator.</p><h2 id="sovereignty-redefined">Sovereignty redefined</h2><p>Data sovereignty is evolving. It is no longer defined solely by where data resides, but by whether organizations can truly manage and restore it when it matters most.</p><p>For MSPs, this is a turning point. Those that move beyond uptime and capacity, and instead design for continuity, autonomy, and restoration, will be best placed to meet both regulatory demands and rising customer expectations.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ UK firms left in the dark over what workers are sharing with AI ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/uk-firms-left-in-the-dark-over-what-workers-are-sharing-with-ai</link>
                                                                            <description>
                            <![CDATA[ Security teams can’t keep track of what workers are sharing with AI applications, regardless of whether they’re approved or unauthorized ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Eo7ShySuZws95AM5KSTsqD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/agHuoixY7A7CvZEbCApv4g-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 30 Apr 2026 07:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ ross.kelly@futurenet.com (Ross Kelly) ]]></author>                    <dc:creator><![CDATA[ Ross Kelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Y5vrV2V98Np6jHAGmAtCd3.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Ross Kelly is ITPro&#039;s News &amp;amp; Analysis Editor, with a keen interest in cyber security, business leadership and emerging technologies.&lt;/p&gt;
&lt;p&gt;He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;In his spare time, Ross enjoys cycling, walking and is an avid reader of history and non-fiction.&lt;/p&gt;
&lt;p&gt;You can contact Ross at ross.kelly@futurenet.com or on &lt;a href=&quot;https://twitter.com/rosswritesetc&quot;&gt;Twitter&lt;/a&gt; and &lt;a href=&quot;https://www.linkedin.com/in/ross-kelly-18a54411a/&quot;&gt;LinkedIn&lt;/a&gt;.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/agHuoixY7A7CvZEbCApv4g-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Businesswoman holding handheld device while walking in an abstract data center environment made up of blocks with bright colored data lines flowing on ground.]]></media:description>                                                            <media:text><![CDATA[Businesswoman holding handheld device while walking in an abstract data center environment made up of blocks with bright colored data lines flowing on ground.]]></media:text>
                                <media:title type="plain"><![CDATA[Businesswoman holding handheld device while walking in an abstract data center environment made up of blocks with bright colored data lines flowing on ground.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/agHuoixY7A7CvZEbCApv4g-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Enterprises across the UK are contending with “critical blind spots” over what workers are sharing with AI applications, according to new research. </p><p>A survey from SailPoint found more than two-thirds (67%) of organizations can’t account for the information staff are sharing with AI platforms and <a href="https://www.itpro.com/technology/artificial-intelligence/generative-ai-vs-large-language-models">large language models (LLMs)</a>. </p><p>Worse still, the study noted that 35% of respondents admitted to sharing data through external tools, rather than approved internal applications, which is creating an array of risks for enterprises. </p><p>The rise of ‘<a href="https://www.itpro.com/technology/artificial-intelligence/in-from-the-shadows-ais-uncontrolled-growth">shadow AI</a>’ has become a recurring pain point for organizations over the last two years. Workers using unauthorized applications risk exposing sensitive company data, research shows – and there’s no sign of the trend slowing down. </p><p><a href="https://www.itpro.com/technology/artificial-intelligence/gartner-says-40-percent-of-enterprises-will-experience-shadow-ai-breaches-by-2030-educating-staff-is-the-key-to-avoiding-disaster"><u>Research from Gartner</u></a> in November 2025 predicts that 40% of enterprises will suffer a data breach due to shadow AI by 2030. </p><p>SailPoint noted that the growing shadow AI trend comes in spite of the fact many enterprises are investing heavily in data management and AI capabilities for staff. </p><p>More than four-in-five respondents (82%) said they have invested in additional staff and skills training to help workers better manage AI applications, while 41% have brought on dedicated AI and analytics personnel. </p><p>Notably, nearly half (45%) of IT leaders said they still lack visibility on where information is being shared, and how.</p><h2 id="agentic-ai-poses-new-governance-challenges">Agentic AI poses new governance challenges</h2><p>Mark McClain, CEO and Founder at SailPoint, said the findings show AI can often represent a catch-22 for organizations. While these tools are helping staff, they’re now creating additional risk surfaces for security teams. </p><p>“<a href="https://www.itpro.com/technology/artificial-intelligence/amazing-ai-tools-to-try-today">AI tools</a> can enhance productivity, but they also create serious risk when they operate outside an organization’s visibility and governance,” he said. </p><p>“When sensitive information is entered into unapproved models, it can be exposed, mishandled, or even amplified through errors and hallucinations.”</p><p>McClain warned that with the rise of agentic AI, poor <a href="https://www.itpro.com/strategy/29269/what-is-data-management">data management</a> practices could be further amplified and put businesses at greater risk. </p><iframe allow="" height="200px" width="100%" id="" style="" class="position-center" data-lazy-priority="high" data-lazy-src="https://player.captivate.fm/episode/b6147684-d254-40d8-9409-5f76f5abd749/"></iframe><p>SailPoint noted that the need for greater visibility and oversight is now a priority for many enterprises on account of growing risks. In a <a href="https://www.sailpoint.com/press-releases/sailpoint-ai-agent-adoption-report" target="_blank"><u>previous study from SailPoint</u></a>, four-in-five organizations (80%) revealed that AI agents had performed “unintended actions” such as accessing or sharing inappropriate data. </p><p>UK businesses are adding as many as 10,000 agents and machine identities each month, the company noted, meaning security teams could quickly become overwhelmed. </p><p>"As use of AI systems becomes more widespread, the situation is only going to get more out of control if organizations fail to put the right guardrails in place – compounded by other tools flying under the radar,” McClain commented. </p><p>“Organizations need to stop workarounds and regain control. That takes a combination of skills and awareness, but it also fundamentally boils down to a challenge around identity”</p><h3 class="article-body__section" id="section-follow-us-on-social-media"><span>FOLLOW US ON SOCIAL MEDIA</span></h3>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ‘Reducing reliance on foreign tech infrastructure is key’ to European tech success – and its survival ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/reducing-reliance-on-foreign-tech-infrastructure-is-key-to-european-tech-success-and-its-long-term-survival</link>
                                                                            <description>
                            <![CDATA[ MEPs have once again called for decreased reliance on foreign tech infrastructure ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vfsFwuMro5QuNLntNz24mX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/aeA7CQhtNtuCimyeEWxL7m-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 17 Mar 2026 15:00:00 +0000</pubDate>                                                                                                                                <updated>Wed, 18 Mar 2026 08:35:56 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/aeA7CQhtNtuCimyeEWxL7m-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The 12 stars of the flag of the European Union (EU) imposed over a map of Europe.]]></media:description>                                                            <media:text><![CDATA[The 12 stars of the flag of the European Union (EU) imposed over a map of Europe.]]></media:text>
                                <media:title type="plain"><![CDATA[The 12 stars of the flag of the European Union (EU) imposed over a map of Europe.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/aeA7CQhtNtuCimyeEWxL7m-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>European policymakers are increasingly concerned about digital sovereignty, calling for the development of a technology ecosystem that's less dependent on big US tech firms.</p><p>At workspace platform Wire’s recent <em>European Digital Sovereignty Summit</em> in Brussels, MEPs, industry leaders, and digital experts called for the creation of a digital ecosystem reflecting what they described as European – rather than US – business values: democracy, transparency, and interoperability.</p><p>“Reducing reliance on foreign tech infrastructure is key to protecting democratic stability and data sovereignty, particularly given geopolitical risks," said Wire CEO Benjamin Schilz.</p><p>"<a href="https://www.itpro.com/software/28109/what-is-open-source">Open source</a>, interoperability and transparent standards are essential to build trust, avoid vendor lock-in, and strengthen resilience.” </p><p>Participants highlighted the risks of concentrated browser ownership, reliance on foreign cloud providers, and governance vulnerabilities within major platforms. </p><p>Notably, however, sovereignty must not mean isolation: Europe should remain open and globally engaged but anchored in its own standards and safeguards. </p><p>Jean-Phillipe Scherer, head of EU/NATO Public Affairs for Defence and Space at Airbus, called for a broader mindset shift through more European leadership and education.</p><p>“Individual priorities, rather than national sovereignty, are the greater barrier to European cooperation,” he said.</p><p>There were calls for practical reforms, stronger alignment across AI, semiconductor and <a href="https://www.itpro.com/security/28133/what-is-cyber-security">cybersecurity </a>policy, and for simplification within a deeper single market. </p><h2 id="strained-relations-create-uncertainty">Strained relations create uncertainty</h2><p>The unpredictability of the Trump administration in the US has intensified calls for European digital sovereignty, with figures including European Commission President Ursula von der Leyen and former head of the European Central Bank Mario Draghi, calling for action. </p><p>Just last week, the European Council proposed <a href="https://www.consilium.europa.eu/en/press/press-releases/2026/03/13/council-agrees-position-to-streamline-rules-on-artificial-intelligence/" target="_blank"><u>new regulations</u></a> aiming to reduce dependence on US firms. This includes new proposals to “simplify the EU’s digital legislative framework and the implementation of harmonized rules on AI”.</p><p>“Streamlining the AI rules is essential for ensuring the EU’s digital sovereignty," said Marilena Raouna, deputy minister for European affairs of the Republic of Cyprus. </p><p>"The proposal will bring greater legal certainty, make the rules more proportionate and ensure more harmonised implementation across member states."</p><p>In the UK, calls are growing for a stronger focus on digital sovereignty, with industry stakeholders harboring significant concerns on transatlantic overreliance. </p><p>A survey of over 1,000 UK IT leaders from Civo last year found that more than 60% <a href="https://www.itpro.com/cloud/cloud-computing/reliance-on-us-tech-providers-is-making-it-leaders-skittish"><u>believed the UK government should cut its use of US cloud services</u></a>. </p><p>Key concerns included exposing the country’s digital economy to significant risks with regard to data security, and the impact providers have on the domestic cloud industry.</p><p>The Atlantic Council recently <a href="https://www.atlanticcouncil.org/in-depth-research-reports/report/digital-sovereignty-europes-declaration-of-independence/" target="_blank"><u>warned</u></a> that Trump’s close connections with leading tech executives means that the US administration’s combative posture toward European tech regulation is likely to continue causing friction. </p><p>"Whether a continued focus by the Trump administration on Europe’s digital rules will create an even stronger push in Europe for an exclusive form of digital sovereignty is not yet evident," commented fellows Frances Burwell and Kenneth Propp. </p><p>"What is clear is that without some guidelines, such as those offered in the conclusions to this report, the European Union and United States might find that their differences regarding digital sovereignty and digital rules make creating and maintaining an open transatlantic digital marketplace much more challenging."</p><h2 id="big-tech-is-acting">Big tech is acting</h2><p>Aware of the issue, US tech firms are making efforts to calm European business concerns, particularly with the launch of dedicated sovereign cloud services, </p><p><a href="https://www.itpro.com/cloud/cloud-computing/aws-european-sovereign-cloud-explained">Amazon Web Services (AWS)</a>, <a href="https://www.itpro.com/cloud/cloud-computing/microsoft-ceo-satya-nadella-talks-up-sovereign-cloud-credentials-as-firm-announces-general-availability-for-azure-local-disconnected-new-capabilities-for-foundry-local">Microsoft</a>, and <a href="https://www.itpro.com/cloud/cloud-computing/google-is-getting-serious-on-cloud-sovereignty">Google Cloud</a> have all made moves on this front. Yet despite proactive efforts, lingering doubts still persist. </p><p>As these companies are subject to the US Cloud Act, which allows US law enforcement to demand access to data – even when that’s stored outside the US – European industry stakeholders continue to voice concerns. </p><p>Last year, Microsoft president Brad Smith <a href="https://www.itpro.com/cloud/cloud-computing/microsoft-says-itll-protect-eu-cloud-customers-from-shutdown-demands">claimed the tech giant would take the US government to court</a> if forced to comply with data requests by the US administration. </p><h3 class="article-body__section" id="section-follow-us-on-social-media"><span>FOLLOW US ON SOCIAL MEDIA</span></h3>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do that ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/cisas-interim-chief-uploaded-sensitive-documents-to-a-public-version-of-chatgpt-security-experts-explain-why-you-should-never-do-that</link>
                                                                            <description>
                            <![CDATA[ The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ag8EffcAihF68rt6w3GYZF</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/dFiSMke7iCE59e29NuVMg8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 30 Jan 2026 17:45:00 +0000</pubDate>                                                                                                                                <updated>Fri, 30 Jan 2026 19:38:58 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ ross.kelly@futurenet.com (Ross Kelly) ]]></author>                    <dc:creator><![CDATA[ Ross Kelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Y5vrV2V98Np6jHAGmAtCd3.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Ross Kelly is ITPro&#039;s News &amp;amp; Analysis Editor, with a keen interest in cyber security, business leadership and emerging technologies.&lt;/p&gt;
&lt;p&gt;He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;In his spare time, Ross enjoys cycling, walking and is an avid reader of history and non-fiction.&lt;/p&gt;
&lt;p&gt;You can contact Ross at ross.kelly@futurenet.com or on &lt;a href=&quot;https://twitter.com/rosswritesetc&quot;&gt;Twitter&lt;/a&gt; and &lt;a href=&quot;https://www.linkedin.com/in/ross-kelly-18a54411a/&quot;&gt;LinkedIn&lt;/a&gt;.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/dFiSMke7iCE59e29NuVMg8-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Insignia of the Cybersecurity and Infrastructure Security Agency (CISA) pictured on a smartphone screen.]]></media:description>                                                            <media:text><![CDATA[Insignia of the Cybersecurity and Infrastructure Security Agency (CISA) pictured on a smartphone screen.]]></media:text>
                                <media:title type="plain"><![CDATA[Insignia of the Cybersecurity and Infrastructure Security Agency (CISA) pictured on a smartphone screen.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/dFiSMke7iCE59e29NuVMg8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Security experts have warned about the dangers of ‘shadow AI’ after the interim chief of the <a href="https://www.itpro.com/security/what-is-cisa">Cybersecurity and Infrastructure Security Agency (CISA)</a> uploaded sensitive documents to a public version  of <a href="https://www.itpro.com/technology/artificial-intelligence/over-reliance-on-chatgpt-could-harm-worker-performance">ChatGPT</a>. </p><p>According to reports from <a href="https://www.politico.com/news/2026/01/27/cisa-madhu-gottumukkala-chatgpt-00749361" target="_blank"><u><em>Politico</em></u></a>, Madhu Gottumukkala uploaded documents to the popular AI tool despite it being blocked for other DHS employees at the time. </p><p>The incident prompted an “internal review” after triggering security features designed to prevent theft or mistaken disclosure of government materials, sources told the publication. </p><p>While this review found none of the files uploaded to the chatbot were classified, they did include CISA contracting documents marked “for official use only”. </p><p>CISA’s director of public affairs, Marci McCarthy, told Politico that Gottumukkala was granted permission to use ChatGPT “with DHS controls in place,” adding that use of the chatbot was “short-term and limited”. </p><p>Alastair Paterson, CEO and co-founder at Harmonic Security, told <em>ITPro </em>that the incident is concerning and highlights the potential for AI-related blunders even in tightly controlled environments. </p><p>“It’s obviously embarrassing but not without precedent,” he said. “When DeepSeek launched it was <a href="https://www.bloomberg.com/news/articles/2025-01-30/pentagon-workers-used-deepseek-s-chatbot-for-days-before-block" target="_blank"><u>reported </u></a>that staff at the Pentagon used it for days before it was blocked. It shows that any organization is susceptible to the risk of shadow AI and the need for urgent controls.”</p><h2 id="shadow-ai-is-becoming-a-serious-problem">Shadow AI is becoming a serious problem</h2><p>Despite there being no serious ramifications in the wake of the blunder, security experts nonetheless told <em>ITPro </em>that uploading sensitive information to unauthorized tools can pose serious risks to organizations. </p><p>This is an issue that has grown significantly over the last three years, with the increased use of <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI </a>in the enterprise giving rise to concerns about ‘<a href="https://www.itpro.com/technology/artificial-intelligence/the-risks-of-shadow-ai-and-what-leaders-can-do-to-prevent-it">shadow AI</a>’. </p><p>This refers to the use of <a href="https://www.itpro.com/technology/artificial-intelligence/amazing-ai-tools-to-try-today">AI tools</a> that haven’t been expressly authorized by security teams, meaning they can’t keep track of documents or potentially sensitive corporate information uploaded to the chatbots. </p><p>A recent <a href="https://privacy.blackfog.com/wp-content/uploads/2026/01/2026-BlackFog-Shadow-AI-Research_v1.pdf" target="_blank"><u>survey from BlackFog</u></a>, for example, found that nearly half (49%) of workers admitted to having used AI tools in the workplace without approval, often sharing sensitive data with free versions of popular solutions like ChatGPT. </p><p>Carl Wearn, head of threat intelligence analysis and future ops at Mimecast, told <em>ITPro </em>that the shadow AI practices have serious long-term implications for data protection and cybersecurity. </p><p>“The risk itself is straightforward but serious. Once contracts, emails, or internal documents are entered into a public AI model, control is lost in seconds,” he said. </p><p>“There’s often no clear way to retrieve that data or understand where it may surface next.”</p><p>In most cases, Wearn noted that there’s “no malicious intent” and workers are simply being careless. This is, at least in part, due to demands placed on workers “in the name of efficiency”. </p><p>“Shadow AI is accelerating because people are under pressure to move faster,</p><p>not because they are careless,” he told ITPro. </p><h2 id="leadership-needs-to-take-responsibility">Leadership needs to take responsibility</h2><p>While these activities are prevalent among workers, research shows leadership figures are also engaging in - and even encouraging - dangerous shadow AI practices. </p><p>BlackFog’s survey found more than two thirds (69%) of C-suite members said they’re happy to prioritize speed over privacy in many cases, signaling somewhat of a seal of approval for workers to engage in risky practices to speed up processes. </p><p>Wearn noted that management figures should lead by example on this front by engaging with staff to set clear guidelines. </p><p>“Leadership, accountability, and clarity now matter just as much as the technology itself,” he said. “Organizations that establish governance frameworks today will be better positioned to harness AI’s benefits while protecting what matters most.”</p><h3 class="article-body__section" id="section-follow-us-on-social-media"><span>FOLLOW US ON SOCIAL MEDIA</span></h3>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Digital sovereignty: enterprises need to protect against known unknowns ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/digital-sovereignty-enterprises-known-unknowns</link>
                                                                            <description>
                            <![CDATA[ How digital sovereignty protects against known unknowns ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">eKb6xePCgxQ7DHdrcRnMz5</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/pRhefonPokRnWg4pyjgCe-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 23 Jan 2026 11:05:33 +0000</pubDate>                                                                                                                                <updated>Thu, 26 Feb 2026 09:43:18 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Stephen Pritchard ]]></dc:creator>                                                                                                        <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/pRhefonPokRnWg4pyjgCe-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A map of the world formed from glowing, blue digital data points to represent data sovereignty.]]></media:description>                                                            <media:text><![CDATA[A map of the world formed from glowing, blue digital data points to represent data sovereignty.]]></media:text>
                                <media:title type="plain"><![CDATA[A map of the world formed from glowing, blue digital data points to represent data sovereignty.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/pRhefonPokRnWg4pyjgCe-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The late Donald Rumsfeld famously divided problems into three: known knowns, known unknowns, and the unknown unknowns.</p><p>For the former US Secretary of Defense, known knowns were risks we know about; known unknowns as “things we know… we do not know”. And unknown unknowns were those problems “we don’t know we don’t know”.</p><p>Rumsfeld believed that unknown unknowns posed the gravest threats to the US and its allies. But when it comes to organizations keeping their operations running, “sovereign” control over their systems is increasingly, a known unknown. We know there is a risk with digital sovereignty, but as yet, it is not clear where that risk lies.</p><p>Recent world events have brought geopolitical risks to the fore. And, over the last few years the risk that governments, or a vendor working to a government’s orders, could cut off an organization from its technology or deny access to their data, has moved firmly into the realm of the possible.</p><p>There is an ongoing debate about whether Chinese vendors in particular have granted their government <a href="https://www.itpro.com/security/malware/chinese-hackers-are-using-stealthy-and-resilient-brickstorm-malware-to-target-vmware-servers-and-hide-in-networks-for-months-at-a-time"><u>back-door access to their systems</u></a> (the vendors strenuously deny this). And lately, western analysts have expressed concern about “kill switches” in Chinese-made electric vehicles <a href="https://www.standard.co.uk/news/world/british-buses-chinese-kill-switch-b1264854.html" target="_blank"><u>including London buses</u></a>, <a href="https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/" target="_blank"><u>solar power invertors</u></a> and other critical equipment.</p><p>But concerns about access to data come from the other side of the world. Legislation, such as the <a href="https://www.itpro.com/security/privacy/361221/could-the-us-cloud-act-force-uk-channel-companies-to-break-gdpr"><u>US CLOUD Act (Clarifying Lawful Overseas Use of Data)</u></a> allows US law enforcement agencies to demand that US vendors hand over data, even when it is stored outside the United States. This puts US legislation in direct conflict with regulations such as <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know"><u>GDPR</u></a>.</p><p>At the same time, European rules, such as the <a href="https://commission.europa.eu/document/download/09579818-64a6-4dd5-9577-446ab6219113_en"><u>EU’s Cloud Sovereignty Framework</u></a>, propose strategic, legal and jurisdictional, and data and AI sovereignty for cloud systems. All this could mean that enterprises are no longer able to simply host their data, or run systems, in the way that best suits their budgets or operational requirements.</p><h2 id="fundamental-questions">Fundamental questions</h2><p>Where systems are, and where data reside, are now fundamental questions. And these are not easy questions for CIOs to answer.</p><p>“Data sovereignty is about where your data sits, and who has jurisdiction over it,” explains Moona Ederveen-Schneider, founder of Resilia Connect, a consultancy. “Digital sovereignty is far more expansive: it is about control over the entire technology stack, <a href="https://www.itpro.com/cloud/cloud-computing/what-is-a-sovereign-cloud">cloud infrastructure</a>, operating systems, <a href="https://www.itpro.com/hardware/can-the-west-bring-chip-production-home">chips</a>, <a href="https://www.itpro.com/technology/artificial-intelligence/bt-unveils-sovereign-platform-to-secure-uk-ai-and-cloud-infrastructure">telecoms networks</a>, and increasingly <a href="https://www.itpro.com/infrastructure/can-the-uk-achieve-ai-sovereignty">AI models</a>. You can have data sovereignty without digital sovereignty, but not the reverse,” she tells <em>ITPro</em>.</p><p>Laws and regulations, though, are not the only reasons for concern about sovereignty. As Ederveen-Schneider points out, <a href="https://www.itpro.com/infrastructure/the-microsoft-azure-outage-explained-what-happened-who-was-impacted-and-what-can-we-learn-from-it"><u>high-profile outages</u></a> and cyber attacks have forced organizations to reconsider whether they have any real strategic autonomy. “We are seeing the collision of technology and geopolitics,” she says. “<a href="https://www.itpro.com/cloud/cloud-computing/nutanix-wants-to-help-customers-shore-up-cloud-sovereignty"><u>Single vendor dependency</u></a> looked like an efficiency gain until it became a national security risk.”</p><p>Organizations in Europe (including the UK) are now largely aware of the need for data sovereignty, not least because of GDPR.</p><p>But broader digital sovereignty is more difficult. And full technology sovereignty might not even be possible, or at least not on terms commercial organizations could bear. Achieving technology sovereignty would mean going all the way down the technology stack, ultimately to the level of rare earths and chip foundries, as well as the <a href="https://www.itpro.com/infrastructure/why-the-uk-is-primed-to-lead-a-global-charge-in-green-ai-innovation">energy needed to power them</a>.</p><p>“No country anywhere in the world can at this point in time have technology sovereignty,” warns Martha Bennett, VP principal analyst at Forrester. “It would probably be feasible for the US or the EU to get a degree of sovereignty that is currently unprecedented, but it would cost,” she tells <em>ITPro</em>. “Sovereignty is about control, but what degree of control do you require, and how realistic is it for you to get that control?”</p><p>“Depending on what your requirements are, there might not even be any cloud provider in Europe that can support what you need. So that needs to be built,” she cautions. “Even if it is there, there are not the same economies of scale. It always comes back to costs: what are you prepared to pay for.”</p><p>The barriers to sovereignty, then, are both cost and practicalities. Infrastructure and technology, from physical facilities and energy to software stacks and <a href="https://www.itpro.com/security/the-top-api-risks-and-how-to-mitigate-them"><u>APIs</u></a>, might not be available.</p><p>Where they are, they cost more. “Fragmenting procurement requirements mean enterprises might need different cloud providers for different markets, and sovereign alternatives often cost 15-30% more,” says Ederveen-Schneider. But this is not a niche compliance issue. It is reshaping how multinationals operate.”</p><p>Nonetheless, the drive towards digital sovereignty, or strategic autonomy, has prompted organizations to reconsider both their cloud and their software strategies.</p><h2 id="sovereignty-autonomy-and-compromises">Sovereignty, autonomy and compromises</h2><p>Moving hosting away from (US-based) hyperscalers is increasingly possible, but comes with higher costs and potentially, less advanced technology.</p><p>Vendors, including the cloud hyperscalers, have responded by creating availability zones and regions within Europe. SaaS providers give European businesses the option to host data within the EU or UK.</p><p>In 2025 alone, Microsoft launched a <a href="https://www.itpro.com/cloud/cloud-computing/microsoft-sovereign-cloud-launch-eu-customers"><u>cloud sovereignty scheme</u></a>, Google <a href="https://www.itpro.com/cloud/cloud-computing/google-is-getting-serious-on-cloud-sovereignty"><u>expanded its sovereign cloud services</u></a> to cover over 42 cloud regions and announced <a href="https://www.itpro.com/technology/artificial-intelligence/google-cloud-uk-sovereign-data-agentic-ai"><u>UK residency for agentic AI services</u></a>. AWS kicked off 2026 by making its <a href="https://www.itpro.com/cloud/cloud-computing/aws-european-sovereign-cloud-explained"><u>European Sovereign Cloud</u></a> generally available for enterprises.</p><p>Others made similar moves, such as <a href="https://www.suse.com/news/suse-eu-sovereign-premium-support-launch/"><u>Linux distributor SUSE which launched</u></a> a standalone data sovereignty unit. </p><p>“We like cloud, but you need something else,” Kim Larsen, CISO at Keepit, a cloud and data protection provider with a significant European presence, tells <em>ITPro</em>.</p><p>“What is the sanity in putting critical data in the cloud? That depends on which cloud you are using and if it suddenly becomes subject to political manoeuvres.”</p><p>He points to vendor-independent clouds and physical and logical separation between production and backup data as keys to autonomy, if not sovereignty.</p><p>Hardware companies, and data storage vendors in particular, also increasingly promote sovereignty as one reason to host at least some data in-house, rather than on the public cloud.</p><p>Moving from proprietary software to <a href="https://www.itpro.com/software/28109/what-is-open-source"><u>open source</u></a> could also reduce the risk of a government restricting access to essential technology. But this is not guaranteed. “Going for open source doesn’t necessarily address your sovereignty problem, if you pick a piece of software where the sole maintainer is Dmitry in Moscow,” Bennett warns.</p><p>To address these challenges, analysts at Forrester have developed a concept of “<a href="https://www.forrester.com/blogs/minimum-viable-sovereignty-a-smarter-path-for-tech-leaders/" target="_blank"><u>minimum viable sovereignty</u></a>”. Here, organisations set out the technology requirements they need, map these against what the markets offer and, of course, the costs.</p><p>As author Dario Maisto points out, “not every workload requires sovereign infrastructure – and overengineering can be costly and inefficient.”</p><p>Even so, the need for digital sovereignty looks set to move from a known unknown, to known known, in the coming year.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Fears over “AI model collapse” are fueling a shift to zero trust data governance strategies ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/fears-over-ai-model-collapse-are-fueling-a-shift-to-zero-trust-data-governance-strategies</link>
                                                                            <description>
                            <![CDATA[ Gartner warns of "model collapse" as AI-generated data proliferates – and says organizations need to beware ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jfdsUzHmNHhmH3JsjBzq8d</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Ux3V79nc6iXyfwiHXRzQi3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 22 Jan 2026 08:50:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Ux3V79nc6iXyfwiHXRzQi3-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[AI zero trust concept image showing shield symbol with digitized human brain in a circle, with distributed red data points with skull symbols.]]></media:description>                                                            <media:text><![CDATA[AI zero trust concept image showing shield symbol with digitized human brain in a circle, with distributed red data points with skull symbols.]]></media:text>
                                <media:title type="plain"><![CDATA[AI zero trust concept image showing shield symbol with digitized human brain in a circle, with distributed red data points with skull symbols.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Ux3V79nc6iXyfwiHXRzQi3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Fears over unverified AI-generated data are pushing organizations to implement a zero trust posture for stronger data governance.</p><p><a href="https://www.itpro.com/technology/artificial-intelligence/three-open-source-large-language-models-you-can-use-today">Large language models (LLMs)</a> are typically trained on web-scraped data, and as the use of generative AI grows these sources increasingly contain AI-generated content. </p><p>This is set to accelerate in the coming years, according to Gartner. Analysis from the consultancy found 84% of respondents expect their organization to increase funding for <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai">generative AI</a> in 2026 – meaning that the volume of AI-generated data will continue to rise. </p><p>As a result, future generations of LLMs will increasingly be trained on outputs from previous models – outputs that may be inaccurate or biased. This means an ever-heightening risk of “model collapse,” where <a href="https://www.itpro.com/technology/artificial-intelligence/amazing-ai-tools-to-try-today">AI tools’</a> responses may no longer accurately reflect reality.</p><p>"Organizations can no longer implicitly trust data or assume it was human-generated,” said Wan Fui Chan, managing VP at Gartner. </p><p>“As AI-generated data becomes pervasive and indistinguishable from human-created data, a zero trust posture establishing authentication and verification measures is essential to safeguard business and financial outcomes.” </p><p>By 2028, Gartner found the proliferation of unverified AI-generated data is set to have prompted 50% of organizations to have implemented a zero trust posture for data governance.</p><p>Active metadata management practices will become a key differentiator for firms, the consultancy said, and organizations should consider taking several strategic actions.</p><h2 id="how-to-approach-a-zero-trust-data-governance-strategy">How to approach a zero trust data governance strategy</h2><p>According to Gartner, IT leaders should appoint a dedicated AI governance leader, responsible for AI governance, including zero trust policies, AI risk management, and compliance operations. </p><p>This person should work closely with data and analytics (D&A) teams to make sure that both AI-ready data and systems are capable of handling AI-generated content.</p><p>Cross-functional teams should also be established, including cybersecurity, D&A, and other relevant stakeholders. </p><p>These teams will carry out comprehensive data risk assessments to identify business risks related to AI-generated data - and decide which activities need new strategies.</p><p>Elsewhere, building on current D&A governance frameworks will be crucial to tackling the issue, according to Gartner. The creation of new or updated frameworks will focus primarily on updating security, metadata management, and ethics-related policies to address new risks arising from AI-generated data.</p><h2 id="regulatory-compliance-challenges-are-afoot">Regulatory compliance challenges are afoot</h2><p>As AI-generated content becomes more prevalent, Chan warned that regulatory requirements for verifying ‘AI-free’ data are likely to intensify. </p><p>Crucially, these could differ significantly across geographies, posing serious compliance challenges. </p><p>“In this evolving regulatory environment, all organizations will need the ability to identify and tag AI-generated data," he warned. </p><p>"Success will depend on having the right tools and a workforce skilled in information and knowledge management, as well as metadata management solutions that are essential for data cataloguing.” </p><h3 class="article-body__section" id="section-follow-us-on-social-media"><span>FOLLOW US ON SOCIAL MEDIA</span></h3>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ UK government renews demand for Apple iCloud encrypted data access ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/uk-government-renews-demand-for-apple-icloud-encrypted-data-access</link>
                                                                            <description>
                            <![CDATA[ A new technical capability notice limits the request to UK data only, but still raises significant concerns ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">MbH4P8m4XbysZEB4vRL7S9</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xFFY74w8NVNvf4jaQpUham-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 03 Oct 2025 11:09:10 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xFFY74w8NVNvf4jaQpUham-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A pedestrian passes by an Apple smart products flagship store on Nanjing Road in Shanghai, China on June 29, 2025.]]></media:description>                                                            <media:text><![CDATA[A pedestrian passes by an Apple smart products flagship store on Nanjing Road in Shanghai, China on June 29, 2025.]]></media:text>
                                <media:title type="plain"><![CDATA[A pedestrian passes by an Apple smart products flagship store on Nanjing Road in Shanghai, China on June 29, 2025.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xFFY74w8NVNvf4jaQpUham-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The UK government has reportedly renewed its demand that Apple provide it with backdoor access to <a href="https://www.itpro.com/business/policy-and-legislation/uk-governments-attempt-to-strongarm-apple-into-backdoor-adp-is-a-travesty">encrypted iCloud user data</a>.</p><p>Earlier this year, it backed down on the issue after a furious response from <a href="https://www.itpro.com/policy-legislation/34515/what-has-donald-trump-done-for-the-tech-industry-so-far">Donald Trump</a>. Apple, meanwhile, withdrew its most secure cloud storage service, <a href="https://www.itpro.com/security/encryption/369668/apple-steps-up-user-security-with-end-to-end-encryption-for-icloud">iCloud Advanced Data Protection</a>, from the UK in response. </p><p>Now, though, according to the <a href="https://www.ft.com/content/d101fd62-14f9-4f51-beff-ea41e8794265"><em>Financial Times</em></a>, the government is once again asking for access. This time, however, the technical capability notice (TCN) would apply only to the data of British citizens, rather than worldwide.</p><p>Both Apple and the Home Office are restricted by law from discussing the TCNs, which are issued under the UK Investigatory Powers Act. </p><p>Trump described the UK's earlier demands as 'something that you hear about with China' – and the Electronic Frontier Foundation (EFF) is inclined to agree, saying that the new TCN is just as dangerous as the first.</p><p>"As we've said time and time again, any backdoor built for the government puts everyone at greater risk of hacking, identity theft, and fraud," said EFF security and privacy activist Thorin Klosowski. </p><p>"It sets a dangerous precedent to demand similar data from other companies, and provides a runway for other authoritarian governments to issue comparable orders."</p><p>According to the <em>FT</em>, the US is no longer pushing the UK government to drop its demands. However, said Matthew Sinclair, UK senior director of the Computer and Communications Industry Association (CCIA), the government's decision to limit its request to UK data doesn't answer concerns.</p><p>"It is very concerning that reports again suggest that the Home Office is undermining security for British users of important cloud services," he said.</p><p>"Even if some changes have been made to reduce the extra-territorial impact, it is clear that any vulnerability will have implications beyond the UK's borders, creating a weak link in global efforts to improve security online. Changes to this law are urgently needed to stop this fundamental threat to encryption and ensure that the UK is not holding up important security improvements."   </p><p>And, said Privacy International, end-to-end encryption can't be removed from iCloud services for the UK only when those services are used worldwide.</p><p>"Unless Apple plans to build walled-off systems just for UK users, so it can then undermine the security of UK users alone for the UK government, then this new order could have a quite similar impact to the old one," it said. </p><p>"This could also put at risk information like user passwords, location, and health data. By using a secret order to undermine the security of Apple products, the UK government is making security harder for us all."</p><p>And, it warned, "If this new order isn't stopped, the UK government will likely issue similar orders to other companies, too."</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/business/policy-and-legislation/uk-governments-attempt-to-strongarm-apple-into-backdoor-adp-is-a-travesty">I think the UK government's attempt to strong-arm Apple into giving it an ADP backdoor is a travesty – and so does most of the industry</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Let’s talk about digital sovereignty ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/lets-talk-about-digital-sovereignty</link>
                                                                            <description>
                            <![CDATA[ In the age of AI and cloud, where data resides is a key consideration ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ZUG8vEyn5AQRo84sgeh7XE</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9s9AUXad7LHrtEdLWybwvE-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 05 Sep 2025 12:17:25 +0000</pubDate>                                                                                                                                <updated>Tue, 23 Dec 2025 14:10:32 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ jane.mccallion@futurenet.com (Jane McCallion) ]]></author>                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Wq9nnLr7TNkY8gyBRb7YsA.jpeg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jane is managing editor at ITPro and ChannelPro. She started out with the brands as a staff writer specializing in cloud computing before going on to become senior writer and reports editor, managing the content and creation of ITPro’s quarterly whitepapers. During this time, she broadened her expertise to include cybersecurity, data centers and enterprise IT infrastructure. In 2016, she became features editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, data centers, and business strategy.&lt;/p&gt;&lt;p&gt;In October 2021, she became the sites’ deputy editor, before moving to the role of managing editor in June 2024. Although she now has a more strategic role,  she is still a specialist in enterprise IT infrastructure, business strategy, and cybersecurity.&lt;/p&gt;&lt;p&gt;Jane holds an MA in journalism from Goldsmiths, University of London, and a BA in Applied Languages from the University of Portsmouth. She is fluent in French and Spanish, and has written features in both languages.&lt;/p&gt;&lt;p&gt;Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9s9AUXad7LHrtEdLWybwvE-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Ransomware concept image showing a digitized padlock symbol placed on top of a digital interface, symbolizing locked files. ]]></media:description>                                                            <media:text><![CDATA[Ransomware concept image showing a digitized padlock symbol placed on top of a digital interface, symbolizing locked files. ]]></media:text>
                                <media:title type="plain"><![CDATA[Ransomware concept image showing a digitized padlock symbol placed on top of a digital interface, symbolizing locked files. ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9s9AUXad7LHrtEdLWybwvE-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <iframe allow="" height="200px" width="100%" id="" style="" data-lazy-priority="low" data-lazy-src="https://player.captivate.fm/episode/262755da-ee96-4535-9f89-e5f3fef11e0b/"></iframe><p>Digital sovereignty is an issue that has been bubbling away in the background of IT for some time but doesn’t often see the limelight. In this episode of the ITPro Podcast, we’ve decided to change that.</p><p>From sovereign clouds to AI, Jane McCallion and Ross Kelly dig into what digital sovereignty is, how it’s being used, and its relationship with AI, cloud, and national data regulations.</p><h2 id="highlights">Highlights</h2><p>“The World Economic Forum describes digital sovereignty as the ability to have control over your own digital destiny andI think that's a really great way of describing it. And when you look at how the EU has positioned itself in recent years, that certainly is the key focus there – it's all about … maintaining control.”</p><p>“You can't understate the impact of regulatory compliance in the EU – that's the huge driving factor, Microsoft, AWS, Oracle, Google Cloud, they wouldn't be bending over backwards if they didn't know the risks there. And for individual organizations as well as customers of these providers, they're the ones that are pushing for this because they're conscious of their compliance as well.”</p><h2 id="related-links">Related links</h2><ul><li><a href="https://www.itpro.com/cloud/cloud-computing/sovereign-cloud-services-are-now-the-bare-minimum-expected-by-customers-and-hyperscalers-are-scrambling-to-meet-demand"><u>Sovereign cloud services are now the “bare minimum” expected by customers, and hyperscalers are scrambling to meet demand</u></a></li><li><a href="https://www.itpro.com/cloud/cloud-computing/microsoft-sovereign-cloud-launch-eu-customers"><u>What the new Microsoft Sovereign Cloud push means for European customers</u></a></li><li><a href="https://www.itpro.com/cloud/cloud-computing/aws-says-only-europeans-will-run-its-european-sovereign-cloud-service"><u>AWS says only Europeans will run its European Sovereign Cloud service</u></a></li><li><a href="https://www.itpro.com/cloud/cloud-computing/what-is-a-sovereign-cloud"><u>What is a sovereign cloud?</u></a></li><li><a href="https://www.itpro.com/cloud/cloud-management/sap-wants-to-take-data-sovereignty-to-the-next-level-with-new-on-site-infrastructure-options"><u>SAP wants to take data sovereignty to the next level with new 'on-site' infrastructure options</u></a></li><li><a href="https://www.itpro.com/business/business-strategy/hpe-launches-exclusive-sovereign-cloud-offering-for-the-channel"><u>HPE launches exclusive sovereign cloud offering for the channel</u></a></li></ul><h2 id="subscribe">Subscribe </h2><ul><li><a href="https://apple.sjv.io/c/221109/473657/7613?subId1=itpro-gb-1243831151189624600&sharedId=itpro-gb&u=https%3A%2F%2Fpodcasts.apple.com%2Fgb%2Fpodcast%2Fthe-itpro-podcast%2Fid1483810154"><u>Subscribe to The IT Pro Podcast on Apple Podcasts</u></a></li><li><a href="https://open.spotify.com/show/7HpYehTy752KmtbwpOAgRZ"><u>Subscribe to The IT Pro Podcast on Spotify</u></a></li><li><a href="https://www.itpro.co.uk/newsletter-signup"><u>Subscribe to the IT Pro newsletter</u></a></li><li><a href="https://uk.linkedin.com/company/itpro-uk"><u>Join us on LinkedIn</u></a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ From Mishaps to Meltdowns. Could you fully recover your Active Directory? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/from-mishaps-to-meltdowns-could-you-fully-recover-your-active-directory</link>
                                                                            <description>
                            <![CDATA[ Download Now ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">NcRLcucKeDYJgDEk2xoqnA</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9wNiMuCMUbNSSKb7SmCdYY-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 13 Aug 2025 14:39:16 +0000</pubDate>                                                                                                                                <updated>Wed, 13 Aug 2025 14:39:25 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ dale.walker@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/JpDGYSnD7yNNModq5jFThm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/9wNiMuCMUbNSSKb7SmCdYY-1280-80.png">
                                                            <media:credit><![CDATA[Commvault]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Could you fully recover your active directory]]></media:description>                                                            <media:text><![CDATA[Could you fully recover your active directory]]></media:text>
                                <media:title type="plain"><![CDATA[Could you fully recover your active directory]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9wNiMuCMUbNSSKb7SmCdYY-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>What happens when the system that keeps your business running goes down? Active Directory is the backbone of enterprise identity and access management, authenticating millions of users worldwide. If AD goes offline, so does the business - making it a prime target for attackers.</p><p>Are you prepared for the worst-case scenario?</p><p>Join Commvault experts for an immersive webinar where we'll simulate a real-world Active Directory outage. Witness the cascading effects of AD failure and learn how to accelerate the restoration of AD—and business operations—fast. Discover tools and tactics to streamline recovery, minimize downtime, and protect access to essential systems. </p><p>Bonus:  <br>Get a live demo of Commvault’s upcoming automated AD forest recovery solution! </p><p><strong>Key Takeaways: </strong></p><p>Why AD protection and recovery should be a top priority.</p><p>The critical role AD recovery plays in your overarching cyber recovery plan.</p><p>How to automate AD recovery to minimize downtime and get the business back online fast. </p><iframe allow="" height="1000" width="100%" id="" style="" data-lazy-priority="low" data-lazy-src="https://dennistrk.cvtr.io/click?lid=178763&sid=&pid=3"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Data (Use and Access) Act comes into force ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/data-use-and-access-act-comes-into-force</link>
                                                                            <description>
                            <![CDATA[ Organizations will be required to have an effective data protection complaints procedure and fulfil new requirements for online services that children are likely to use ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">YrhjXAqUoDhXLdoonRPJBV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xCYoySEaBmvVjAaicHQGX8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 20 Jun 2025 10:20:35 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xCYoySEaBmvVjAaicHQGX8-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A side-on shot of someone&#039;s hands using a laptop and holding a phone, overlaid with text and information blocks representing online payments, delivery, and payment APIs.]]></media:description>                                                            <media:text><![CDATA[A side-on shot of someone&#039;s hands using a laptop and holding a phone, overlaid with text and information blocks representing online payments, delivery, and payment APIs.]]></media:text>
                                <media:title type="plain"><![CDATA[A side-on shot of someone&#039;s hands using a laptop and holding a phone, overlaid with text and information blocks representing online payments, delivery, and payment APIs.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xCYoySEaBmvVjAaicHQGX8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Data (Use and Access) Act has received royal assent and has now become law, with its various provisions coming into force over the next 12 months.</p><p>Updating the UK <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">General Data Protection Regulation</a> (UK GDPR), the <a href="https://www.itpro.com/data-protection/34061/what-is-the-data-protection-act-2018">Data Protection Act 2018</a> (DPA), and the Privacy and Electronic Communications Regulations (PECR), it sets out how personal information can be used for research. </p><p>It loosens restrictions on some automated decision making, makes provisions for using some cookies without consent, and allows charities to send people electronic mail marketing without consent in certain circumstances. It also requires organisations to have a data protection complaints procedure and introduces a new lawful basis of recognised legitimate interests.</p><p>"For too long, previous governments have been sitting on a goldmine of data, wasting a powerful resource which can be used to help families juggle food costs, slash tedious life admin, and make our NHS and police work smarter," said technology secretary Peter Kyle.</p><p>"These new laws will finally unleash that power for hardworking people – putting cash back in pockets and boosting vital public services, all part of our Plan for Change."</p><p>The government is pushing the benefits to the NHS, saying it will ensure that healthcare information, such as a patient's pre-existing conditions, appointments, and tests, can easily be accessed in real time across all NHS trusts, GP surgeries, and ambulance services, no matter what IT system they're using. </p><p>Enabling data sharing across platforms, it said, will save NHS staff 140,000 hours a year in admin tasks.  </p><p>"No longer will patients be left waiting needlessly for treatment as NHS staff battle 'computer says no' bureaucracy," said secretary of state for health and social care Wes Streeting.</p><p>"We're making it easier for GPs, nurses, and paramedics to access the information they need, when they need it, safely, securely, and at speed."</p><p>The Act gives the Information Commissioner's Office (ICO) new powers, including the ability to compel witnesses to attend interviews, request technical reports, and issue fines of up to £17.5 million or 4% of global turnover under Privacy and Electronic Communications Regulations (PECR). </p><p>The ICO has published a catalogue of resources to help explain what this new legislation means for businesses.</p><p>"Over the coming months we will launch new guidance, open consultations, and provide practical tools to help embed the Act's principles into everyday operations," said <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">information commissioner</a> John Edwards. </p><p>"Our goal is to ensure that data can be used confidently and responsibly to deliver better services, drive economic growth, and uphold public trust."</p><p>Organizations, said the ICO, should prepare by familiarizing themselves with the changes, making sure they're doing enough to satisfy the new explicit requirements for online services that children are likely to use and, if necessary, overhauling their complaints procedures. </p><p>There's more information from the government <a href="https://www.gov.uk/government/publications/data-use-and-access-bill-factsheets">here</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ NinjaOne completes $270 million Dropsuite acquisition in 'major step forward' for data protection capabilities ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/acquisition/ninjaone-completes-usd270-million-dropsuite-acquisition-in-major-step-forward-for-data-protection-capabilities</link>
                                                                            <description>
                            <![CDATA[ The addition marks a “major step forward” for NinjaOne’s data protection and resilience efforts, said CEO Sal Sferlazza ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">6wekQiCGxoZFvsNasWeu6P</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/GWhk5JSjforka7xjxfjink-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 03 Jun 2025 10:50:08 +0000</pubDate>                                                                                                                                <updated>Fri, 20 Jun 2025 18:05:12 +0000</updated>
                                                                                                                                            <category><![CDATA[Acquisition]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                <author><![CDATA[ ross.kelly@futurenet.com (Ross Kelly) ]]></author>                    <dc:creator><![CDATA[ Ross Kelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Y5vrV2V98Np6jHAGmAtCd3.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Ross Kelly is ITPro&#039;s News &amp;amp; Analysis Editor, with a keen interest in cyber security, business leadership and emerging technologies.&lt;/p&gt;
&lt;p&gt;He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;In his spare time, Ross enjoys cycling, walking and is an avid reader of history and non-fiction.&lt;/p&gt;
&lt;p&gt;You can contact Ross at ross.kelly@futurenet.com or on &lt;a href=&quot;https://twitter.com/rosswritesetc&quot;&gt;Twitter&lt;/a&gt; and &lt;a href=&quot;https://www.linkedin.com/in/ross-kelly-18a54411a/&quot;&gt;LinkedIn&lt;/a&gt;.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/GWhk5JSjforka7xjxfjink-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[NinjaOne logo and branding pictured on a smartphone with company logo also pictured in background in white and light blue coloring.]]></media:description>                                                            <media:text><![CDATA[NinjaOne logo and branding pictured on a smartphone with company logo also pictured in background in white and light blue coloring.]]></media:text>
                                <media:title type="plain"><![CDATA[NinjaOne logo and branding pictured on a smartphone with company logo also pictured in background in white and light blue coloring.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/GWhk5JSjforka7xjxfjink-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/technology/ultimate-guide-to-endpoint-management">Endpoint management</a> provider NinjaOne has completed its acquisition of Dropsuite in a deal valued at $270 million. </p><p>Founded in 2011, Dropsuite specializes in <a href="https://www.itpro.com/cloud/software-as-a-service-saas/362655/what-is-saas">SaaS</a> backup and data protection for critical workloads, covering <a href="https://www.itpro.com/cloud-backup/33760/what-is-cloud-to-cloud-backup">cloud backup</a>, archiving, and recovery. Geared towards <a href="https://www.itpro.com/technology/artificial-intelligence/2025-will-be-another-big-year-for-msps-as-kaseya-ceo-teases-earth-shattering-announcements">MSPs</a>, the cloud platform is designed to protect data, ensure business continuity, and simplify compliance.</p><p><a href="https://www.itpro.com/business/acquisition/NinjaOne-Dropsuite-Acquisition">NinjaOne said the acquisition</a> will help customers minimize ransomware risks by unifying endpoint, server, and SaaS application backup capabilities. </p><p>In an announcement, Sal Sferlazza, NinjaOne’s CEO and co-founder, described the addition as “a major step forward” in the firm’s efforts to help customers improve productivity, protect data, and build resilience.</p><p>“The addition of Dropsuite not only expands the backup protection we offer, but it also brings a team of new Ninjas whose mindset perfectly aligns with NinjaOne’s values,” he explained. </p><p>“Dropsuite’s commitment to customer success and product excellence will help us accelerate growth and better serve our customers. I couldn’t be happier to welcome our new team members to NinjaOne.” </p><h2 id="ninjaone-targets-unified-ransomware-protection">NinjaOne targets unified ransomware protection</h2><p>The acquisition comes at a time when many organizations still possess fragmented backup strategies, tools, and teams due to large amounts of endpoints, cloud applications, remote devices, and SaaS platforms.</p><p>Phil Hochmuth, program vice president at research firm IDC’s Endpoint Management & Enterprise Mobility division, said this disjointed approach introduces unnecessary complexities in IT and security.</p><p>“Amid surging <a href="https://www.itpro.com/security/28084/what-is-ransomware">ransomware </a>attacks, many organizations have a fragmented <a href="https://www.itpro.com/back-up/29084/how-to-enhance-your-backup-strategy">backup strategy</a> with a patchwork of legacy endpoint tools, bolt-on SaaS protectors, and disconnected consoles,” he said.</p><p>“This approach introduces inefficiencies and blind spots and increases the risk of operational disruptions and intentional and unintentional data loss from human error, application issues, disgruntled employees, and cyber attacks.”</p><h2 id="dropsuite-acquisition-will-boost-customer-safety">Dropsuite acquisition will boost customer safety</h2><p>With Dropsuite’s integration into the NinjaOne portfolio, the firm can now offer a unified backup suite capable of providing secure automated backups across endpoints, servers, Microsoft 365, and Google Workspace, alongside real-time archiving.</p><p>By unifying these use cases into a single platform, NinjaOne said organizations of all sizes can now simplify their workloads whilst leveraging robust data protection, simplified backup workflows, as well as enhanced security and compliance.</p><p>“Dropsuite helps organizations protect their data with intuitive yet powerful cloud backup software,” commented Charif El-Ansari, CEO at Dropsuite. </p><p>“Together with NinjaOne, we’re even better suited to make our customers successful with one integrated console that automates endpoint and SaaS application backup. We will continue to solve our customers’ biggest challenges together.”</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/business/ninjaone-secures-usd500-million-investment-at-usd5-billion-valuation">NinjaOne secures $500 million investment at $5 billion valuation</a></li><li><a href="https://www.itpro.com/security/ninjaone-unveils-new-channel-program-to-drive-partner-growth">NinjaOne unveils new channel program to drive partner growth</a></li><li><a href="https://www.itpro.com/security/ransomware/ransomware-remediation-steps-for-business-recovery">Ransomware remediation: What steps should your business take for recovery?</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Almost a third of workers are covertly using AI at work – here’s why that’s a terrible idea ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/almost-a-third-of-workers-are-covertly-using-ai-at-work-heres-what-thats-a-terrible-idea</link>
                                                                            <description>
                            <![CDATA[ Employers need to get wise to the use of unauthorized AI tools and tighten up policies ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ud8GyxCfb3qm7evDwpzkUU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/343fFDB7L23f53nCp5af3g-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 07 May 2025 12:05:57 +0000</pubDate>                                                                                                                                <updated>Wed, 07 May 2025 12:22:37 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/343fFDB7L23f53nCp5af3g-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Female software developer using AI tools on a desktop computer in an open plan office space.]]></media:description>                                                            <media:text><![CDATA[Female software developer using AI tools on a desktop computer in an open plan office space.]]></media:text>
                                <media:title type="plain"><![CDATA[Female software developer using AI tools on a desktop computer in an open plan office space.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/343fFDB7L23f53nCp5af3g-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Almost half of office workers say they're using AI tools that aren't provided by their employer, with nearly a third keeping it a secret. </p><p>For 36%, the reason is that they feel it gives them a secret advantage, while three-in-ten worry their job may be cut. More than a quarter say they're suffering from AI-fueled imposter syndrome, saying they don’t want people to question their ability. </p><p>Findings from Ivanti's <a href="https://www.ivanti.com/resources/research-reports/tech-at-work" target="_blank"><u><em>2025 Technology at Work Report: Reshaping Flexible Work</em></u></a> show that the use of AI at work is rising, with 42% of employees now using the technology in their daily workflow in 2025. </p><p>This, the study noted, marks a significant increase compared to the year prior, in which just one-quarter said they use AI in their role. </p><p>IT professionals are even keener on AI, with three-quarters using it. But even though they'd be expected to be more aware of the security risks, 38% are still using unauthorized tools.</p><p>This growing trend of covert AI use is a serious cause for concern, Ivanti noted, and as such bosses need to begin cracking down on the practice. </p><p>"Employees are using AI tools without their bosses' knowledge to boost productivity. It is crucial for employers to assume this is happening, regardless of any restrictions, and to assess the use of AI to ensure it complies with their security and governance standards," said Brooke Johnson, Ivanti chief legal counsel and SVP of HR and security. </p><p>"Employees adopting this technology without proper guidelines or approval could be fueling threat actors, violating company contracts, and risking valuable company IP."</p><h2 id="shadow-ai-could-cause-a-security-disaster">Shadow AI could cause a security disaster</h2><p>Ivanti warned that the use of unauthorized AI tools at work is putting many organizations at risk - and it isn’t the only study in the last year to emphasize the dangers. </p><p>Research from Veritas Technologies, for example, found that 38% of UK office workers said that they or a colleague had fed an LLM sensitive information such as customer financial data.</p><p>However, six-in-ten failed to realize that this could result in the leaking of confidential information and breach data privacy compliance regulations.</p><p>Meanwhile, <a href="https://www.bcs.org/articles-opinion-and-research/navigating-the-risks-of-shadow-ai/" target="_blank"><u>analysis</u></a> from BCS last year warned that staff using non-approved tools risk breaching data privacy rules, exposing themselves to potential security vulnerabilities, and even falling foul of intellectual property rights.</p><p>"To mitigate these risks, organizations should implement clear policies and guidelines for the use of <a href="https://www.itpro.com/technology/artificial-intelligence/ai-tools-critical-thinking-reliance">AI tools</a>, along with regular training sessions to educate employees on the potential security and ethical implications," said Johnson. </p><p>"By fostering an open dialogue, employers can encourage transparency and collaboration, ensuring that the benefits of AI are harnessed safely and effectively."</p><p>A raft of major firms have already cracked down on the use of AI at work, most notably Apple, which implemented strict controls on the use of <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369965/what-is-chatgpt-and-what-does-it-mean-for-businesses">ChatGPT </a>not long after it launched in late 2022. </p><p>Amazon and JP Morgan also implemented similar policies while Samsung took drastic action after discovering an accidental leak of sensitive information by an engineer who uploaded code to the popular <a href="https://www.itpro.com/networking/27171/what-is-a-chatbot">chatbot</a>. </p><p>But it's not just a question of policies, said Johnson. Indeed, organizations need to do more to monitor whether they're actually being implemented.</p><p>"Employees are using AI tools without their bosses' knowledge to boost productivity," she said.</p><p>"It is crucial for employers to assume this is happening, regardless of any restrictions, and to assess the use of AI to ensure it complies with their security and governance standards."</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/technology/artificial-intelligence/amazing-ai-tools-to-try-today">The best AI tools for businesses to try today</a></li><li><a href="https://www.itpro.com/software/development/ai-coding-tools-are-finally-delivering-results-for-enterprises-developers-are-saving-so-much-time-theyre-able-to-collaborate-more-focus-on-system-design-and-learn-new-languages">AI coding tools are finally delivering results for enterprises</a></li><li><a href="https://www.itpro.com/technology/artificial-intelligence/ai-tools-are-growing-in-popularity-at-enterprises-but-not-all-of-them-are-approved-by-employers-and-thats-a-serious-problem-for-it-and-security-leaders">AI tools are growing in popularity at enterprises, but not all of them are approved by employers</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloads ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/ico-data-protection-complaint-responses</link>
                                                                            <description>
                            <![CDATA[ The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">WBbhVdnZfcGKYb6iZveNBm</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/PUvLbhmFNRExbJ6rgzrmiA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 03 Apr 2025 09:44:45 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/PUvLbhmFNRExbJ6rgzrmiA-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Clock pictured against a purple background with snails in foreground, representing slow progress.]]></media:description>                                                            <media:text><![CDATA[Clock pictured against a purple background with snails in foreground, representing slow progress.]]></media:text>
                                <media:title type="plain"><![CDATA[Clock pictured against a purple background with snails in foreground, representing slow progress.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/PUvLbhmFNRExbJ6rgzrmiA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.</p><p>In the last quarter of 2024, the <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner’s Office (ICO)</a> responded to just 12% of complaints within 90 days, <a href="https://ico.org.uk/media2/q1ebmblw/20250331-q3-ico25-scorecard-v1-0-mb.pdf" target="_blank">figures show</a>, well down on its 80% target.</p><p>The figure was 65% at the beginning of last year, and has been dropping steadily since the fourth quarter of 2023, when it was 88%.</p><p>"Anyone who has felt the need to make a complaint to us deserves a timely response. Our current response times are not where we want them to be, and we know how frustrating this is for people who are asking for our help," said a spokesperson.</p><p>"We want to thank people for their patience while we address this issue. Our frontline staff continue to work hard to respond to all complaints and we are confident that our approach will bring about the necessary improvements. Please be assured that we continue to triage cases and prioritize those that urgently need attention."</p><p>A key factor in sluggish response rates were rising workloads, according to the ICO. The <a href="https://www.itpro.com/security/data-protection">data protection</a> watchdog said it received more than 10,000 complaints in the final quarter of 2024 - 746 more than in the same period a year earlier.</p><p>To deal with the backlog, it's recruiting another 19 staff. The watchdog also revealed it’s testing automated tools aimed at simplifying or speeding up various administrative tasks, allowing case officers to spend more time on the complaint itself.</p><p>However, it warned, things are likely to get worse before they get better.</p><h2 id="ico-woes-reflected-across-europe">ICO woes reflected across Europe</h2><p>Data protection authorities across Europe are facing a similar rise in workloads as the number of complaints skyrockets. <a href="https://fra.europa.eu/en/publication/2024/gdpr-experiences-data-protection-authorities"><u>Research</u></a> from the EU Agency for Fundamental Rights last summer concluded they've been facing an ever-mounting workload since the introduction of the GDPR, with limited staff and inadequate funding. Much of this workload comes from minor complaints.  </p><p>Dr Ilia Kolochenko, CEO at ImmuniWeb and a fellow at the British Computer Society (BCS), said these issues highlight the fact that some operational aspects of the legislation “were not properly designed”.</p><p>“National DPAs are frequently understaffed and underfunded, but flooded with the ballooning number of complaints," Kolochenko commented.</p><p>This, he added, means the authorities are forced to prioritize major cases and that taking minor cases to court is often just a waste of money. This then results in organizations adopting lax approaches to compliance.</p><p>"In order to ensure a consistent, invariable and equitable investigation and remediation of data protection violations, both EU states and the UK should consider allocating additional funds to their national DPAs to be commensurable with the volume and complexity of incoming complaints," he said. </p><p>"Otherwise, toothless enforcement regimes merely invite more violations of data protection law."</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/security/data-breaches/advanced-computer-software-group-ico-fine">NHS supplier hit with £3m fine for security failings that led to attack</a></li><li><a href="https://www.itpro.com/security/data-protection/you-must-do-better-information-commissioner-john-edwards-calls-on-firms-to-beef-up-support-for-data-breach-victims">Information Commissioner John Edwards calls on firms to beef up support for data breach victims</a></li><li><a href="https://www.itpro.com/security/data-protection/ico-threatens-enforcement-action-against-websites-with-harmful-cookie-banners">ICO threatens enforcement action against websites with 'harmful' cookie banners</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ NHS supplier hit with £3m fine for security failings that led to attack ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-breaches/advanced-computer-software-group-ico-fine</link>
                                                                            <description>
                            <![CDATA[ The Information Commissioner's Office (ICO) said Advanced Computer Software Group failed to use appropriate security measures before the 2022 attack, which put the personal information of tens of thousands of NHS patients at risk.  ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Zj3WaEijCs9axt3qppvMmH</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zoxC2QCJSmiHZA84Xve6qE-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 27 Mar 2025 10:22:35 +0000</pubDate>                                                                                                                                <updated>Thu, 27 Mar 2025 10:53:06 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/zoxC2QCJSmiHZA84Xve6qE-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[NHS logo displayed on a smartphone screen in white lettering on a blue background.]]></media:description>                                                            <media:text><![CDATA[NHS logo displayed on a smartphone screen in white lettering on a blue background.]]></media:text>
                                <media:title type="plain"><![CDATA[NHS logo displayed on a smartphone screen in white lettering on a blue background.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zoxC2QCJSmiHZA84Xve6qE-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A Birmingham-based software provider has been handed a £3 million fine for security failings that led to a <a href="https://www.itpro.com/security/28084/what-is-ransomware">ransomware </a>attack on the NHS.</p><p>The <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner's Office (ICO)</a> said Advanced Computer Software Group failed to use appropriate security measures before the 2022 attack, which put the personal information of tens of thousands of NHS patients at risk. </p><p>Advanced provided the NHS with a range of patient management and health-related products, including Adastra, Caresys, Carenotes, Odyssey, Crosscare, Staffplan, and eFinancials.</p><p>But there were gaps in its use of <a href="https://www.itpro.com/security/cyber-security/369745/what-is-mfa-fatigue">multi-factor authentication (MFA)</a>, a lack of comprehensive vulnerability scanning, and inadequate patch management, according to the <a href="https://www.itpro.com/security/data-protection">data protection</a> watchdog.</p><p>"The security measures of Advanced’s subsidiary fell seriously short of what we would expect from an organisation processing such a large volume of sensitive information," said information commissioner John Edwards. </p><p>"While Advanced had installed multi-factor authentication across many of its systems, the lack of complete coverage meant hackers could gain access, putting thousands of people’s sensitive personal information at risk."   </p><p>The hackers, believed to be the <a href="https://www.itpro.com/security/ransomware/368418/latest-lockbit-ransomware-strain-strikingly-similar-to-blackmatter">LockBit ransomware group</a>, accessed certain systems of Advanced’s health and care subsidiary via a customer account that lacked MFA. </p><p>Personal information belonging to 79,404 people was taken in the attack, including details of how to gain entry into the properties of 890 people who were receiving care at home.  </p><p>Emergency prescription services, ambulance dispatching systems, and the non-emergency 111 phone line were affected, with some healthcare staff unable to access patient records.</p><p>"People should never have to think twice about whether their medical records are in safe hands," said Edwards. </p><p>"To use services with confidence, they must be able to trust that every organisation coming into contact with their personal information – whether that’s using it, sharing it or storing it on behalf of others – is meeting its legal obligations to protect it."</p><p>The fine forms part of a voluntary settlement. And while very large, it's less than Advanced might have been facing - the ICO warned last summer in its provisional findings that it planned to hit the company with a £6.09 million penalty.</p><p>What's changed since then is the company's proactive engagement with the <a href="https://www.itpro.com/security/what-is-the-national-cyber-security-centre-ncsc-and-what-does-it-do">National Cyber Security Centre (NCSC)</a>, the National Crime Agency (NCA) and the NHS, and the steps it's taken to mitigate the risk to those impacted by the attack.  </p><p>However, the ICO said the fine sends a salutary message to other organizations that may be a bit slapdash about the security of personal data.</p><p>"With cyber incidents increasing across all sectors, my decision today is a stark reminder that organisations risk becoming the next target without robust security measures in place," said Edwards. </p><p>"I urge all organisations to ensure that every external connection is secured with MFA today to protect the public and their personal information - there is no excuse for leaving any part of your system vulnerable." </p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/security/cyber-attacks/us-healthcare-cyber-attacks-sunflower-medical-group">More than 300,000 US healthcare patients impacted in suspected Rhysida cyber attacks</a></li><li><a href="https://www.itpro.com/security/cyber-attacks-on-healthcare-organizations-are-surging-heres-why">Cyber attacks on healthcare organizations are surging</a></li><li><a href="https://www.itpro.com/security/healthcare-organizations-need-to-shake-up-email-security-practices">Healthcare organizations need to shake up email security practices</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ‘It’s your worst nightmare’: A batch of €5 hard drives found at a flea market held 15GB of Dutch medical records – and experts warn it could’ve caused a disastrous data breach ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-breaches/its-your-worst-nightmare-a-batch-of-eur5-hard-drives-found-at-a-flea-market-held-15gb-of-dutch-medical-records-and-experts-warn-it-couldve-caused-a-disastrous-data-breach</link>
                                                                            <description>
                            <![CDATA[ Robert Polet made a startling discovery after finding hard drives on sale for €5 each in a flea market. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">dRucJ2kP5kKMNkPwuKp52n</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/dKf5WtwB6mHpPCk5XnrqeR-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 04 Mar 2025 16:30:00 +0000</pubDate>                                                                                                                                <updated>Wed, 05 Mar 2025 12:27:14 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ solomon.klappholz@futurenet.com (Solomon Klappholz) ]]></author>                    <dc:creator><![CDATA[ Solomon Klappholz ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/pjZQRW2qWqQNjxubC6SUQ5.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.&lt;/p&gt;&lt;p&gt;Before he joined ITPro, Solomon graduated from the University of Warwick in 2021 with a BA (Hons) in Philosophy, Politics, and Economics which included an intercalated year studying Philosophy at the Erasmus University, Rotterdam.&lt;/p&gt;&lt;p&gt;Outside of the office, Solomon enjoys reading, visiting new art exhibitions, and playing football.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/dKf5WtwB6mHpPCk5XnrqeR-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Man browsing through items for sale at a flea market stand. ]]></media:description>                                                            <media:text><![CDATA[Man browsing through items for sale at a flea market stand. ]]></media:text>
                                <media:title type="plain"><![CDATA[Man browsing through items for sale at a flea market stand. ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/dKf5WtwB6mHpPCk5XnrqeR-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A Dutch IT company has demonstrated exactly how not to handle <a href="https://www.itpro.com/security/data-protection">data protection</a> after a number of <a href="https://www.itpro.com/server-storage/flash-storage/367837/10-things-to-consider-when-buying-an-external-hard-disk-based">hard drives</a> containing sensitive medical data were found for sale at a Belgian flea market.</p><p>First reported in Dutch broadcaster <a href="https://www.omroepbrabant.nl/nieuws/4643495/harde-schijven-vol-medische-data-verkocht-op-rommelmarkt" target="_blank"><em>Omroep Brabant</em></a><em>, </em>62-year-old Robert Polet from Breda found the hard drives on sale for roughly €5 each in a flea market after taking a pit stop on his way back from Belgium.</p><p>Polet, a computer-crazy camera enthusiast, said that on returning to his home in Breda and inspecting the hard drives, he was shocked to find they were full of medical data from the period between 2011 and 2019.</p><p>The hard drives contained the Dutch citizen service numbers (BSN), dates of birth, addresses, prescriptions, and other medical information linked to individuals from the Utrecht, Delft, and Houten regions.</p><p>After contacting the affected healthcare organisation, based in Utrecht, Polet said he was informed the data originated from an IT company that no longer exists.</p><p>Nortade ICT Solutions used to develop <a href="https://www.itpro.com/software">software </a>for the healthcare sector but exactly how the hard drives ended up at a flea market in Belgium is still unclear.</p><p>Polet told <em>Omroep Brabant</em> that once he had made the discovery he returned to the flea market to buy the rest of the hard drives, but could not ascertain where the seller had acquired them due to a language barrier.</p><h2 id="nightmare-breach-as-painful-as-anyone-can-imagine">“Nightmare” breach as “painful as anyone can imagine”</h2><p>Speaking to <em>ITPro </em>Rick Goud, CIO and co-founder at <a href="https://www.itpro.com/security/four-in-ten-employees-sacked-over-email-security-breaches-as-firms-tackle-truly-staggering-increase-in-attacks">email security</a> and file transfer platform Zivver, described the incident as a business’ ‘worst nightmare’, but noted he was not totally surprised by the incident.</p><p>“It’s your worst nightmare right? If the company wasn’t already bankrupt they probably would be by now… It is not a surprise, but of course as painful as anyone can imagine a data leak to be.”</p><p>Elaborating on this, Goud said he feels the fact that this data managed to leak via improperly handled hardware was indicative of a period where data protection was not front of mind for some organizations working with healthcare data.</p><p>“What is interesting about this case is that it’s quite old data. I think it fits the mindset of how healthcare data was treated ten years ago,” he explained.</p><p>“It’s certainly not an excuse but it is something I do recognize from the early days when I started in healthcare. Around 20 years ago you could still walk around with DVDs inside a hospital and ask the administrator to install it and put it on the mainframe and they would just do it.”</p><p>He said that thankfully the risk profile attached to data leaks, especially those affecting health data, has meant businesses take <a href="https://www.itpro.com/security/28133/what-is-cyber-security">cybersecurity</a> and data protection more seriously over the last 10 years. </p><h2 id="attitudes-around-safeguarding-data-are-changing">Attitudes around safeguarding data are changing</h2><p>Goud attributed this improvement to a higher risk awareness driven by legislation and standards such as <a href="https://www.itpro.com/it-governance/31712/what-is-iso-27001">ISO 27001</a> and the NEN 7510 which set out procedures and best practices for data protection and deprecating old <a href="https://www.itpro.com/server-storage/flash-storage/360883/the-benefits-and-drawbacks-of-flash-storage-today">storage devices</a>.</p><p>But he warned some businesses will run into this type of security weakness on a day-to-day basis, particularly when they have handed off the problem to a third party.</p><p>“They do not ask the vendor the right questions to ensure that a) as a healthcare provider they are sure that the vendor treats the data as well as they do it themselves but also think that basically by hiring somebody else to process your data that you are not responsible anymore and of course that is not true.”</p><p>Victoria Hordern, partner and data protection specialist at global law firm Taylor Wessing, told <em>ITPro </em>that as well as Nortade itself the healthcare organization that contracted it could be subject to investigation.</p><p>"The health organizations that engaged Nortrade ICT Solutions would be required to carry out appropriate due diligence before appointing a third party provider and ensuring that data security to protect the data is adequate," Horden said. </p><p>"Therefore, to the extent this incident reveals a failure to do this, they could also be subject to investigation and enforcement action from the data protection authority."</p><p>Goud added that regulations like ISO 27001 and NEN 7510 have been around for some time but only became legally enforceable on healthcare organizations roughly four years ago, noting that he feels there has been a ‘mindset shift’ in data protection since then.</p><p>“So that has significantly changed practices, until then it was something that the early adopters that had the intrinsic motivation to adequately protect healthcare pursued because, of course, it's costly to go through that kind of certification process. Nowadays it is a must have,” he said.</p><p>“In 2011 to 2019 where this data is from you would see probably 2 – 3% of suppliers and healthcare organizations had that type of certification, nowadays I would say that it’s closer to 70 or 80% in the Netherlands at least.”</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/security/malware-free-attacks-surged-in-2024-as-attackers-drop-malicious-software-for-legitimate-tools">Malware-free attacks surged in 2024 as attackers drop malicious software for legitimate tools</a></li><li><a href="https://www.itpro.com/security/nakivo-backup-flaw-still-present-on-some-systems-months-after-firms-silent-patch-researchers-claim">Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claim</a></li><li><a href="">Why government email servers are top targets for state-backed hackers</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ What is the Data Use and Access Bill? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/policy-and-legislation/data-use-and-access-bill-explained</link>
                                                                            <description>
                            <![CDATA[ Aimed at boosting efficiency in the UK, the Data Use and Access Bill is designed to cut red tape around data use. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">KymztDpbaTtgK28HCwdGxn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/dvYJkE4V4YUFg6s5Nvkq8H-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 17 Feb 2025 13:04:32 +0000</pubDate>                                                                                                                                <updated>Tue, 18 Feb 2025 09:06:10 +0000</updated>
                                                                                                                                            <category><![CDATA[Policy and Legislation]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                <author><![CDATA[ george.fitzmaurice@futurenet.com (George Fitzmaurice) ]]></author>                    <dc:creator><![CDATA[ George Fitzmaurice ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/N4xHCjSAXKcijjt3oiQtfc.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/dvYJkE4V4YUFg6s5Nvkq8H-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Westminster Parliament and the Big Ben clocktower pictured with Westminster Bridge.]]></media:description>                                                            <media:text><![CDATA[Westminster Parliament and the Big Ben clocktower pictured with Westminster Bridge.]]></media:text>
                                <media:title type="plain"><![CDATA[Westminster Parliament and the Big Ben clocktower pictured with Westminster Bridge.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/dvYJkE4V4YUFg6s5Nvkq8H-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The <a href="https://www.itpro.com/business/public-sector/government-says-new-data-bill-will-free-up-millions-of-hours-of-public-sector-time">Data Use and Access Bill</a> is a piece of legislation introduced by the UK government to allow for a greater level of <a href="https://www.itpro.com/business/policy-legislation/361798/uk-and-us-agree-on-deeper-data-sharing-partnership">data sharing</a> and data exchange within both public and private sector organizations. </p><p>Introduced to parliament <a href="https://www.itpro.com/business/public-sector/government-says-new-data-bill-will-free-up-millions-of-hours-of-public-sector-time"><u>towards the end of 2024</u></a>, the government says this bill could save millions of hours for many public sector workers as well as add an estimated £10 billion to the UK economy over a period of 10 years. The bill can be divided into seven sections <a href="https://commonslibrary.parliament.uk/research-briefings/cbp-10186/#:~:text=According%20to%20the%20government%2C%20the,pressures%20to%20the%20country's%20finances%E2%80%9D." target="_blank"><u>according to the government</u></a>, with the first centered on the enablement of “smart data” use outside the finance sector.</p><p>It would regulate the provision of digital verification services, digitalize birth and death registrations, make changes to the UK’s data protection regime, and transfer the function of the <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner’s Office (ICO)</a> to a new Information Commission.</p><p>The bill would also make further provisions about the use of or access to data in areas such as health and social care, smart meter communication services, public service delivery, and online safety. </p><p> "With laws that help us to use data securely and effectively, this Bill will help us boost the UK’s economy, free up vital time for our front-line workers, and relieve people from unnecessary admin so that they can get on with their lives," technology secretary <a href="https://www.itpro.com/business/policy-and-legislation/who-is-peter-kyle-the-uks-new-technology-secretary-and-what-are-his-plans-for-the-future-of-the-sector"><u>Peter Kyle</u></a> said at the time of the bill’s announcement.</p><p>Experts from the tech sector have broadly welcomed the legislation, commending its focus on improving efficiency. Alex Laurie, senior vice president at Ping Identity, said that any legislation of this kind is a positive step.</p><p>“From my perspective, anything that makes it easier for us to do business as a citizen is massively important,” Laurie tells <em>ITPro</em>. “If it takes time out of people's working day I think it's an important thing.”</p><h2 id="how-will-the-data-use-and-access-bill-affect-the-public-sector">How will the Data Use and Access Bill affect the public sector?</h2><p>This legislation has the public sector at its core, with many of the bill’s benefits noted by the government relating to heightening efficiencies in the UK’s police force or the National Health Service (NHS).</p><p>Within the NHS, for example, administrative processes can be very lengthy and time consuming, having a negative impact on the organization and the customer. Laurie expressed his own understanding of this, referring to a study his firm undertook regarding disabled parking permits. </p><iframe allow="" height="200px" width="100%" data-lazy-priority="low" data-lazy-src="https://widget.spreaker.com/player?episode_id=62749338&theme=light&playlist=false&playlist-continuous=false&chapters-image=true&episode_image_position=right&hide-logo=true&hide-likes=true&hide-comments=true&hide-sharing=true&hide-download=true"></iframe><p>“We did an analysis a few years ago on how many agencies and individual units were involved in getting a blue badge for someone, and it was like 35 different steps, which all needed identification, verification, proof,” Laurie says. </p><p>This bill will likely hone in on a set concept of data portability, Laurie adds, which is an important step forward in speeding up these sorts of processes. Lauren Wills-Dixon, solicitor at Gordons, tells <em>ITPro </em>the bill will also lay out a more coherent, straightforward idea of what data can be used and for what purposes.</p><p>“The bill introduces this concept of recognized <a href="https://www.itpro.com/technology/artificial-intelligence/generative-ai-training-in-the-crosshairs-as-ico-set-to-examine-legality-of-personal-data-use">legitimate interest</a> to give organizations certainty,” she says.</p><p>Wills-Dixon explains that it will recognize several legitimate interests including national security processing, emergency response, and safeguarding efforts.  </p><p>It will also cut red tape in the public sector, according to Richard Fayers, data and analytics practice lead at Slalom, reducing the lengths that workers have to go to in recording personal data use.</p><h2 id="how-will-the-data-use-and-access-bill-affect-the-private-sector">How will the Data Use and Access Bill affect the private sector?</h2><p>While there’s a huge opportunity in the public sector space, Fayers is keen to point out how elements of the bill – such as the smart data schemes – will likely drive innovation across the private sector landscape. </p><p>For example, he suggests the bill could introduce a greater level of openness for UK businesses and turn attention towards open standards akin to what has been seen in the finance sector with <a href="https://www.itpro.com/policy-legislation/30661/what-is-open-banking"><u>open banking</u></a>. Fayers sees massive opportunities across sectors by building on this interoperability of data. </p><p>There may also be better forecasting of public demand through a pooling of company information, Fayers adds, as well as the potential for businesses to share data to offer collaborative schemes or experiences to customers. Businesses could then give customers a unified profile that works from company to company.   </p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="LjWdHEMBU3LCLK4bVET7Rg" name="Understanding Least Privileges.jpg" caption="" alt="Understanding Least Privileges" src="https://cdn.mos.cms.futurecdn.net/LjWdHEMBU3LCLK4bVET7Rg.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: CyberFox)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/understanding-least-privileges"><em>Protect your company from ransomware attacks</em></a></p></div></div><p>Bill Wright, global head of government affairs at Elastic, echoes some of these predictions for potential advantages to the private sector. The bill will allow firms in every sector to access and analyze consumer data more effectively, Wright tells <em>ITPro</em>. </p><p>“Simplifying the data sharing rules are going to, maybe, break down some of those silos between industries and create some opportunities for startups to compete with some of the more established players,” Wright says. </p><p>It may even increase foreign investment into the UK, Wright says finally, by showing those outside the UK that the country has a data processing environment both predictable and innovative. </p><h2 id="what-do-it-leaders-need-to-know-about-compliance">What do IT leaders need to know about compliance?</h2><p>As with any new piece of legislation, the data use and access bill will require some degree of reorganization from firms when it comes to ensuring compliance. That being said, Wills-Dixon predicts companies that are already compliant with <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a> don't face serious challenges to becoming compliant with the Data Use and Access Bill.</p><p>“If you're carrying out research, statistical use of data, or processing in the public interest and things like that, then it will help, but for most commercial organizations, your obligations are going to be very similar as drafted,” Wills-Dixon adds. </p><p>That said, Fayers warns the new Information Commission will have enhanced enforcement powers and businesses will also need to ensure they can demonstrate robust security and data governance. This will demand a greater focus on compliance certification and accountability frameworks, Fayers says. </p><p>“If you're seen to be transparent – if you're providing customers with assurance and visibility of how you're managing this risk as well – that could also be seen as a benefit, whilst there's a cost,” Fayers concludes.</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/software/development/what-is-chaos-engineering-and-how-can-it-benefit-businesses">What is chaos engineering and how can it benefit businesses?</a></li><li><a href="https://www.itpro.com/business/business-strategy/what-is-quiet-firing">What is quiet firing?</a></li><li><a href="https://www.itpro.com/security/i-love-magic-links-why-arent-more-services-using-them">Why magic links should be the default password replacement</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Tech leaders worry AI innovation is outpacing governance ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/tech-leaders-worry-ai-innovation-is-outpacing-governance</link>
                                                                            <description>
                            <![CDATA[ Business execs have warned the current rate of AI innovation is outpacing governance practices. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">suQ4oVoZzZPxfUqifTW3VM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SbReddXybRDUpfjmS5jrRA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 17 Feb 2025 11:08:18 +0000</pubDate>                                                                                                                                <updated>Mon, 17 Feb 2025 16:15:32 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SbReddXybRDUpfjmS5jrRA-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[C-suite executives in an open plan office space discussing AI strategy plans.]]></media:description>                                                            <media:text><![CDATA[C-suite executives in an open plan office space discussing AI strategy plans.]]></media:text>
                                <media:title type="plain"><![CDATA[C-suite executives in an open plan office space discussing AI strategy plans.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SbReddXybRDUpfjmS5jrRA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The rapid growth of AI is outpacing effective governance, researchers have warned, with business leaders desperate for more clarity on regulation.</p><p>NTT Data’s <em>Responsibility Gap Survey</em> of C-suite executives concludes that there's an urgent need for stronger AI leadership, balancing innovation with responsibility.</p><p>Eight-in-ten said a lack of clear policies is preventing them from scaling generative AI initiatives​, and that unclear government regulations are hindering AI investment and implementation, leading to delayed adoption.</p><p>And while nine-in-ten executives said they worry about AI security risks, only a quarter of <a href="https://www.itpro.com/technology/artificial-intelligence/how-cisos-are-navigating-the-slippery-ai-data-protection-problem">CISOs </a>said they have a robust governance framework​.</p><p>"The enthusiasm for AI is undeniable, but our findings show that innovation without responsibility is a risk multiplier," said NTT Data CEO Abhijit Dubey.</p><p>"Organizations need leadership-driven <a href="https://www.itpro.com/business/digital-transformation/why-ai-governance-is-a-business-imperative-for-scaling-enterprise-ai">AI governance</a> strategies to close this gap — before progress stalls and trust erodes."</p><p>There's a big split amongst C-suite executives about the appropriate balance between safety and innovation. A third of executives believe responsibility matters more than innovation, one-third think the opposite, and one-third rates them equally.</p><p>There are also concerns about sustainability, with three-quarters of leaders saying that their AI ambitions conflict with corporate <a href="https://www.itpro.com/business/business-strategy/organizations-failing-to-use-tech-to-reach-sustainability-goals">sustainability goals</a>, forcing them to rethink energy-intensive AI solutions.</p><p>Additionally, two-thirds of executives say their employees <a href="https://www.itpro.com/technology/artificial-intelligence/office-workers-lack-the-skills-to-use-generative-ai-tools-safely-and-accurately">lack the skills to work effectively with AI</a>, while 72% admit they don't have an AI policy in place to guide responsible use.</p><p>NTT Data recommends introducing Responsible by Design Principles, building AI responsibly from the ground up and, integrating security, compliance, and transparency into development from day one.</p><p>Leaders need a systematic approach to <a href="https://www.itpro.com/technology/30736/what-is-ethical-ai">ethical AI</a> standards, going beyond legal requirements, and organizations should upskill employees to work alongside AI and ensure teams understand AI’s risks and opportunities.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Cts9fu8YjHFYquTtQN9gg6" name="Optimizing AppSec in the financial services sector.jpg" caption="" alt="Optimizing AppSec in the financial services sector" src="https://cdn.mos.cms.futurecdn.net/Cts9fu8YjHFYquTtQN9gg6.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Snyk)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/optimizing-appsec-in-the-financial-services-sector"><em>Crush complexities when making financial services apps</em></a></p></div></div><p>Meanwhile, there needs to be global collaboration on <a href="https://www.itpro.com/security/data-protection/linkedin-backtracks-on-controversial-ai-training-rules-after-user-backlash">AI policy</a>, with businesses, regulators, and industry leaders coming together to create clearer, actionable AI governance frameworks and establish global AI standards. </p><p>"<a href="https://www.itpro.com/strategy/28181/what-is-ai">AI’s </a>trajectory is clear — its impact will only grow. But without decisive leadership, we risk a future where innovation outpaces responsibility, creating security gaps, ethical blind spots, and missed opportunities," said Dubey. </p><p>"The business community must act now. By embedding responsibility into AI’s foundation—through design, governance, workforce readiness, and ethical frameworks—we unlock AI’s full potential while ensuring it serves businesses, employees, and society at large equally."</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/security/data-protection/ai-and-data-protection-what-businesses-need-to-know">Everything you need to know about AI and data protectio</a>n</li><li><a href="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures">Why your business needs data protection policies</a></li><li><a href="https://www.itpro.com/security/data-protection/a-lack-of-ai-guidance-is-causing-gdpr-headaches-for-uk-businesses">A lack of AI guidance is causing serious GDPR headaches</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Data sovereignty a growing priority for UK enterprises ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/data-sovereignty-a-growing-priority-for-uk-enterprises</link>
                                                                            <description>
                            <![CDATA[ Many firms view data sovereignty as simply a compliance issue ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">FyLycq6vMnFUPuUFQUQf76</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xkQgjAQz4nkyYRRWxZBSwP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 31 Jan 2025 13:38:37 +0000</pubDate>                                                                                                                                <updated>Fri, 31 Jan 2025 16:21:07 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xkQgjAQz4nkyYRRWxZBSwP-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Digital generated image of data.]]></media:description>                                                            <media:text><![CDATA[Digital generated image of data.]]></media:text>
                                <media:title type="plain"><![CDATA[Digital generated image of data.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xkQgjAQz4nkyYRRWxZBSwP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The push towards <a href="https://www.itpro.com/security/data-protection/why-the-matrix-offers-valuable-lessons-on-data-sovereignty-for-channel-partners">data sovereignty</a> continues, with 51% of UK organizations now acknowledging it as a crucial aspect of their <a href="https://www.itpro.com/strategy/29269/what-is-data-management">data management</a> strategy.</p><p>According to a study of 500 IT decision makers in large organizations carried out by <a href="https://www.itpro.com/infrastructure/data-centres/ovhcloud-just-open-sourced-its-data-center-liquid-cooling-system-heres-why">OVHcloud</a>, more than three-quarters said they believe data sovereignty is now more important to their organization than it was three years ago.</p><p>However, their views on data sovereignty varied considerably. Four-in-ten said they saw it primarily as a compliance issue, while 36% saw it as a question of data access, handling or storage, and 28% as relating to data portability.</p><p>"Forty one percent of UK organizations told us that data sovereignty is simply something to be complied with," said Matt Tebay, <a href="https://www.itpro.com/cloud/34476/what-is-multi-cloud">multi-cloud</a> evangelist at OVHcloud. </p><p>"However, forty two percent said that it was important to customers, and therefore an asset to them and their businesses. This shows a change in how companies have traditionally seen <a href="https://www.itpro.com/cloud/cloud-computing/what-is-a-sovereign-cloud">data sovereignty</a>, and an evolution of how they’re approaching it more broadly."</p><p>Businesses are willing to pay the extra, with almost two thirds of organizations saying they were happy to pay between 11% and 30% more for a sovereign technology product that would meet all of their <a href="https://www.itpro.com/business/policy-legislation/357172/eu-seeks-new-regulatory-powers-against-big-tech-firms">regulatory and sovereignty needs</a>.</p><p>Only 6.5% said they weren't willing to pay more than normal for a <a href="https://www.itpro.com/cloud/cloud-computing/sovereign-cloud-demand-is-truly-global-according-to-oracle-and-the-company-is-well-placed-to-capitalize-on-it">sovereign product</a>.</p><p>“Data sovereignty is gaining maturity, but it’s not an easy matter. Twenty-three per cent of <a href="https://www.itpro.com/business/careers-and-training/the-best-linkedin-courses-for-it-decision-makers">IT decision makers</a> told us that they viewed data sovereignty as ‘complex and full of drama’, and 27% said that they thought it was comparable to the hit TV show The Office – and if they didn’t laugh, they’d cry," said Tebay.</p><p>"Clearly, the intersection of customer trust, technology, regulation and commercial considerations can make for a <a href="https://www.itpro.com/business-strategy/careers-training/356531/tech-leaders-share-how-to-break-into-the-tech-industry">challenging journey</a>, but it’s an important one and like all journeys, the first step is the most important."</p><p>Data sovereignty is becoming a growing necessity, thanks to concerns over privacy and the potential for data to be accessed by other nation states. </p><p>While the <a href="https://www.itpro.com/business/policy-legislation/369036/eu-to-introduce-strict-iot-security-regulation">EU</a> has been in the lead in introducing regulations, other governments are moving to bring similar rules, including <a href="https://www.itpro.com/162339/egypt-forecasting-internet-problems-for-another-10-days">Egypt</a>, Singapore, the <a href="https://www.itpro.com/cloud/amazon-web-services-aws/368908/aws-announces-new-region-in-united-arab-emirates">United Arab Emirates</a> (UAE), and the US.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="4NRugTirU23u982cbhNrue" name="AI demands new ways of data management 2.jpg" caption="" alt="Shipping dock with container units" src="https://cdn.mos.cms.futurecdn.net/4NRugTirU23u982cbhNrue.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: IBM)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/ai-demands-new-ways-of-data-management"><em>Integrate applications across the entire IBM database portfolio</em></a></p></div></div><p>According to <a href="https://www.itpro.com/business-operations/30577/gartner-25-of-customer-service-operations-will-use-chatbots-by-2020">Gartner</a>, by 2027 data sovereignty will be one of the two top criteria, along with sustainability, when evaluating public cloud generative AI services. </p><p>"Digital sovereignty will drive the need to include cloud providers that can meet the evolving and unique requirements of sovereign operations no matter the region they operate in," said Sid Nag, vice president analyst at Gartner.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ UK businesses patchy at complying with data privacy rules ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/privacy/uk-businesses-patchy-at-complying-with-data-privacy-rules</link>
                                                                            <description>
                            <![CDATA[ Companies need clear and well-defined data privacy strategies ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">hHWXdLaLbPPrkzDi2wHQ65</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/E6CWYG29ZoytTeEWF72mcS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 24 Jan 2025 12:53:32 +0000</pubDate>                                                                                                                                <updated>Mon, 27 Jan 2025 16:14:45 +0000</updated>
                                                                                                                                            <category><![CDATA[Privacy]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/E6CWYG29ZoytTeEWF72mcS-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Electronic network data security, data protection and electronic technology, financial network security]]></media:description>                                                            <media:text><![CDATA[Electronic network data security, data protection and electronic technology, financial network security]]></media:text>
                                <media:title type="plain"><![CDATA[Electronic network data security, data protection and electronic technology, financial network security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/E6CWYG29ZoytTeEWF72mcS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Only half of UK businesses are fully complying with all data privacy regulations and industry guidelines - an improvement, but not much of one.</p><p>Research from Zoho Digital found that the figure has risen from 2023's 42%, but that many businesses still need to improve their data practices.</p><p>On the plus side, transparency of data practices emerged as a growing strength, with 50% of respondents saying that their data privacy policies are clear, simple, and transparent, up from just 33% in 2023. </p><p>"According to Zoho’s Digital Health survey, businesses must improve transparency around data usage as a clear step toward ethical behaviour," said Sachin Agrawal, Zoho managing director. </p><p>“This will play an important role in improving customer experience, strengthening customer relationships."</p><p>The survey revealed that 47% of businesses now view data privacy as a critical part of their success, and that 46% conduct regular data privacy training for employees.</p><p>However, it also identified serious gaps where businesses are falling behind. Only three-in-ten businesses reported going beyond requirements to provide additional protection for customer and employee data.</p><p>This, Zoho noted, suggests that while businesses are meeting their compliance requirements, few are taking proactive steps to enhance data protection.</p><p>"In an increasingly data-driven world, organisations must prioritize data privacy throughout their operations. It is encouraging to see the growing recognition of data privacy’s role in driving business policies, but there is still a lot of progress to be made," said Agrawal. </p><p>"To unlock the full transformative potential of technologies like AI, businesses must have clear and well-defined data strategies which both protect customer and employee data but enable flexibility of use in the right way."</p><p>The report comes hot on the heels of research from ISACA, which found only a third of <a href="https://www.itpro.com/security/privacy/data-privacy-professionals-are-severely-underfunded-and-its-only-going-to-get-worse">data privacy professionals are confident in their organization’s ability to safeguard sensitive data</a>, and just a quarter follow Privacy by Design best practices.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="4FaxkYpuDpkr6ksE4TzLvU" name="Integrating Copilot With CDW" caption="" alt="Integrating Copilot With CDW" src="https://cdn.mos.cms.futurecdn.net/4FaxkYpuDpkr6ksE4TzLvU.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: CDW | Microsoft)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/integrating-copilot-with-cdw"><em>Seamlessly embed AI into your business processes</em></a></p></div></div><p>Their teams underfunded, they said, and more than half told ISACA they expect budgets to decline this year.</p><p>ISACA warned that many organizations risk falling foul of <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a> and new legal frameworks such as the Digital Services Act and <a href="https://www.itpro.com/technology/artificial-intelligence/eu-ai-act-everything-you-need-to-know-about-the-legislation-including-rules-requirements-and-who-will-be-forced-to-comply">EU AI Act</a>. </p><p>Recently, Charlie Bromley-Griffiths, senior legal counsel at legal document management software form Conga, told <em>ITPro </em>that UK businesses had made substantial strides in aligning with privacy legislation. </p><p>"Companies have implemented stronger data governance policies, enhanced security protocols and prioritized the rights of data subjects," she said. "However, challenges still remain, particularly for small and medium-sized enterprises struggling with the complexity and cost of full compliance."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ GDPR fines might’ve dipped last year, but don’t get complacent – personal liability risks are rising ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/gdpr/gdpr-fines-mightve-dipped-last-year-but-dont-get-complacent-personal-liability-risks-are-rising</link>
                                                                            <description>
                            <![CDATA[ A decrease in big GDPR fines doesn’t mean it’s plane sailing for enterprises in 2025 ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sXx3K7v5FyMfXE3orVGtPS</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/2PNfqhutSeDbXWYknvreHR-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 22 Jan 2025 11:54:01 +0000</pubDate>                                                                                                                                <updated>Wed, 22 Jan 2025 14:42:38 +0000</updated>
                                                                                                                                            <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/2PNfqhutSeDbXWYknvreHR-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[GDPR concept image showing &#039;GDPR&#039; lettering on a digital interface with padlock icons protruding from the center.]]></media:description>                                                            <media:text><![CDATA[GDPR concept image showing &#039;GDPR&#039; lettering on a digital interface with padlock icons protruding from the center.]]></media:text>
                                <media:title type="plain"><![CDATA[GDPR concept image showing &#039;GDPR&#039; lettering on a digital interface with padlock icons protruding from the center.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/2PNfqhutSeDbXWYknvreHR-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The number of <a href="https://www.itpro.com/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid">GDPR fines</a> issued last year fell by a third compared with 2023 , according to new research, but this doesn't mean data protection authorities are getting any softer.</p><p>DLA Piper's <a href="https://www.dlapiper.com/en-gb/insights/publications/2025/01/dla-piper-gdpr-fines-and-data-breach-survey-january-2025" target="_blank"><u><em>GDPR Fines and Data Breach Survey</em></u></a><em> </em>found that €1.2 billion in penalties was issued during the year, down 33%. This marks the first time the amount has fallen since the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a> was introduced in May 2018.</p><p>Thanks to the many tech firms headquartered in the country, Ireland remains the biggest enforcer, with the Irish Data Protection Commission issuing €3.5 billion in fines since May 2018.</p><p>That's more than four-times the value of fines issued by the second-placed Luxembourg Data Protection Authority, which has issued €746.38 million over that time. Total fines reported since the start of GDPR in 2018 now stand at €5.88 billion.</p><p>But DLA Piper said last year's big drop doesn't represent a weakening of enforcement; the year-on-year trend remains upwards.  </p><p>It's actually due to a skewing of the 2023 figures by the record-breaking <a href="https://www.itpro.com/security/data-protection/meta-to-fight-unjustified-record-dollar13-billion-gdpr-fine">€1.2 billion penalty issued by the Irish DPC against Meta</a> in 2023, which remains the largest ever imposed.</p><p>"The headline figures in this year's survey have, for the first time ever, not broken any records so you may be forgiven for assuming a cooling of interest and enforcement by Europe's data regulators. This couldn't be further from the truth," said Ross McKean, partner and chair of DLA Piper's UK data protection and cyber practice. </p><p>"From growing enforcement in sectors away from big tech and social media, to the use of the GDPR as an incumbent guardrail for AI enforcement as AI specific regulation falls into place, to significant fines across the likes of Germany, Italy and the Netherlands, and the UK's shift away from fine-first enforcement – GDPR enforcement remains a dynamic and evolving arena."</p><p>It's still the big tech companies and social media giants that are getting the biggest fines, with nearly all of the top ten largest fines since 2018 imposed on firms operations in this sector. </p><p>Across 2024, the Irish Data Protection Commission issued fines of <a href="https://www.itpro.com/security/data-protection/linkedin-fined-eur310-million-for-gdpr-breaches">€310 million against LinkedIn</a> and €251 million (£208m) against Meta. In August 2024, the Dutch Data Protection Authority issued a fine of €290 million against a well-known ride-hailing app.  </p><p>The UK was an outlier in 2024, issuing very few fines. Information Commissioner John Edwards previously noted that he wasn’t in favor of issuing fines. </p><p>Edwards said these were unlikely to have significant impact and would tie the <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">ICO</a> up in years of litigation.</p><h2 id="gdpr-fines-mirrored-by-personal-liability-risks">GDPR fines mirrored by personal liability risks</h2><p>Perhaps most significantly, there's been an increased focus on failures in governance and oversight, with some specifically calling out failings of management bodies. </p><p>Most notably, the Dutch Data Protection Commission announced an investigation into whether it can hold the directors of Clearview AI <a href="https://www.itpro.com/security/data-breaches/threat-of-personal-liability-has-cisos-sweating">personally liable</a> for numerous <a href="https://www.itpro.com/security/gdpr-fines-just-6-of-the-total-cost-of-data-breaches">GDPR breaches</a>, following a €30.5 million fine against the company. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="phuxQVkJh9chhLuGNCqKKA" name="Giving your people the tools to stay productive, wherever they spend their working day" caption="" alt="Giving your people the tools to stay productive, wherever they spend their working day" src="https://cdn.mos.cms.futurecdn.net/phuxQVkJh9chhLuGNCqKKA.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Virgin Media O₂ Business and Samsung)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business/business-strategy/giving-your-people-the-tools-to-stay-productive-wherever-they-spend-their-working-day"><em>Freedom to work where you want</em></a></p></div></div><p>DLA Piper said this potentially signals a shift in focus by regulators, who recognize the power of personal liability to focus minds and drive better compliance.  </p><p>"For me, I will mostly remember 2024 as the year that GDPR enforcement got personal," said McKean. </p><p>"As the Dutch DPA champions personal liability for the management of  Clearview AI, 2025 may well be the year that regulators pivot more to naming and shaming and personal liability to drive data compliance."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Four years on, how's UK GDPR holding up? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/gdpr/four-years-on-hows-uk-gdpr-holding-up</link>
                                                                            <description>
                            <![CDATA[ While some SMBs are struggling, most have stepped up to the mark in terms of data governance policies ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">PCUFe9zbJJEQSsBpg9nG7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/JvFEHz3W8DCoZC4MakWaVo-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 03 Jan 2025 12:05:55 +0000</pubDate>                                                                                                                                <updated>Mon, 06 Jan 2025 17:24:42 +0000</updated>
                                                                                                                                            <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/JvFEHz3W8DCoZC4MakWaVo-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[UK map concept art showing digitized UK landmass outline in blue.]]></media:description>                                                            <media:text><![CDATA[UK map concept art showing digitized UK landmass outline in blue.]]></media:text>
                                <media:title type="plain"><![CDATA[UK map concept art showing digitized UK landmass outline in blue.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/JvFEHz3W8DCoZC4MakWaVo-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>It's been four years since the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">UK General Data Protection Regulation (GDPR) </a>came into force after the UK left the European Union (EU). </p><p>However, while the UK legislation remains aligned with that of the EU, it gives the UK the independence to keep the framework under review.</p><p>Like the EU GDPR, the UK version places requirements on organizations that process personal data, based on seven principles: lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality and accountability. </p><p>Charlie Bromley-Griffiths, senior legal counsel at legal document management software form Conga, said that while the legislation has delivered marked benefits, lingering issues remain.</p><p>"Over the last four years, UK businesses have made substantial strides in aligning with UK GDPR requirements. Companies have implemented stronger data governance policies, enhanced security protocols and prioritized the rights of data subjects," Bromley-Griffiths said.</p><p>"However, challenges still remain, particularly for small and medium-sized enterprises struggling with the complexity and cost of full compliance. GDPR mandates stringent measures to safeguard consumer data, which includes data storage, processing and transfer practices, all of which impacts organizations’ data strategies and operational costs."</p><p>Brexit has also caused issues with regard to the transfer of personal data between the UK and the European Economic Area (EEA), along with UK controllers who have an establishment or customers in the EEA, or who monitor individuals in the area. </p><p>While the EU GDPR still applies to this processing, the way organizations interact with European data protection authorities has changed.</p><p>"The international data landscape is now rather complex. UK businesses handling data from the European Union (EU) must also comply with the EU GDPR," said Bromley-Griffiths. </p><p>"Then, of course, there is the <a href="https://www.itpro.com/business/policy-and-legislation/us-uk-data-bridge-everything-you-need-to-know">US-UK data bridge</a>, which forms part of the <a href="https://www.itpro.com/business/policy-and-legislation/eu-us-data-transfer-framework-will-be-overturned-within-five-years-says-expert">EU-US Data Privacy Framework</a> and permits the flow of EU-based data to the United States under certain conditions." </p><p>All this, she said, highlights the importance of maintaining two or more compliance strategies to make sure operations across borders go smoothly – and, ultimately, keep the trust of customers, reassuring them that their data is safe.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="69vPgVDk9D2V2RrxrY7DjV" name="The Business Value of Dell PowerFlex_listing.jpg" caption="" alt="A whitepaper from Dell and Intel on the business value of Dell Powerflex, with image of data  in a funnel shape" src="https://cdn.mos.cms.futurecdn.net/69vPgVDk9D2V2RrxrY7DjV.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Dell | Intel)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-storage/the-business-value-of-dell-powerstore"><em>Dell PowerStore could improve your business performance</em></a></p></div></div><p>Looking ahead, Bromley-Griffiths expects regulatory bodies to look at cracking down harder on repeat offenders or businesses that have suffered significant data breaches. </p><p>Meanwhile, the UK GDPR is likely to be amended, with the introduction last October of the Data Use and Access Bill in the House of Lords. With this bill, and in future, the UK is unlikely to diverge significantly from EU legislation. </p><p>It currently enjoys 'data adequacy' with the EU, meaning that personal data can be transferred freely between the two. If this were lost, it could be an economic disaster.</p><p>However, more minor changes, said Bromley-Griffiths, could be on the cards.</p><p>"Given how quickly cyber threats are evolving, the UK GDPR standards may be updated. Businesses need to have the appropriate tools and measures in place to ensure that they are ready to adapt to any legislative changes," she said. </p><p>"Organizations must remain committed to investing in their employee’s ongoing education but also in the right technology to safeguard personal data."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ NatWest just banned staff from using WhatsApp at work – here’s why ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/natwest-just-banned-staff-from-using-whatsapp-at-work-heres-why</link>
                                                                            <description>
                            <![CDATA[ Allowing staff to use communication channels outside an organization's control can create serious problems ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">QaVbhYCmLeFDyFP3YkemaV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/52jDDZYBjbnBY8QebT8ayH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 13 Nov 2024 11:39:49 +0000</pubDate>                                                                                                                                <updated>Wed, 13 Nov 2024 15:47:52 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ george.fitzmaurice@futurenet.com (George Fitzmaurice) ]]></author>                    <dc:creator><![CDATA[ George Fitzmaurice ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/N4xHCjSAXKcijjt3oiQtfc.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/52jDDZYBjbnBY8QebT8ayH-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[NatWest logo and branding pictured on a storefront in Bishopsgate, City of London.]]></media:description>                                                            <media:text><![CDATA[NatWest logo and branding pictured on a storefront in Bishopsgate, City of London.]]></media:text>
                                <media:title type="plain"><![CDATA[NatWest logo and branding pictured on a storefront in Bishopsgate, City of London.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/52jDDZYBjbnBY8QebT8ayH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>UK bank NatWest has blocked staff from using a range of unapproved messaging apps in a bid shake up internal communications practices. </p><p>According to <a href="https://www.bbc.co.uk/news/articles/cvgl72lrd50o"><u>reports from the </u><u><em>BBC</em></u></a>, NatWest has removed access to consumer messaging platforms such as <a href="https://www.itpro.com/business/marketing-and-comms/whatsapp-business-prices-are-set-to-change-heres-what-you-need-to-know">WhatsApp</a>, Facebook Messenger, and <a href="https://www.itpro.com/software/355452/skype-review-retrofitted-for-the-modern-age">Skype</a> on work devices, telling staff to stick to approved channels instead. </p><p>"Like many organizations, we only permit the use of approved channels for communicating about business matters, whether internally or externally," a NatWest statement said.</p><p>Approved channels keep a record of communications where other messaging applications may not store messages. Several big-name banks in the US, such as JPMorgan Chase and <a href="https://www.itpro.com/security/privacy/wells-fargo-firing-staff-for-using-mouse-jiggler-tools-raises-questions-over-employee-privacy-wellbeing">Wells Fargo</a>, have received regulatory flack over staff using poorly recorded comms channels. </p><p>While this practice is particularly important in financial services or other industries where high-risk data is processed, using proper communication channels is crucial for any enterprise, Element CEO Matthew Hodgson told <em>ITPro</em>.</p><p>“An organization’s choice of communication tool is not merely a technical decision but a governance imperative, which is of particular importance to financial sector organizations like NatWest, given the sensitive nature of the data they handle everyday,” Hodgson said. </p><p>“Anything less risks not just operational inefficiency, but the very foundations of accountability,” Hodgson added. </p><p>Despite this, restrictions of this kind have reported limited success. <a href="https://www.globalrelay.com/resources/guides-reports/industry-insights-report-compliant-communications-2023/"><u>A 2023 report from Global Relay</u></a> found that while 59% of respondents had committed to bans on WhatsApp and similar applications, only 2.6% considered the move an effective solution that would withstand regulatory scrutiny. </p><h2 id="good-comms-is-good-business">Good comms is good business</h2><p>Selecting specific communication tools for business use can help in a variety of ways, according to Robert Cruz, VP of information governance at Smarsh. For example, it can make the governance process of evaluating new communications tools evergreen. </p><p>“New tools will emerge, and clients will continue to ask to engage on tools that are not currently supported. Having a process in place allows you to be agile and responsive to the business while ensuring that your controls are effective,” Cruz told <em>ITPro</em>. </p><p>Cruz gave the example of a business wanting to conduct communications on <a href="https://www.itpro.com/security/cyber-security/364260/how-telegram-became-ukraine-digital-ally-russia-war">Telegram</a>, which would only be possible if the business had determined it could manage the technology and potential compliance risks. </p><p>Having approved comms guidelines also allows staff from different departments to input into comms decision-making, Cruz said. Employees may have preferences for new tools, he added, and stakeholders from across the businesses can help decide whether the benefits exceed the risk if comms management is in place. </p><h2 id="comms-management-is-a-boon-for-it">Comms management is a boon for IT </h2><p>Concerning the IT department specifically, clear-cut comms policies can enable more efficient and more effective responses to certain problems in the business, Cruz said. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="VtyZ7K4Wd5ZPGukzfXAsNF" name="Reduce Cyber Risk, Stay in Business.jpg" caption="" alt="Reduce Cyber Risk, Stay in Business" src="https://cdn.mos.cms.futurecdn.net/VtyZ7K4Wd5ZPGukzfXAsNF.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: NordPass)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/reduce-cyber-risk-stay-in-business"><em>The ultimate guide to cyber insurance</em></a></p></div></div><p>Such problems include regulatory inquiry, litigation, or internal investigations, which can be dealt with as and when they arise. The alternative here could become time-consuming and an inexact process that requires collecting content from a range of unmanaged sources and devices. </p><p>It also allows IT teams to manage data protection guardrails across communication channels in a comprehensive manner, Cruz said, which can aid in matters of security and ensuring compliance.   </p><p>“The due diligence that goes into determining which tools can be approved for use (typically, via IT partnership with compliance) can eliminate surprising vendor practices later,” Cruz added.  </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ “You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/you-must-do-better-information-commissioner-john-edwards-calls-on-firms-to-beef-up-support-for-data-breach-victims</link>
                                                                            <description>
                            <![CDATA[ Companies need to treat victims with swift, practical action, according to the ICO ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">n3sbnye4MrrAGt6A2d9i8k</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/UzcUMaRy2zzheRGACjK4si-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 30 Oct 2024 09:26:57 +0000</pubDate>                                                                                                                                <updated>Wed, 30 Oct 2024 14:32:05 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/UzcUMaRy2zzheRGACjK4si-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cyber security concept image showing a digitized padlock sitting on a blue colored circuit board.]]></media:description>                                                            <media:text><![CDATA[Cyber security concept image showing a digitized padlock sitting on a blue colored circuit board.]]></media:text>
                                <media:title type="plain"><![CDATA[Cyber security concept image showing a digitized padlock sitting on a blue colored circuit board.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/UzcUMaRy2zzheRGACjK4si-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The UK Information Commissioner’s Office (ICO) is calling on organizations to do more to support victims after a data breach.</p><p>According to ICO figures, nearly 30 million people in the UK have experienced a data breach. In total, 55% of UK adults reported having had their data lost or stolen, with 30% of them experiencing emotional distress as a result. </p><p>However, a quarter said they received no support from the organizations responsible and 32% found out about the breach via the media, rather than from the organization itself.</p><p>Information Commissioner John Edwards said the figures highlight that many organizations “fail to fully appreciate the harm they cause then they mishandle personal data”. </p><p>Edwards urged enterprises to act with “empathy and action” when dealing with data breach victims. </p><p>"Today, I want to issue a stark warning to organizations across the country: you must do better," he said.</p><p>"When a data breach occurs, it’s not just an admin error – it is a failure to protect someone. In many cases if that someone is in a vulnerable situation, they are already facing innumerable personal challenges, or they may be at risk of harm."</p><p>Qualitative research conducted by the ICO, meanwhile, found people have had to move homes, felt forced out of their jobs, and faced discrimination as a result of data breaches. Analysis from the data protection watchdog found the real impact on their life was insufficiently recognized by the organization responsible.</p><h2 id="ico-issues-updated-guidance-for-organizations">ICO issues updated guidance for organizations</h2><p>New <a href="https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/communicating-with-empathy-after-a-data-breach/"><u>guidance </u></a>issued by the ICO calls on organizations to assess the risks to the individuals involved, and carry out its reporting and notification duties promptly.</p><p>They should acknowledge what has happened to people affected by a breach, be human and accessible in their response, and commit to making sure it doesn’t happen again.</p><p>Similarly, organizations should share ICO guidance with people affected by a breach, and make sure that staff have access to the ICO toolkit of resources. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="yfa59aYW8BdNLSkCxFkR8M" name="How to convince your management that NordPass is a necessary tool in your company.jpg" caption="" alt="How to convince your management that NordPass is a necessary tool in your company" src="https://cdn.mos.cms.futurecdn.net/yfa59aYW8BdNLSkCxFkR8M.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: NordPass)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/how-to-convince-your-management-that-nordpass-is-a-necessary-tool-in-your-company"><em>Keep your company’s sensitive data secure</em></a></p></div></div><p>Another key focus should be implementing changes to corporate culture and ensuring that empathy is at the heart of their response, the ICO said. </p><p>"To many organizations, a data breach might seem like a temporary setback - something that can be patched up with technical fixes and compliance reviews," said Edwards. </p><p>"But from the perspective of individuals - especially those in vulnerable situations - a breach can have a far-reaching ripple effect that disrupts their lives in ways that some may not fully appreciate."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ LinkedIn fined €310 million for GDPR breaches ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/linkedin-fined-eur310-million-for-gdpr-breaches</link>
                                                                            <description>
                            <![CDATA[ The social networking platform has accepted the ruling and will implement changes to its ad tracking processes ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">CtsUhiiEBcFeEeK8PLyjUg</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/hUXCgqA7knMqaUExHyuGAf-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 28 Oct 2024 10:02:47 +0000</pubDate>                                                                                                                                <updated>Tue, 29 Oct 2024 16:34:59 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/hUXCgqA7knMqaUExHyuGAf-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[LinkedIn logo and branding pictured on a smartphone screen.]]></media:description>                                                            <media:text><![CDATA[LinkedIn logo and branding pictured on a smartphone screen.]]></media:text>
                                <media:title type="plain"><![CDATA[LinkedIn logo and branding pictured on a smartphone screen.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/hUXCgqA7knMqaUExHyuGAf-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/policy-legislation/32857/irish-data-protection-commission-facebook-whatsapp-instagram-merge">Ireland's Data Protection Commission (DPC)</a> has hit LinkedIn with a €310 million fine after ruling it misused personal data for behavioral analysis and targeted advertising.</p><p>The ruling follows a complaint submitted to the French <a href="https://www.itpro.com/data-protection/28085/what-is-the-data-protection-act-1998">data protection</a> authority in 2018 by privacy non-profit La Quadrature Du Net, and later referred to the DPC as the lead supervisory authority for LinkedIn. </p><p>The personal data involved both first-party data from members themselves and data obtained via LinkedIn's third-party partners.</p><p>Processing this sort of data requires one of a few legal justifications, such as consent, contractual necessity, or legitimate interests, but certain conditions must apply, such as informed consent, fairness, and transparency.</p><p>According to the DPC, LinkedIn failed to satisfy these conditions.</p><p>In terms of consent, the regulator said this wasn't freely given, sufficiently informed, or specific or unambiguous. </p><p>Meanwhile, <a href="https://www.itpro.com/security/data-protection/linkedin-backtracks-on-controversial-ai-training-rules-after-user-backlash">LinkedIn</a> couldn't rely on the legitimate interests argument, according to the DPC as the fundamental rights and freedoms of users should trump those of LinkedIn itself; and nor did contractual necessity apply.</p><p>"The lawfulness of processing is a fundamental aspect of data protection law and the processing of personal data without an appropriate legal basis is a clear and serious violation of a data subject's fundamental right to data protection," said DPC deputy commissioner Graham Doyle.</p><p>The decision also sees LinkedIn reprimanded and ordered to bring its practices into line with the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a>. LinkedIn has accepted the findings.</p><p>"Today the Irish Data Protection Commission (IDPC) reached a final decision on claims from 2018 about some of our digital advertising efforts in the EU," it said in a statement. </p><p>"While we believe we have been in compliance with the General Data Protection Regulation (GDPR), we are working to ensure our ad practices meet this decision by the IDPC's deadline."</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="3PQwxpzWtrLXFachPJApH5" name="5 Real World Cyber Attacks and How to Stop Them - Vol2 (1).jpg" caption="" alt="5 Real World Cyber Attacks and How to Stop Them - Vol2" src="https://cdn.mos.cms.futurecdn.net/3PQwxpzWtrLXFachPJApH5.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Proofpoint)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/ransomware/five-real-world-cyberattacks-and-how-to-stop-them"><em>How hackers take advantage of human vulnerabilities</em></a></p></div></div><p>While dwarfed by the €1.55 billion penalty imposed against Meta last year, the LinkedIn fine is one of the largest ever imposed against a tech firm by the DPC for <a href="https://www.itpro.com/security/gdpr-fines-just-6-of-the-total-cost-of-data-breaches">GDPR breaches</a>. </p><p>Javvad Malik, lead <a href="https://www.itpro.com/security/28133/what-is-cyber-security">cybersecurity</a> awareness advocate at KnowBe4, said it's good to see regulators actively enforcing and standing up for user rights. Malik added that the incident highlights the importance of building robust data governance frameworks. </p><p>"It does serve as a reminder that relying on 'legitimate interests' as a legal basis is a risky strategy and can lead to significant penalties and reputational damage," he said. </p><p>“Ultimately, this ruling showcases how vital it is for organisations to reassess their business models and the ethics around targeted advertising. Rather they need to shift towards more user-centric models where users are clearly informed and given the ability to make decisions that are best for them."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Rubrik and Pure Storage collaborate on multi layered data resilience architecture  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/rubrik-and-pure-storage-collaborate-on-multi-layered-data-resilience-architecture</link>
                                                                            <description>
                            <![CDATA[ Three-layered framework aims to help customers strengthen their defense against evolving security threats ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">LVJrPjekP4W2wNev6BSoCK</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/M5csFvNWDEuWjzvggZ8GVL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 08 Oct 2024 13:08:34 +0000</pubDate>                                                                                                                                <updated>Wed, 09 Oct 2024 14:03:23 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (Daniel Todd) ]]></author>                    <dc:creator><![CDATA[ Daniel Todd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SRyC34qeLpNDj3dJtsVDhT.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/M5csFvNWDEuWjzvggZ8GVL-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Digital data security padlock on futuristic circuit board]]></media:description>                                                            <media:text><![CDATA[Digital data security padlock on futuristic circuit board]]></media:text>
                                <media:title type="plain"><![CDATA[Digital data security padlock on futuristic circuit board]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/M5csFvNWDEuWjzvggZ8GVL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Zero trust security specialist, Rubrik, and Pure Storage have announced a new partnership to help organizations navigate the challenges of exponential data growth in the modern security landscape.</p><p>The collaboration combines key elements of Rubrik's Security Cloud and the Pure Storage Platform to create a three-layered reference architecture capable of ensuring uptime and defense against the growing number of cyber threats.</p><p>Announcing the partnership, the CEO of Pure Storage, Charles Giancarlo, said enterprises now require multi layered architecture to outpace and counteract bad actors.</p><p>"The combination of Pure Storage and Rubrik delivers a solution designed to strengthen defenses while continuously evolving and scaling," he said. "Together, we're committed to providing businesses with a robust, adaptive framework that drives true <a href="https://www.itpro.com/security/a-journey-to-cyber-resilience">cyber resilience</a>, helping them stay ahead in a complex cyber security landscape."</p><h2 id="triple-layered-defense">Triple-layered defense</h2><p>The two companies said the collaboration had conjured up a new, three-layered strategy that covers rapid defense, data security, and archival location.</p><p>With the first layer, customers will have access to a feature on the Pure Storage Platform that allows them to use 'immutable snapshots' for rapid recovery and near-zero recovery time objectives during a cyber attack. The snapshots are stored in a secure enclave which is only accessible to designated contacts that have been authenticated via Pure Storage Support. </p><p>The second layer works to protect data stored on the Pure Storage FlashArray, with Rubrik's Security Cloud providing immutable and on-site backup through the Rubrik Secure Vault. This works alongside additional capabilities such as anomaly detection, threat monitoring, threat hunting, sensitive data monitoring, user intelligence, and orchestrated recovery.</p><p>The third and final layer focuses on archival storage to aid with <a href="https://www.itpro.com/data-loss-prevention/28864/data-recovery-why-is-it-so-important">data recovery</a>, with Pure Storage's FlashBlade//S and FlashBlade//E solutions offering flexible and cost-effective options depending on the customer's needs.</p><h2 id="critical-priority">Critical priority</h2><p>Data growth is outpacing the ability to secure it and mitigate its risk, according to 66% of IT security leaders in Rubrik Zero Labs latest <a href="https://www.rubrik.com/zero-labs">report</a>. In response, Rubrik&apos;s co-founder and CEO, Bipul Sinha, said the company&apos;s new partnership with Pure Storage represents an opportunity for customers to bolster their cyber resilience.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WEBINAR</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="eXDX4zRMWvkBYTPrUXBgZh" name="A strategic approach to meeting the newest PCI requirements in a cloud-driven world" caption="" alt="A strategic approach to meeting the newest PCI requirements in a cloud-driven world" src="https://cdn.mos.cms.futurecdn.net/eXDX4zRMWvkBYTPrUXBgZh.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Cloudflare)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-security/a-strategic-approach-to-meeting-the-newest-pci-requirements-in-a-cloud-driven-world"><em>Address PCI requirements in a scalable way</em></a></p></div></div><p>"As more and more organizations realize that cyber resilience is the most essential cyber security strategy, Pure Storage and Rubrik have come together to deliver the most complete cyber resilient hyper cloud solution," he explained.</p><p>"Having spent time with Charlie discussing cyber resilience, it became evident that our two companies had a tremendous opportunity to help our customers with <a href="https://www.itpro.com/security/data-breaches/358455/10-ways-to-protect-your-company-from-the-next-big-data-breach">data security</a> and business continuity."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ LinkedIn backtracks on AI training rules after user backlash ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/linkedin-backtracks-on-controversial-ai-training-rules-after-user-backlash</link>
                                                                            <description>
                            <![CDATA[ UK-based LinkedIn users will now get the same protections as those elsewhere in Europe ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">VBzbWMj3AT4kzg5aVVGkYg</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/gcf9KQrbYmhPFjTVKoRas5-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 23 Sep 2024 09:13:11 +0000</pubDate>                                                                                                                                <updated>Mon, 23 Sep 2024 09:13:57 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/gcf9KQrbYmhPFjTVKoRas5-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[LinkedIn logo and branding pictured on a smartphone screen held by shadowed handed.]]></media:description>                                                            <media:text><![CDATA[LinkedIn logo and branding pictured on a smartphone screen held by shadowed handed.]]></media:text>
                                <media:title type="plain"><![CDATA[LinkedIn logo and branding pictured on a smartphone screen held by shadowed handed.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/gcf9KQrbYmhPFjTVKoRas5-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>LinkedIn has suspended the use of UK user data for AI training following a fierce backlash from digital rights campaigners, users, and regulators. </p><p>The social network recently changed its privacy policy to use an ‘opt-out’ setting for the use of customer data to train its internal <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI</a> models. </p><p>In an update to its policies, the Microsoft-owned firm said the use of user data would help improve <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai">generative AI</a> features. The change prompted a backlash among users on social media, with digital rights campaigners urging users to opt-out of the scheme. </p><p>"Like other features on LinkedIn, when you engage with generative AI powered features we process your interactions with the feature, which may include personal data (e.g., your inputs and resulting outputs, your usage information, your language preference, and any feedback you provide)," LinkedIn said in its FAQs.</p><p>The UK’s <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner’s Office (ICO)</a> expressed concerns over the move, with the regulator noting that the opt-out approach wasn’t sufficient to protect user privacy. </p><p>Similarly, digital rights group Open Rights Group complained the opt-out model “proves once again to be wholly inadequate to protect our rights”. </p><p>“The public cannot be expected to monitor and chase every single online company that decides to use our data to train AI," said legal and policy officer Mariano delli Santi.</p><p>"Opt-in consent isn't only legally mandated, but a common-sense requirement."</p><h2 id="linkedin-u-turn-welcomed-by-privacy-watchdog">LinkedIn U-turn welcomed by privacy watchdog</h2><p>LinkedIn has since backed down, however, and will no longer apply the policy in the UK, along with the EU, the European Economic Area, and Switzerland.</p><p>In a statement, Blake Lawit, SVP and general counsel at LinkedIn, said the company has changed its user agreement to include more details on its content recommendation and content moderation practices, along with new provisions relating to generative AI.</p><p>The privacy policy, meanwhile, now has more information on how user data is harnessed to develop products and services. This includes details on how user data is used to train AI models. </p><p>"We are not enabling training for generative AI on member data from the European Economic Area, Switzerland, and the United Kingdom, and will not provide the setting to members in those regions until further notice,” Lawit added.</p><p>The ICO has welcomed the decision, noting in a statement that LinkedIn has taken on board key concerns raised about its approach to <a href="https://www.itpro.com/technology/artificial-intelligence/generative-ai-training-in-the-crosshairs-as-ico-set-to-examine-legality-of-personal-data-use">AI training</a>. </p><p>"We are pleased that LinkedIn has reflected on the concerns we raised about its approach to training generative AI models with information relating to its UK users,” said Stephen Almond, ICO executive director, regulatory risk.</p><p>"In order to get the most out of generative AI and the opportunities it brings, it is crucial that the public can trust that their privacy rights will be respected from the outset."</p><p>The use of user data for training AIs has become a controversial one. Earlier this year, Meta halted the use of the data of UK Facebook and Instagram data for this after the ICO raised concerns.</p><p>The company has <a href="https://www.itpro.com/security/data-protection/meta-to-go-ahead-with-plans-to-use-uk-data-for-ai-training">since started using UK data once again under an altered consent model</a>, claiming it satisfied the ICO's demands. </p><p>The ICO said it will continue to monitor the situation with Meta - and the same, Almond said, will be true of LinkedIn.</p><p>“We will continue to monitor major developers of generative AI, including Microsoft and LinkedIn, to review the safeguards they have put in place and ensure the information rights of UK users are protected," he said.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Meta will go ahead with plans to use UK data for AI training ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/meta-to-go-ahead-with-plans-to-use-uk-data-for-ai-training</link>
                                                                            <description>
                            <![CDATA[ The company says it's satisfied demands from the ICO, though the UK's regulator will continue to monitor the situation ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">f5sXEAC4kAwW9L8wdyTiqd</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/JC2YWbFc3zjKzcDQ7quFCj-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 16 Sep 2024 11:45:26 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/JC2YWbFc3zjKzcDQ7quFCj-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Meta logo (a stylized &#039;M&#039; next to the word &#039;Meta) written in blue on a frosted glass window, with blue lights visible behind the glass.]]></media:description>                                                            <media:text><![CDATA[The Meta logo (a stylized &#039;M&#039; next to the word &#039;Meta) written in blue on a frosted glass window, with blue lights visible behind the glass.]]></media:text>
                                <media:title type="plain"><![CDATA[The Meta logo (a stylized &#039;M&#039; next to the word &#039;Meta) written in blue on a frosted glass window, with blue lights visible behind the glass.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/JC2YWbFc3zjKzcDQ7quFCj-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Meta will continue using Facebook and Instagram posts from UK users to train its AI, potentially setting it up for further conflict with the <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner's Office (ICO)</a>.</p><p>Earlier this summer, the company said it was delaying plans to use EU and UK user data to train its Meta AI software. However, it's now announced plans to go ahead, stating  it was for the "benefit of its users".</p><p>"This means that our generative AI models will reflect British culture, history, and idiom, and that UK companies and institutions will be able to utilise the latest technology," the company said in a statement.  </p><p>Meta has said it won't use people's private messages, nor information from accounts belonging to under-18s. </p><p>"We'll use public information – such as public posts and comments, or public photos and captions – from accounts of adult users on Instagram and Facebook to improve <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai">generative AI</a> models for our <a href="https://www.itpro.com/technology/artificial-intelligence/generative-ai-helped-meta-get-its-mojo-back">AI at Meta</a> features and experiences, including for people in the UK," it said.</p><p>From this week, users will start getting in-app notifications, through which they can opt out of the system; this, it says, satisfies a demand from the ICO. Unfortunately for Meta, though, the ICO isn't quite so certain that all is now well.</p><p>"In June, Meta paused its plans to use Facebook and Instagram user data to train generative AI in response to a request from the ICO. It has since made changes to its approach, including making it simpler for users to object to the processing and providing them with a longer window to do so," said Stephen Almond, executive director, regulatory risk, at the ICO. </p><p>"Meta has now taken the decision to resume its plans and we will monitor the situation as Meta moves to inform UK users and commence processing in the coming weeks."</p><p>And, he adds, "The ICO has not provided regulatory approval for the processing and it is for Meta to ensure and demonstrate ongoing compliance."</p><p>Meta has been using user data from other jurisdictions, including the US, for some time. It hasn't said whether it now plans to start using user data from the EU, but the Irish <a href="https://www.itpro.com/policy-legislation/32857/irish-data-protection-commission-facebook-whatsapp-instagram-merge">Data Protection Commission (DPC)</a> – which regulates Meta in the EU – has already objected to the idea. Several national data protection authorities across the region have also voiced their disquiet.</p><p>Meanwhile, privacy rights non-profit campaign group Noyb has filed several complaints in individual EU nations, alleging that the company is in breach of the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">General Data Protection Regulation (GDPR)</a>.</p><p>The move does, though, have the seal of approval from tech trade association the Computer & Communications Industry Association (CCIA).</p><p>"It is very encouraging to see more cutting-edge AI development able to take place in the UK. This shows that genuine collaboration between industry and regulators can foster a framework where privacy protections and an environment conducive to investment and innovation work seamlessly together," said senior director and head of CCIA's London office Matthew Sinclair. </p><p>"Today is a positive sign for the government's ambitions for the UK's role in the global digital economy." </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Uber hit with €290m fine for storing European driver data in the US ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/uber-hit-with-euro290m-fine-for-storing-european-driver-data-in-the-us</link>
                                                                            <description>
                            <![CDATA[ The fine marks the latest imposed on Uber by the Dutch data protection authority ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9PPw6csDJ3adrgCkyGSEKV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Le3k4yqXkXpmMqG9eaHVEi-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 27 Aug 2024 09:07:54 +0000</pubDate>                                                                                                                                <updated>Tue, 27 Aug 2024 09:08:28 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Le3k4yqXkXpmMqG9eaHVEi-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Uber logo pictured on the company&#039;s headquarters in San Francisco, California.]]></media:description>                                                            <media:text><![CDATA[Uber logo pictured on the company&#039;s headquarters in San Francisco, California.]]></media:text>
                                <media:title type="plain"><![CDATA[Uber logo pictured on the company&#039;s headquarters in San Francisco, California.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Le3k4yqXkXpmMqG9eaHVEi-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/data-breaches/30477/uber-ciso-there-was-no-justification-for-hiding-data-breach">Uber</a> has been fined €290 million by the Dutch <a href="https://www.itpro.com/security/data-protection">data protection</a> authority for transferring the personal data of European drivers to the US without appropriate safeguards.</p><p>According to the Dutch DPA, the transfers - which Uber has now halted - were a serious violation of the EU&apos;s General Data Protection Regulation (GDPR).</p><p>"In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due careBut sadly, this is not self-evident outside Europe,” said Dutch DPA chairman Aleid Wolfsen.</p><p>"Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union. Uber did not meet the requirements of the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a> to ensure the level of protection to the data with regard to transfers to the US. That is very serious."</p><p>The investigation was prompted by complaints from more than 170 French drivers to the French human rights interest group the Ligue des droits de l’Homme (LDH), which subsequently submitted a complaint to the French DPA. </p><p>However, Uber&apos;s European headquarters is based in the Netherlands, making it the official supervisory authority.</p><p>The Dutch DPA found Uber collected sensitive information of drivers from Europe and retained it on servers in the US. The data included account details and taxi licenses, as well as location data, photos, payment details, identity documents, and in some cases even the criminal and medical data of drivers.</p><p>The transfers continued for more than two years.</p><p>There are, or have been, various ways to make US data transfers without breaching the GDPR. However, the European Court of Justice invalidated the <a href="https://www.itpro.com/safe-harbour/34529/what-is-eu-us-privacy-shield">EU-US Privacy Shield</a> in 2020, and Uber stopped using the alternative of Standard Contractual Clauses in August 2021. It has since switched to using the <a href="https://www.itpro.com/security/privacy-shield/367221/eu-and-us-reach-agreement-on-privacy-shield-replacement">successor to the Privacy Shield</a>.</p><p>The Computer & Communications Industry Association (CCIA Europe) said Uber was put in a difficult situation by the EU&apos;s decision to invalidate Privacy Shield back in 2020. This move, it said, left European and American companies without any clear guidelines for transatlantic data flows for a period of nearly three years.</p><p>Meanwhile, the Commission ruled out the use of Standard Contractual Clauses for non-EU companies already subject to European data protection rules, leaving companies without any straightforward mechanism to move EU data to servers in the US.</p><p>"The fact that the Dutch Data Protection Authority today decided to issue a massive fine to a tech company for EU-US data flows that happened back in 2021 ignores reality. The busiest internet route in the world could not simply be put on hold for three entire years while governments worked to establish a new legal framework for these data flows," said CCIA Europe’s head of policy, Alexandre Roure.</p><p>"Any retroactive fines by data protection authorities are especially worrisome given that these very privacy watchdogs failed to provide helpful guidance during this period of significant legal uncertainty, in absence of any clear legal framework."</p><p>This is the third fine imposed on Uber by the Dutch DPA, which hit the company with a €600,000 penalty in 2018 and another for €10 million in 2023. Uber has objected to this latest fine.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ AI and data protection: What businesses need to know ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/ai-and-data-protection-what-businesses-need-to-know</link>
                                                                            <description>
                            <![CDATA[ Generative AI tools such as ChatGPT pose risks to data protection – firms still struggling to put an AI strategy in place will struggle down the line ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4QytfY2DDks7PeubVa4ZMC</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ptYVxnFiFQ4ETsmxd8SAS9-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 22 Aug 2024 12:17:11 +0000</pubDate>                                                                                                                                <updated>Thu, 22 Aug 2024 15:32:04 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Kate O&#039;Flaherty ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LUULv6n7VJ3BHPnaoLHHdg.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ptYVxnFiFQ4ETsmxd8SAS9-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[An abstract cube filled with multi-colored layers exposed in missing chunks, surrounded by other cubes, representing AI data protection. Decorative: the cube in the center is yellow and the other cubes are blue, while all sit on a polished white surface.]]></media:description>                                                            <media:text><![CDATA[An abstract cube filled with multi-colored layers exposed in missing chunks, surrounded by other cubes, representing AI data protection. Decorative: the cube in the center is yellow and the other cubes are blue, while all sit on a polished white surface.]]></media:text>
                                <media:title type="plain"><![CDATA[An abstract cube filled with multi-colored layers exposed in missing chunks, surrounded by other cubes, representing AI data protection. Decorative: the cube in the center is yellow and the other cubes are blue, while all sit on a polished white surface.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ptYVxnFiFQ4ETsmxd8SAS9-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Businesses are increasingly taking advantage of <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai"><u>generative AI</u></a> to boost efficiency – but the technology also poses significant data protection risks. AI relies on masses of data to operate and using it at scale can lead to unintentional sharing of private business information. </p><p>One in five UK companies has had potentially sensitive corporate data exposed via employee use of generative AI, a new <a href="https://riversafe.co.uk/wp-content/uploads/Threats-breaches-and-budgets-guide.pdf" target="_blank"><u>report</u></a> [PDF] by RiverSafe has revealed. Take the example of tech giant Samsung, which was forced to ban the use of generative AI after <a href="https://www.techradar.com/news/samsung-workers-leaked-company-secrets-by-using-chatgpt" target="_blank"><u>staff shared</u></a> sensitive data including source code and meeting notes with <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369965/what-is-chatgpt-and-what-does-it-mean-for-businesses"><u>ChatGPT</u></a> as reported by <em>Techradar Pro</em>.</p><p>The risks span multiple vectors – exposed information is in breach of <a href="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures"><u>data protection policies</u></a> such as the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know"><u>General Data Protection Regulation (GDPR)</u></a> or <a href="https://www.itpro.com/data-protection/34061/what-is-the-data-protection-act-2018"><u>Data Protection Act (DPA) 2018</u></a>. </p><p>Last year, Forrester senior analyst Alla Valente <a href="https://www.forrester.com/blogs/predictions-2024-security-and-risk/" target="_blank"><u>described</u></a> how generative AI use will lead to major data breaches and fines for application developers using the technology.</p><p>So, what exactly are the data protection risks posed by generative tools such as ChatGPT and how can companies put a strategy in place to mitigate these?</p><h2 id="ai-and-data-protection-risks">AI and data protection risks</h2><p>One of the key concerns centers around the handling of sensitive information by AI systems, says Chris Harris, EMEA technical associate vice president for data security at Thales. “Given the vast amounts of data these systems are ingesting and processing, there’s a real risk that sensitive information is also being captured and could be inadvertently revealed.”</p><p>Adding to the complexity, the integrity of AI systems heavily depends on the quality and reliability of the data they’re trained on. If malicious information is introduced into training datasets – what’s known as “<a href="https://www.itpro.com/security/hackers-are-deliberately-poisoning-ai-systems-to-make-them-malfunction-and-theres-no-way-to-defend-against-it"><u>data poisoning”</u></a> – the learning process can be corrupted and compromise the model’s performance, Harris says. “Outputs could also be biased or factually incorrect, with the potential to manipulate outcomes and undermine decision-making processes if sufficient scrutiny isn’t in place.”</p><p>Meanwhile, cybercriminals could <a href="https://www.itpro.com/security/hackers-could-dupe-slacks-ai-features-to-expose-private-channel-messages">trick generative AI systems</a> into extracting and sharing confidential data, such as customer records, financial transactions, or trade secrets. “These breaches put privacy at risk and expose enterprises to penalties, legal trouble, and damage to their reputation,” says Harris.</p><h2 id="ai-and-data-protection-legislation">AI and data protection legislation</h2><p>Using generative AI tools in business poses <a href="https://www.itpro.com/business/policy-and-legislation/why-ai-could-be-a-legal-nightmare-for-years-to-come"><u>distinct regulatory challenges</u></a><strong>. </strong>While there isn't any regulation that specifically covers generative AI, current legislation and guidance create standards for responsible use of the technology, says Dr Leanne Allen, partner, data, data science and AI lead, KPMG UK. </p><p>For example, the <a href="https://www.itpro.com/technology/artificial-intelligence/eu-ai-act-everything-you-need-to-know-about-the-legislation-including-rules-requirements-and-who-will-be-forced-to-comply"><u>EU AI Act</u></a>, the <a href="https://www.oecd.org/digital/artificial-intelligence/"><u>OECD's AI principles</u></a>, and the <a href="https://www.itpro.com/business/policy-and-legislation/how-will-the-digital-services-act-affect-businesses"><u>Digital Services Act</u></a> stipulate that any type of AI must be “robust, safe, trustworthy, and secure”, she says. </p><iframe allow="" height="200px" width="100%" data-lazy-priority="low" data-lazy-src="https://widget.spreaker.com/player?episode_id=56885247&theme=light&playlist=false&playlist-continuous=false&chapters-image=true&episode_image_position=right&hide-logo=true&hide-likes=true&hide-comments=true&hide-sharing=true&hide-download=true"></iframe><p>Regulation around personal data is especially important for firms using AI, says Ben Travers, AI expert and partner at law firm Knights. “Many businesses will not have obtained appropriate consent, or don’t have another valid legal basis for processing personal data through AI. Any organization that defaults to <a href="https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/legitimate-interests/what-is-the-legitimate-interests-basis/#:~:text=Legitimate%20interests%20is%20one%20of,%2C%20fairness%20and%20transparency'%20principle."><u>legitimate interest</u></a> as the basis for uploading personal data to an AI has probably misunderstood how the law works in this area.”</p><p>Ensuring generative AI adheres to data protection regulations such as the GDPR is “complex”, says Philip Brining, co-founder and managing director of Data Protection People. The technology's need for vast amounts of data often conflicts with GDPR principles such as data minimization and purpose limitation, he says.</p><p>Data subject rights under regulations – including the <a href="https://www.itpro.com/data-protection/22378/what-is-googles-right-to-be-forgotten">right to access, rectify, and erase data</a> – add another layer of complexity, says Brining. “Ensuring generative AI systems comply with these rights is challenging, especially when data is deeply integrated into AI models.”</p><p>At the same time, GDPR requires all personal data to be stored either in the EU or within a jurisdiction that has comparable levels of protection. Sending personal data to a non-compliant data center outside of the EU will therefore break GDPR law. Amidst all this, UK businesses are still <a href="https://www.itpro.com/security/data-protection/a-lack-of-ai-guidance-is-causing-gdpr-headaches-for-uk-businesses"><u>struggling to ensure their staff comply with GDPR</u></a> rules when using AI.</p><p>Transparency and accountability are other factors to be taken into account. For example, it’s important to consider that firms may be required to explain a generative AI model's decision-making process, says Kevin Curran, IEEE senior member and professor of cyber security at Ulster University. This is especially true in “high-stakes” situations such as loan approvals or medical diagnoses, he says. </p><h2 id="ai-and-data-protection-strategies">AI and data protection strategies</h2><p>Data protection will continue to be a key concern for any firm including generative AI in their operations. But as AI technology develops, it’s possible to manage this using strategies and tools.</p><p>One of the key principles to adhere to is “<a href="https://www.itpro.com/policy-legislation/data-protection/367430/data-protection-by-design-isnt-just-a-buzzphrase"><u>privacy-by-design</u></a>”, says Harris. “This means privacy protections should be a default consideration, ensuring that data collection aligns with reasonable expectations.”</p><p>Data anonymization and pseudonymization are essential techniques to protect identifiable information before feeding it into generative AI models, says Brining. “Implementing robust access controls is vital. Limiting who can interact with generative AI systems and what data can be processed helps prevent unauthorized access and data breaches.”</p><p>Developing AI-specific policies and procedures and regularly updating them ensures that data input standards, model training processes, and output handling are “well-defined and compliant with regulations”, Brining adds.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="NbnSczsQbubhTHzFPn9DAf" name="Virtual machine migration made easy.jpg" caption="" alt="Virtual machine migration made easy" src="https://cdn.mos.cms.futurecdn.net/NbnSczsQbubhTHzFPn9DAf.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: AMD)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/infrastructure/data-centres/virtual-machine-migration-made-easy"><em>Three myths about virtual migrating revealed</em></a></p></div></div><p>It may be that this is overseen by the <a href="https://www.itpro.com/business/careers-and-training/the-changing-role-of-the-cio"><u>CIO</u></a> at a business, but some firms have also recognized the unique complexity of AI onboarding by hiring <a href="https://www.itpro.com/business/business-strategy/how-chief-ai-officers-can-streamline-strategy-from-the-boardroom-down"><u>chief AI officers (CAIOs)</u></a>.</p><p></p><p>Meanwhile, businesses should consider whether it would be more appropriate to direct employees into using enterprise versions of generative AI tools to control use and access, says Jon Bartley, partner and head of the data advisory group at law firm RPC. “This may be a more practical solution compared to simply restricting employees from using free online tools.”</p><p>For example, when it comes to using AI to generate code there are a number of enterprise options including <a href="https://www.itpro.com/technology/artificial-intelligence/gemini-code-assist-could-be-googles-secret-weapon-to-challenging-github-copilot"><u>GitHub Copilot</u></a>, <a href="https://www.itpro.com/software/development/everything-you-need-to-know-about-github-copilot-workspace"><u>Gemini CodeAssist</u></a>, or <a href="https://www.itpro.com/technology/artificial-intelligence/metas-code-llama-ai-coding-tool-just-got-a-big-performance-boost"><u>Code Llama</u></a> which can <a href="https://www.itpro.com/software/development/ai-coding-tools-are-finally-delivering-results-for-enterprises-developers-are-saving-so-much-time-theyre-able-to-collaborate-more-focus-on-system-design-and-learn-new-languages"><u>demonstrably deliver returns for business</u></a> without putting proprietary code at risk.</p><p>It’s also important to bear in mind that any <a href="https://www.itpro.com/technology/artificial-intelligence/five-steps-for-implementing-predictive-ai-successfully"><u>implementation of AI</u></a> models within an organization is never truly finished. Ongoing work is needed to review the decisions being made and minimize harmful outputs and toxicity, says Harris. “Wherever possible, organizations must strive for explainability in the decisions a generative AI model is making, allowing genuine human control and mitigating risks as much as possible.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ICO slams Electoral Commission over security failures ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/ico-slams-electoral-commission-over-security-failures</link>
                                                                            <description>
                            <![CDATA[ The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Uhe6s6rEiGaKTrDamyRRYJ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/fKLZvXHTz5QeJSdQoyn4tH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 31 Jul 2024 15:19:49 +0000</pubDate>                                                                                                                                <updated>Thu, 01 Aug 2024 11:47:38 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/fKLZvXHTz5QeJSdQoyn4tH-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Polling station sanctioned by the Electoral Commission pictured ahead of the 2024 UK general election.]]></media:description>                                                            <media:text><![CDATA[Polling station sanctioned by the Electoral Commission pictured ahead of the 2024 UK general election.]]></media:text>
                                <media:title type="plain"><![CDATA[Polling station sanctioned by the Electoral Commission pictured ahead of the 2024 UK general election.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/fKLZvXHTz5QeJSdQoyn4tH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The UK <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner’s Office (ICO)</a> has reprimanded the Electoral Commission for basic security failings that exposed personal data belonging to 40 million voters.</p><p>Two years ago, <a href="https://www.itpro.com/security/electoral-commission-hit-by-complex-15-month-cyber-attack">hackers successfully accessed the Electoral Commission’s Microsoft Exchange Server</a> by impersonating a user account and exploiting known software vulnerabilities in the system.</p><p>For more than a year, they had access to the personal information held on the Electoral Register, including names and home addresses - and the servers were accessed on several occasions without the Electoral Commission’s knowledge.</p><p>The attack was <a href="https://www.itpro.com/security/cyber-attacks/security-experts-raise-questions-about-uk-cyber-funding-in-wake-of-electoral-commission-hack">widely attributed to Chinese state-sponsored attackers</a>.</p><p>Following an investigation into the matter, the ICO found the Electoral Commission didn&apos;t have appropriate security measures in place to protect the personal information it was holding.</p><p>In particular, the watchdog said it failed to keep servers up to date with the latest security updates. The security patches for the vulnerabilities exploited in the cyber attack were released in April and May 2021, months before the attack.</p><p>Meanwhile, the Electoral Commission also had inadequate <a href="https://www.itpro.com/security/cyber-security/360865/better-patch-management-and-password-policies-cut-cyber-attacks-by">password policies</a> in place, according to the ICO, with many accounts still using passwords identical or similar to the ones originally allocated by the service desk.</p><p>"If the Electoral Commission had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened. By not installing the latest security updates promptly, its systems were left exposed and vulnerable to hackers," said Stephen Bonner, deputy commissioner at the ICO.</p><p>"I know the headline figures of 40 million people affected caused considerable public alarm when news of this breach emerged last year. I want to reassure the public that while an unacceptably high number of people were impacted, we have no reason to believe any personal data was misused and we have found no evidence that any direct harm has been caused by this breach."</p><p>The Electoral Commission has since taken steps to improve its security, including implementing a plan to modernize its infrastructure, as well as password policy controls and multi-factor authentication for all users.</p><p>But BCS fellow Dan Card said the breach shouldn&apos;t come as a surprise.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="i8x42NAf3SWy76TxK6gcuK" name="A CISO's Guide to Safely Unleashing the Power of GenAI.jpg" caption="" alt="A CISO's Guide to Safely Unleashing the Power of GenAI" src="https://cdn.mos.cms.futurecdn.net/i8x42NAf3SWy76TxK6gcuK.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Snyk)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/a-cisos-guide-to-safely-unleashing-the-power-of-genai"><em>Safeguard against AI threats</em></a></p></div></div><p>"This scenario isn&apos;t even an edge case — it reflects the state of a significant number of organizations, including some <a href="https://www.itpro.com/security/cyber-attacks/security-agencies-warn-of-heightened-threat-to-critical-national-infrastructure">critical national infrastructure</a>," he said.</p><p>"Reports indicate that the threat actors exploited ProxyShell, a vulnerability that was extensively discussed and addressed within the <a href="https://www.itpro.com/security/28133/what-is-cyber-security">cybersecurity</a> community. The organization&apos;s failure to act promptly is a glaring oversight, compounding the severity of the other findings."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Why enterprise data protection doesn't have to be a drag or drain ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/why-enterprise-data-protection-doesnt-have-to-be-a-drag-or-drain</link>
                                                                            <description>
                            <![CDATA[ Advanced solutions can simplify and strengthen data protection as well as boosting operational efficiency for enterprises facing modern cybersecurity challenges ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uo8wpmWqR29DKPDAFZUdtQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ujuUfPV7L8KWmpwXbt4umk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 04 Jul 2024 15:26:15 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ dale.walker@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/JpDGYSnD7yNNModq5jFThm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                    <sponsoredContent>true</sponsoredContent>
                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ujuUfPV7L8KWmpwXbt4umk-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[data protection]]></media:description>                                                            <media:text><![CDATA[data protection]]></media:text>
                                <media:title type="plain"><![CDATA[data protection]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ujuUfPV7L8KWmpwXbt4umk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>IT decision-makers are increasingly tasked with achieving more despite constrained and, often, dwindling resources. Their roles demand simplicity in processes while ensuring the continuous security of their most valuable asset - data.</p><p>Traditionally, cybersecurity and data protection were prioritized above all else, often at the expense of added complexity and resource strain.</p><p>IT teams now face a perfect storm of challenges. The threat landscape is expanding, with ransomware attacks becoming more frequent and sophisticated. Simultaneously, they must optimize budgets, improve efficiency, and simplify technology infrastructure. While this may seem all well and good in theory, in reality, it’s a lot to ask. </p><p>This balancing act often forces compromises in data protection strategies. Many organizations struggle to implement comprehensive backup solutions due to budget constraints, limited resources,, or overly complex systems. Consequently, critical vulnerabilities remain, exposing enterprises to potentially devastating data loss or breaches.</p><p>"After collaborating with clients of different sizes and industries, we found that organizations are indeed limited by many real-world factors in the process of protecting data, making it difficult to cover all operational aspects comprehensively," said Liu Jiayu, deputy general manager of Synology&apos;s Backup Products. </p><p>"This means that organizations may still be exposed to cybersecurity risks, which is an area that Synology has long been focusing on and eager to provide strong assistance."</p><h2 id="simplifying-robust-data-protection-for-modern-enterprises">Simplifying robust data protection for modern enterprises</h2><p>Understanding these challenges is crucial for developing effective data protection strategies. IT teams need solutions that address the immediate threats and also streamline the overall data protection process, making it easier to manage and maintain. Solutions must be robust, yet simple enough to deploy and operate without requiring extensive resources or specialized expertise.</p><p>Understanding the multifaceted needs of modern enterprises, Synology has developed ActiveProtect to address the most pressing data protection challenges efficiently and effectively. </p><p>By integrating advanced technologies and user-friendly management interfaces, ActiveProtect ensures data protection without the typical complexities or high costs associated with traditional solutions. It sports several key features that translate into significant operational advantages for IT professionals, enabling them to safeguard their data while optimizing performance and reducing overheads.</p><p>ActiveProtect offers many benefits:</p><ul><li><strong>All-in-one solution:</strong> ActiveProtect integrates hardware and software into a single, pre-configured package. This ensures optimal performance and reliability, saving IT personnel the effort and uncertainty of assembling various components from different vendors.</li><li><strong>Rapid deployment:</strong> Setting up and completing a full data backup can be done in as little as 15 minutes with ActiveProtect. This deployment significantly reduces the time and effort needed, allowing IT teams to focus on other critical tasks.</li><li><strong>Centralized management:</strong> ActiveProtect offers a single interface for monitoring and managing the entire backup architecture. This centralization simplifies data protection, enabling IT personnel to manage backup policies, monitor local and offsite data, and perform restorations from a unified platform.</li><li><strong>Advanced deduplication:</strong> Multi-level deduplication mechanisms save storage space and reduce transmission traffic. By comparing data at the source and performing global deduplication across platforms, ActiveProtect optimizes storage costs and enhances efficiency.</li><li><strong>Scalability and efficiency:</strong> Features such as data tiering and encrypted replication make ActiveProtect a scalable and cost-effective solution. Enterprises can define data tiering rules, moving older data to more economical storage solutions without compromising accessibility.</li></ul><h2 id="simplicity-confidence-and-cost-reduction">Simplicity, confidence, and cost reduction</h2><p>Traditional solutions often require extensive configuration and ongoing maintenance, which can be resource-intensive. Synology streamlines this process through its pre-configured nature and centralized management interface. IT teams can monitor and manage backups effortlessly, ensuring that all critical data is consistently protected.</p><p>These solutions allow IT personnel to deploy a complete data protection architecture in minimal time. By eliminating cumbersome deployment steps, ActiveProtect ensures that data backup is completed quickly and efficiently. This rapid deployment is crucial in today&apos;s fast-paced business environment, where downtime can have significant repercussions.<br></p><p>The rapid growth of data and increased audit requirements necessitate long-term data retention, often leading to escalating storage costs. Synology addresses this issue through advanced deduplication and data tiering technologies. </p><p>Transmitting only changes or different files during backups and performing global deduplication can significantly reduce storage space usage and transmission bandwidth.</p><p>Moreover, enterprises can set data tiering rules to move older data to more cost-effective storage solutions. This approach can reduce costs as well as  ensuring that data can be retrieved when needed from a single management interface. Combining these technologies enables ActiveProtect to help organisations build a cost-effective and scalable data protection architecture.</p><h2 id="delivering-what-it-professionals-deserve">Delivering what IT professionals deserve</h2><p>Synology’s solutions are next-generation data protection tools that place the customer at the center. They offer streamlined management and outstanding performance, addressing the challenges of </p><p>As cybersecurity threats become more severe, these solutions give enterprises the confidence to tackle various risks and significantly enhance their operational resilience.</p><p>By adopting ActiveProtect, enterprises can achieve robust data protection without the usual trade-offs. Synology&apos;s innovative approach ensures that data security is no longer a drag or drain, allowing IT decision-makers to focus on confidently driving forward their organizations.</p><p><em>Learn more about the new data protection experience from Synology</em><a href="https://event.synology.com/en-uk/ActiveProtectAppliance-annoucement-2024"> <u><em>here</em></u></a><em>.</em></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Meta delays plans to train AI using European user data ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/meta-delays-plans-to-train-ai-using-european-user-data</link>
                                                                            <description>
                            <![CDATA[ Meta won't continue with plans to train AI models using European user data following backlash from privacy groups ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qGfSkeJmd4NyniPtEtYeAm</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/e8aLhdC2CGgkAdhZSdhJY8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 17 Jun 2024 09:22:48 +0000</pubDate>                                                                                                                                <updated>Mon, 17 Jun 2024 14:25:21 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/e8aLhdC2CGgkAdhZSdhJY8-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Meta logo and branding pictured on a sign outside the social media giant&#039;s Menlo Park headquarters, California.]]></media:description>                                                            <media:text><![CDATA[Meta logo and branding pictured on a sign outside the social media giant&#039;s Menlo Park headquarters, California.]]></media:text>
                                <media:title type="plain"><![CDATA[Meta logo and branding pictured on a sign outside the social media giant&#039;s Menlo Park headquarters, California.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/e8aLhdC2CGgkAdhZSdhJY8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Meta has confirmed it will pause plans to train AI systems using data from EU citizens and won&apos;t launch Meta AI in the region for the time being.</p><p>Outside the EU and UK, the company will continue with its plans to train its AI on users&apos; Facebook and Instagram posts. The tech giant’s justification for using social media data for AI training is that this is content that users have chosen to make public.</p><p>"We are following the example set by others, including Google and OpenAI, both of which have already used data from Europeans to train AI," the company said.</p><p>"Our approach is more transparent and offers easier controls than many of our industry counterparts already training their models on similar publicly available information."</p><p>The company claimed that under the UK’s Data Protection Act and the EU’s GDPR, it had the legal right to collect data on the legal basis of ‘legitimate interests’.</p><p>"Specifically, we have legitimate interests in processing data to build these services and this means that people can object using a form found in our Privacy Centre if they wish," it said.</p><p>However, data protection authorities aren&apos;t happy. The Irish Data Protection Commission (DPC), which regulates Meta in the EU, expressed concerns, along with several national data protection authorities across the region.</p><p>Meanwhile, privacy campaign group Noyb filed complaints in 11 European countries, asking their respective data protection authorities to prevent the move before it comes into force at the end of the month.</p><p>Now, Meta has bowed to the pressure and announced that it will pause its plans in the UK and EU.</p><p>"We’re disappointed by the request from the Irish Data Protection Commission (DPC), our lead regulator, on behalf of the European DPAs, to delay training our <a href="https://www.itpro.com/technology/artificial-intelligence/three-open-source-large-language-models-you-can-use-today">large language models (LLMs)</a> using public content shared by adults on Facebook and Instagram — particularly since we incorporated regulatory feedback and the European DPAs have been informed since March," the company said in a statement.</p><p>Meta insisted that the pushback is a “step backwards for European innovation” and “further delays” bringing the benefits of AI to people across Europe.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="BL3ViYF8o2ns7KBLoXg6eP" name="Generative AI is here_ Are you ready_.jpg" caption="" alt="Generative AI is here: Are you ready?" src="https://cdn.mos.cms.futurecdn.net/BL3ViYF8o2ns7KBLoXg6eP.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Dell)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/generative-ai-is-here-are-you-ready"><em>Unlock new levels of creativity</em></a></p></div></div><p>Despite the move, Meta said it&apos;s still confident its approach complies with European laws and regulations. In addition, the tech giant said that without including local information it would only be able to offer people a &apos;second-rate experience&apos; - leading it to suspend the launch of Meta AI in the UK and EU.</p><p>While the move might be seen as an attempt to call the EU&apos;s bluff, it&apos;s been welcomed by the DPC, which said it will continue to engage with Meta on the issue.</p><p>The UK’s <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner’s Office (ICO)</a> also welcomed the decision to delay the <a href="https://www.itpro.com/technology/artificial-intelligence/generative-ai-training-in-the-crosshairs-as-ico-set-to-examine-legality-of-personal-data-use">AI training</a> plans.</p><p>"In order to get the most out of <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai">generative AI</a> and the opportunities it brings, it is crucial that the public can trust that their privacy rights will be respected from the outset," says Stephen Almond, the ICO&apos;s executive director for regulatory risk.</p><p>“We will continue to monitor major <a href="https://www.itpro.com/technology/artificial-intelligence/can-ai-code-generation-really-replace-human-developers">developers of generative AI</a>, including Meta, to review the safeguards they have put in place and ensure the information rights of UK users are protected.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Australian health insurance firm Medibank under fire over security blunders years after cyber attack  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/australian-health-insurance-firm-medibank-under-fire-over-security-blunders-years-after-cyber-attack</link>
                                                                            <description>
                            <![CDATA[ Legal proceedings have been filed against Medibank in relation to the 2022 data breach at the firm ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ZmJ5mCSin4sMbpKUq6F5on</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xnwYqVbCUNoqgxX2t63DNE-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 06 Jun 2024 10:13:14 +0000</pubDate>                                                                                                                                <updated>Thu, 06 Jun 2024 10:13:25 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ george.fitzmaurice@futurenet.com (George Fitzmaurice) ]]></author>                    <dc:creator><![CDATA[ George Fitzmaurice ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/N4xHCjSAXKcijjt3oiQtfc.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xnwYqVbCUNoqgxX2t63DNE-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[People walk past a shop front for Australia&#039;s largest health insurance company Medibank, in Sydney on November 11, 2022.]]></media:description>                                                            <media:text><![CDATA[People walk past a shop front for Australia&#039;s largest health insurance company Medibank, in Sydney on November 11, 2022.]]></media:text>
                                <media:title type="plain"><![CDATA[People walk past a shop front for Australia&#039;s largest health insurance company Medibank, in Sydney on November 11, 2022.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xnwYqVbCUNoqgxX2t63DNE-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Office of the Australian Information Commissioner (OAIC) has hit Medibank with civil penalty proceedings in federal court, seeking to hold the firm to account for an alleged mishandling of public data. </p><p>The OAIC <a href="https://www.oaic.gov.au/newsroom/oaic-takes-civil-penalty-action-against-medibank">referred specifically</a> to the data breach at the firm in 2022 and claimed that, from March 2021 to October 2022, Medibank “seriously interfered” with the privacy of nearly 10 million (9.7 million) Australians.</p><p>Medibank stands accused of failing to take reasonable steps to protect the personal data of its customers from “misuse and unauthorized access or disclosure,” putting it in breach of the country&apos;s privacy legislation.</p><p>“The release of personal information on the dark web exposed a large number of Australians to the likelihood of serious harm, including potential emotional distress and the material risk of identity theft, extortion, and financial crime,” said acting Australian Information Commissioner, Elizabeth Tydd.</p><p>Tydd went on to reiterate that, given Medibank’s size and resources, as well as the nature and volume of the data in question, the firm did not pursue a “reasonable” course of action in protecting customers.</p><p>“We consider Medibank’s conduct resulted in a serious interference with the privacy of a very large number of individuals,” she added.</p><p>Australian privacy commissioner Carly Kind made similar comments as part of the OAIC’s announcement, drawing attention to the responsibility that organizations have in protecting personal data.</p><p>“Organizations that collect, use, and store personal information have a considerable responsibility to ensure that data is held safely and securely. That is particularly the case when it comes to sensitive data,” Kind said.</p><p>She said that this particular case against Medicare should serve as a “wake up call” to Australian organizations, prompting companies to invest more heavily in <a href="https://www.itpro.com/security/28133/what-is-cyber-security">cyber security</a> and ensure that they are prepared to meet developing challenges.</p><p>“Organizations have an ethical as well as legal duty to protect the personal information they are entrusted with and a responsibility to keep it safe,” she added.</p><h2 id="medibank-has-fought-a-drawn-out-battle">Medibank has fought a drawn-out battle</h2><p>Medibank <a href="https://www.itpro.com/security/cyber-attacks/369463/medibank-hack-affects-millions-refuses-to-pay-ransom"><u>suffered the attack</u></a> nearly two years ago in October 2022. Data belonging to millions of former and current customers was exposed in the breach, including various pieces of sensitive information such as health claims and passport numbers.</p><p>The health insurance firm <a href="https://www.itpro.com/security/cyber-attacks/369394/medibank-admits-hack-could-cost-up-to-35-million">originally stated</a> that threat actors gained access to 3.9 million customer records. Even with 3.9 million affected, this would have been a severe breach, with this figure constituting 15% of the county’s population at the time.</p><p>It was later revealed, however, that around 9.7 million customers were affected.</p><p>Costs <a href="https://www.itpro.com/security/cyber-attacks/370127/medibank-bleeds-26-million-in-cyber-costs-following-hack">continued to mount in 2023</a> as the firm revealed that it had spent about $26.2 million AUD (£14.7 million) in remediation costs. The firm said at the time it expected costs to rise to more than $45 million.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firms ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/disgruntled-ex-employees-are-using-weaponized-data-subject-access-requests-to-pester-firms</link>
                                                                            <description>
                            <![CDATA[ Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ZndxVSAFNfBDaJ4uPTL3RF</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/28gvKk5842eoMNZPr3KgEc-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 04 Jun 2024 09:45:42 +0000</pubDate>                                                                                                                                <updated>Tue, 04 Jun 2024 11:50:12 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/28gvKk5842eoMNZPr3KgEc-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Female office worker shouting in a colleague&#039;s ear using a megaphone.]]></media:description>                                                            <media:text><![CDATA[Female office worker shouting in a colleague&#039;s ear using a megaphone.]]></media:text>
                                <media:title type="plain"><![CDATA[Female office worker shouting in a colleague&#039;s ear using a megaphone.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/28gvKk5842eoMNZPr3KgEc-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>New data shows the <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner’s Office (ICO)</a> received more than 15,000 complaints about mishandled Data Subject Access Requests (DSARs) in 2023 – and many are being made by disgruntled ex-employees.</p><p>Launching new guidelines on how to respond to DSARs, the ICO recently revealed that the number of complaints it received increased by 13.5% in 2023 compared with the previous year, hitting a total of 15,335.</p><p>They amounted to 45% of all complaints received by the ICO.</p><p>The ICO is keen to make sure that organizations understand their obligations and respond appropriately.</p><p>"What we’re seeing now is that many employers are misunderstanding the nature of subject access requests, or underestimating the importance of responding to requests," said Elanor McCombe, ICO policy group manager.</p><p>"For example, employers may be unaware that requests can be submitted informally, such as over social media, or do not have to contain the words ‘subject access request’ in order to qualify as a legally binding request. Similarly, employers may not realize that there is a strict time frame for responding to requests, and this must be kept to."</p><p>It&apos;s misunderstandings like this that lead to many complaints. However, according to Deborah Margolis, senior associate at GQ|Littler, many DSARs are from disgruntled former employees who use the data as a &apos;fishing expedition&apos; to obtain copies of documents pre-disclosure, or as a strategy to encourage the employer to reach a settlement with them.</p><p>"Responding to DSARs can take up a significant amount of business resources in terms of both cost and management time. Bearing in how much data we create and process about employees on a daily basis, the time spent trawling through documents is overwhelming for many businesses," she said.</p><p>"DSARs were intended to help individuals to determine if their personal data was being mishandled but some individuals have now weaponized DSARs with the intention of causing disruption for employers and forcing them into reaching favorable settlements."</p><p>Earlier this year, the ICO reprimanded Plymouth City Council and Norfolk County Council for failing to respond to information access requests, while in September 2022 it took action against seven organizations that failed to respond to DSARs.</p><p>However, following Brexit, the government has proposed amendments to UK data protection law that would shift it away from <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a>, with a new <a href="https://www.itpro.com/business/policy-and-legislation/data-protection-and-digital-information-dpid-bill-small-businesses">Data Protection and Digital Information Bill</a> expected to pass this year.</p><p>This, the law firm said, is expected to make compliance with DSARs less burdensome for businesses. In particular, it would be easier for organizations to reject or charge a fee for ‘vexatious’ DSARs.</p><p>"This would be a welcome change for employers, many of whom feel that the existing rules allows too many opportunities for abuse," Margolis said.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Firms have paid out more than $4.8 billion in GDPR fines since 2018 ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/gdpr/firms-have-paid-out-more-than-dollar48-billion-in-gdpr-fines-since-2018</link>
                                                                            <description>
                            <![CDATA[ Tech giants headquartered in Ireland attract the biggest GDPR fines ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">MVMR2x9KRT5ZcN98jsPX6b</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/pH8dmKXEPSaRKAUX3mgWN8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 23 May 2024 12:20:52 +0000</pubDate>                                                                                                                                <updated>Wed, 29 May 2024 09:49:09 +0000</updated>
                                                                                                                                            <category><![CDATA[GDPR]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Data Protection]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/pH8dmKXEPSaRKAUX3mgWN8-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Data protection and GDPR concept image showing multiple padlocks on a green background with one opened padlock.]]></media:description>                                                            <media:text><![CDATA[Data protection and GDPR concept image showing multiple padlocks on a green background with one opened padlock.]]></media:text>
                                <media:title type="plain"><![CDATA[Data protection and GDPR concept image showing multiple padlocks on a green background with one opened padlock.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/pH8dmKXEPSaRKAUX3mgWN8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Businesses have forked out €4.5 billion for <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a> violations over the last six years, with Spain, Italy, and Germany imposing the <a href="https://www.itpro.com/general-data-protection-regulation-gdpr/31025/gdpr-fines-how-high-are-they-and-how-can-you-avoid">biggest fines</a>.</p><p>Research from security firm Nordlayer shows that individual data protection authorities (DPAs) have between them issued 2,072 violation decisions since 2018 under the legislation.</p><p>"We&apos;ve witnessed businesses across industries change their data handling practices and invest in security measures to achieve compliance," said Carlos Salas, <a href="https://www.itpro.com/security/28133/what-is-cyber-security">cyber security</a> expert at NordLayer.</p><p>"While full compliance has been challenging for many companies, the GDPR&apos;s impact in empowering individuals and holding organizations accountable for data mishandling cannot be overstated. It has reshaped the digital landscape, forcing a much-needed prioritization of privacy rights."</p><p>Spanish businesses were the worst offenders, violating GDPR 842 times and paying out €80 million in fines since 2018. </p><p>Italy was second on the list; while the country&apos;s organizations have received half the number of GDPR violations compared with Spain, they&apos;ve paid nearly three times as much in fines. Companies in Italy, meanwhile, were issued 358 fines and paid nearly €229 million.</p><p>German organizations fell victim to 186 fines, resulting in €55 million worth of penalties. Romanian businesses weren&apos;t far behind with 179 fines - but have paid only €1.1 million in fines. Poland rounds out the top five, with companies receiving 73 fines, resulting in nearly €4 million losses.</p><h2 id="ireland-isn-x2019-t-scared-to-dish-out-gdpr-fines">Ireland isn’t scared to dish out GDPR fines</h2><p>In terms of the biggest payouts, it&apos;s Ireland that stands out, with €2.8 billion in fines issued since 2018. The main reason, of course, is that many of the largest tech companies, such as Meta and TikTok, have registered their European subsidiaries there and have been hit with multi-million-dollar fines.</p><p>Indeed, it&apos;s <a href="https://www.itpro.com/policy-legislation/data-protection/366996/meta-fine-gdpr-breaches">Meta that&apos;s far and away the biggest violator of GDPR</a>, having been slapped with six of the EU&apos;s ten biggest fines.</p><p>The biggest cost the company €1.2 billion, for insufficient legal basis for data processing in 2023. There were also two fines of around €400 million for non-compliance with general data processing principles.</p><p>In 2021, Amazon had to pay €746 million to Luxembourg’s data protection authorities; while last year, TikTok paid €345 million. Google was punished twice in 2021 for having insufficient legal basis for data processing, and paid €90 million and €60 million for separate violations.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="LbTZ6xzM9S46sHCntnXWLf" name="Data governance for data-driven organizations.jpg" caption="" alt="Data governance for data-driven organizations whitepaper" src="https://cdn.mos.cms.futurecdn.net/LbTZ6xzM9S46sHCntnXWLf.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: IBM)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/ibm-data-governance-for-data-driven-organizations"><em>Master your data management</em></a></p></div></div><p>And it&apos;s insufficient legal basis for data processing that&apos;s the most common reason for a fine, with 635 cases since 2018, costing companies €1.6 billion. For non-compliance with general data processing principles, organizations were fined 578 times and paid over €2 billion.</p><p>"Achieving and maintaining GDPR compliance is an ongoing journey, not a one-time destination," Salas said.</p><p>"<a href="https://www.itpro.com/general-data-protection-regulation-gdpr/30326/what-is-a-data-protection-officer">Data protection</a> regulations evolve, and cyber threats become more sophisticated, so businesses must remain proactive in their data privacy and security approach."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Rubrik IPO plans show surging appetite for data protection solutions ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/rubrik-ipo-plans-show-surging-appetite-for-data-protection-solutions</link>
                                                                            <description>
                            <![CDATA[ Rubrik wants to be the first security vendor to complete an IPO in over two years, capitalizing on a boom in demand for data security solutions ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cSuxy8wVfi94AnXns4MGCY</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/dusRWtVr4YzukdfPKuFoEZ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 05 Apr 2024 14:07:34 +0000</pubDate>                                                                                                                                <updated>Mon, 08 Apr 2024 12:35:29 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ solomon.klappholz@futurenet.com (Solomon Klappholz) ]]></author>                    <dc:creator><![CDATA[ Solomon Klappholz ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/z2aSrrbwGAyWwinHzGraAP.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.&lt;/p&gt;
&lt;p&gt;Before he joined ITPro, Solomon graduated from the University of Warwick in 2018 with a BA (Hons) in Philosophy, Politics, and Economics which included an intercalated year studying Philosophy at the Erasmus University, Rotterdam.&lt;/p&gt;
&lt;p&gt;Outside of the office, Solomon enjoys reading, visiting new art exhibitions, and playing football.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/dusRWtVr4YzukdfPKuFoEZ-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Rubrik logo and branding displayed on a smartphone sitting on a laptop with screen showing stock market fluctuations.]]></media:description>                                                            <media:text><![CDATA[Rubrik logo and branding displayed on a smartphone sitting on a laptop with screen showing stock market fluctuations.]]></media:text>
                                <media:title type="plain"><![CDATA[Rubrik logo and branding displayed on a smartphone sitting on a laptop with screen showing stock market fluctuations.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/dusRWtVr4YzukdfPKuFoEZ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Data security startup <a href="https://www.itpro.com/security/cyber-attacks/rubrik-partners-with-microsoft-to-drive-generative-ai-powered-cyber-recovery">Rubrik</a> has filed to go public on the New York Stock Exchange (NYSE), which, if successful, would make it the first <a href="https://www.itpro.com/security/how-to-choose-the-best-cyber-security-vendor-for-your-business">cyber security vendor</a> to complete an IPO in over two years.</p><p>The exact size and price of the <a href="https://www.itpro.com/633625/tech-ipos-bubble-bubble-hype-and-trouble">initial public offering</a> is yet to be disclosed, with <em>Bloomberg </em>reporting the firm could seek to raise $500 to $700 million in September 2023.</p><p>Rubrik filed plans for the IPO late on 1 April 2024, and will trade on the New York Stock Exchange under the ticker symbol ‘RBRK’ if successful.</p><p>In its SEC <a href="https://sec.gov/Archives/edgar/data/1943896/000119312524083525/d359771ds1.htm" target="_blank">filing</a>, Rubrik claimed it has experienced rapid growth in the face of cyber attacks, malicious insiders, and operational disruptions, with its annual recurring subscription (ARR) revenue growing from $532.9 million to $784.0 million as of 31 January 2024, a 47% increase year-on-year.</p><p>The <a href="https://www.itpro.com/data-protection/28085/what-is-the-data-protection-act-1998">data protection</a> specialists announced its total revenue rose by around 5% from $599.8 million to $627.9 million during the same period, boasting over 61,000 customers, 1,742 of which bring in over $100,000 in subscription ARR.</p><p>The company’s net losses also rose to approximately $354 million for the fiscal year 2024, climbing from $277.7 million in 2023.</p><p>Rubrik’s IPO plans come in the wake of debuts for <a href="https://www.itpro.com/software/367892/how-to-delete-your-reddit-account">Reddit</a> and Astera Labs on the NYSE in February, which broke a relative dry spell for IPOs in the last two years.</p><p>Before Reddit and Astera Labs went public, the last two venture-backed IPOs in the US were <a href="https://www.itpro.com/security/phishing/356556/hundreds-of-thousands-of-instacart-customers-impacted-by-data-breach">Instacart</a> and Klaviyo in September 2023, which both failed to generate much enthusiasm in the market.</p><h2 id="spiraling-data-requirements-drive-high-demand-for-data-protection-solutions">Spiraling data requirements drive high demand for data protection solutions</h2><p>The growing value of data as a result of digital transformation, cloud adoption, the proliferation of <a href="https://www.itpro.com/technology/artificial-intelligencehttps://www.itpro.com/strategy/28181/what-is-ai">AI</a> tools, and the sheer volume of data being generated today has resulted in an accompanying boom in demand for <a href="https://www.itpro.com/security/data-protection/why-msps-should-focus-their-attention-on-data-protection-services-not-backup">data protection services</a>.</p><p>Software company Rivery estimated that around 90% of the world’s data was created in the last two years, and this figure is expected to double in size every two years subsequently.</p><p>Kevin Cole, director of product and marketing at data protection firm <a href="https://www.itpro.com/cloud/platform-as-a-service-paas/360094/hpe-acquires-zerto-for-374-million">Zerto</a>, a subsidiary of <a href="https://www.itpro.com/cloud/hybrid-cloud/what-is-hpe-greenlake">HPE</a>, said Rubrik’s IPO filing demonstrates the growing importance of the data protection solutions for organizations across industries. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="fSMuXrccR25aCiJvUzB8D7" name="GettyImages-1467929387.jpg" caption="" alt="Cloud storage - GettyImages- 1467929387" src="https://cdn.mos.cms.futurecdn.net/fSMuXrccR25aCiJvUzB8D7.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-management/dcig-top-five-enterprise-storage-as-a-service-solutions"><em>Turn ambition into advantage</em></a></p></div></div><p>“Rubrik&apos;s IPO filing is a significant development in the backup industry, coming closely after the news of Cohesity&apos;s acquisition of Veritas. This market movement underscores the continued importance of data protection for organizations across all industries and sizes.”</p><p>Cole argued the growing volume of data being created, collected, and stored by businesses around the world means demand for products to manage and secure this has similarly ballooned.</p><p>“We recognise that solution stacks continue to evolve to keep up with the explosion of data, which is increasingly distributed across edge devices and cloud environments,” he said. </p><p>“This distributed data landscape remains challenging for most companies to manage effectively, making it more important for organizations to rely on vendors who can provide end-to-end solutions across the entire data lifecycle.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ European Commission falls foul of data protection regulations over Microsoft 365 use ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/european-commission-falls-foul-of-data-protection-regulations-over-microsoft-365-use</link>
                                                                            <description>
                            <![CDATA[ An EU watchdog found the European Commission’s use of Microsoft 365 infringed data protection regulations ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">96JYjUJgmHqEc4vzP58ogF</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Qn79WSJmyUGsQzPGiuufLF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 12 Mar 2024 13:30:01 +0000</pubDate>                                                                                                                                <updated>Tue, 12 Mar 2024 14:19:47 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ george.fitzmaurice@futurenet.com (George Fitzmaurice) ]]></author>                    <dc:creator><![CDATA[ George Fitzmaurice ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/N4xHCjSAXKcijjt3oiQtfc.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Qn79WSJmyUGsQzPGiuufLF-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[European Union flags waiving at Berlaymont building of the European Commission in Brussels, Belgium]]></media:description>                                                            <media:text><![CDATA[European Union flags waiving at Berlaymont building of the European Commission in Brussels, Belgium]]></media:text>
                                <media:title type="plain"><![CDATA[European Union flags waiving at Berlaymont building of the European Commission in Brussels, Belgium]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Qn79WSJmyUGsQzPGiuufLF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The European Commission infringed <a href="https://www.itpro.com/general-data-protection-regulation-gdpr/30326/what-is-a-data-protection-officer">data protection</a> rules within its own jurisdiction, according to an investigation by the European Data Protection Supervisor (EPDS).</p><p>The European Commission reportedly infringed rules through its management of Microsoft 365 data.  The EDPS found the Commission had broken a number of key provisions, including the “<a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">EU’s data protection law</a> for EU institutions, bodies, offices, and agencies.” </p><p>Perhaps most notably, the Commission breached provisions for managing the safe transferral of personal data outside the EU or European Economic Area (EEA).</p><p>The EDPS found it failed to provide “appropriate safeguards” to ensure that personal data transferred outside of the EU or EEA was afforded an “essentially equivalent level of protection as guaranteed in the EU/EEA.” </p><p>According to the privacy watchdog, the Commission also failed to clearly specify what type of personal data was to be collected and for what purposes it was to be collected when using Microsoft 365. </p><p>Several infringements concerned “all processing operations” carried out by the Commission when using Microsoft 365, and a “large number of individuals” were therefore affected.</p><p>“It is the responsibility of the EU institutions, bodies, offices and agencies (EUIs) to ensure that any processing of personal data outside and inside the EU/EEA, including in the context of cloud-based services, is accompanied by robust data protection safeguards and measures,” said Wojciech Wiewiórowski of the EDPS.</p><p>The European Commission’s role as a data controller also formed part of the inquiry, with the investigation extending to data processing and personal data transfers carried out on the commissions behalf.  </p><h2 id="the-european-commission-will-face-penalties-xa0">The European Commission will face penalties </h2><p>On the basis of this investigation&apos;s results, the EDPS has ordered the Commission to suspend all the data flows to Microsoft and its affiliates or sub-processors outside of the EU that result from the use of <a href="https://www.itpro.com/business-operations/productivity/368063/microsoft-365-vs-google-workspace">Microsoft 365</a>.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WEBINAR</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="n5Tiup4AxKCZyxH3pobFZX" name="Regain IT and security control_ How Cloudflare’s connectivity cloud tames complexity_listing.jpg" caption="" alt="A webinar screen with contributor images, with  discussions around how to tame IT and security complexities with Cloudflare" src="https://cdn.mos.cms.futurecdn.net/n5Tiup4AxKCZyxH3pobFZX.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Cloudflare)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-management/regain-it-and-security-control-how-cloudflares-connectivity-cloud-tames-complexity"><em>Discover the factors that contribute to the loss of IT security control</em></a></p></div></div><p>The EU watchdog will also order the Commission to bring its Microsoft 365 processing operations “into compliance with Regulation (EU) 2018/1725.” The Commission must comply with both these orders by 9 December 2024.</p><p>“The EDPS considers that the corrective measures it imposes … are appropriate, necessary and proportionate in light of the seriousness and duration of the infringements found,” the watchdog said. </p><p>Noting the important public role of the Commission, however, the EDPS did note that it would look to avoid compromising the Commission’s ability to “carry out its tasks in the public interest.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ A lack of AI guidance is causing GDPR headaches for UK businesses ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/a-lack-of-ai-guidance-is-causing-gdpr-headaches-for-uk-businesses</link>
                                                                            <description>
                            <![CDATA[ Businesses are failing to make sure that their staff know the rules around data privacy ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jpsSmcb7xAdibQAdCLjRFU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/YQssKvvY9UjP8oW4X7UPyC-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 26 Feb 2024 11:45:04 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/YQssKvvY9UjP8oW4X7UPyC-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Digital illustration of a human brain mimicking artificial intelligence]]></media:description>                                                            <media:text><![CDATA[Digital illustration of a human brain mimicking artificial intelligence]]></media:text>
                                <media:title type="plain"><![CDATA[Digital illustration of a human brain mimicking artificial intelligence]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/YQssKvvY9UjP8oW4X7UPyC-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Two-in-five UK businesses are failing to offer staff any guidance on the use of artificial intelligence (AI), leading to some risky behavior.</p><p>While half of UK office workers are using generative AI at least once a week, and one in five every day, they are not getting the advice they need, research by Veritas finds.</p><p>Half said they need guidelines or mandatory policies on generative AI use from their bosses, with 44% offering no guidance at all. </p><p>One in four believe that this would create a more level playing field, 68% believe it is essential to know how to use <a href="https://www.itpro.com/technology/artificial-intelligence/amazing-ai-tools-to-try-today">AI tools</a> in the right way, and 85% believe there should be some form of national or international regulation around AI.</p><p>And, it seems, guidance is badly needed. Two-fifths of UK office workers admit that they or a colleague have inputted sensitive information, such as customer, financial or sales data, into a public generative AI tool.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="VMrB8Sbsh83QDZSCPXQ9UA" name="GettyImages-1499008205-cyber-security-tunnel-crop.jpg" caption="" alt="A CGI render of a shield-shaped tunnel to represent AI cyber security. A light can be seen at the end of the tunnel, which is formed from orange and blue energy against a black background." src="https://cdn.mos.cms.futurecdn.net/VMrB8Sbsh83QDZSCPXQ9UA.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/tech-workers-fear-generative-ai-could-drive-women-out-the-workforce">Tech workers fear generative AI could "drive women out the workforce"</a><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/investment-in-uk-ai-firms-plummeted-last-year-despite-the-hype-surrounding-generative-ai">Investment in UK AI firms plummeted last year despite the hype surrounding generative AI</a><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/ai-employee-monitoring-will-only-burn-bridges-in-the-workplace">AI employee monitoring will only burn bridges in the workplace</a></p></div></div><p>Six-in-ten fail to recognize that doing so could result in sensitive information leaking outside the corporate walls, with a similar number unaware that this can cause their organization to fall foul of data privacy compliance regulations.</p><p>"Without guidance from leaders on how or if to utilize generative AI, some employees are using it in ways that put their organizations at risk," said Sonya Duffin, solutions lead at Veritas Technologies.</p><p>"Organizations could face regulatory compliance violations or miss out on opportunities to increase efficiency across their entire workforce. Both issues can be resolved with effective <a href="https://www.itpro.com/technology/artificial-intelligence-ai/369959/what-is-generative-ai">generative AI</a> guidelines and policies on what’s OK and what’s not."</p><p>Two-fifths of UK office workers are using AI to do their research, 43% to write their emails, and 17% to help write company reports. One in ten say they&apos;re simply using it to look good in front of their boss.</p><p>However, this is causing division amongst colleagues, with 29% believing that colleagues who are using it should be reported to line managers, and a quarter believing they should either get a pay cut or face disciplinary action.</p><p>Under <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a>, anyone inputting data into a generative AI needs to comply with GDPR in terms of legal basis, transparency and security. Organizations should prepare a <a href="https://www.itpro.com/data-protection/34416/how-to-perform-a-data-protection-impact-assessment-dpia-under-gdpr">Data Protection Impact Assessment</a> (DPIA) and limit unnecessary processing.</p><p>Organizations developing or using generative AI, says the <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner&apos;s Office</a> (ICO), should be considering their <a href="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures">data protection</a> obligations from the outset, taking a data protection by design and by default approach.</p><p>"The message is clear: thoughtfully develop and clearly communicate guidelines and policies on the appropriate use of generative AI and combine that with the right data compliance and governance toolset to monitor and manage their implementation and ongoing enforcement," Duffin said.</p><p>"Your employees will thank you, and your organization can enjoy the benefits without increasing risk."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ GDPR costs are forcing firms to rethink data strategies ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/gdpr-costs-are-forcing-firms-to-rethink-data-strategies</link>
                                                                            <description>
                            <![CDATA[ GDPR rules could be making data management more complex and costlier, causing firms to roll back their data collection and storage activities ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">M4GZKYP3R3fs5unnQyiEgh</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/FtNCoJ674CGi3HFhErDC6H-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 26 Feb 2024 11:35:57 +0000</pubDate>                                                                                                                                <updated>Mon, 26 Feb 2024 15:02:37 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ solomon.klappholz@futurenet.com (Solomon Klappholz) ]]></author>                    <dc:creator><![CDATA[ Solomon Klappholz ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/z2aSrrbwGAyWwinHzGraAP.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.&lt;/p&gt;
&lt;p&gt;Before he joined ITPro, Solomon graduated from the University of Warwick in 2018 with a BA (Hons) in Philosophy, Politics, and Economics which included an intercalated year studying Philosophy at the Erasmus University, Rotterdam.&lt;/p&gt;
&lt;p&gt;Outside of the office, Solomon enjoys reading, visiting new art exhibitions, and playing football.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/FtNCoJ674CGi3HFhErDC6H-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Data protection and data storage concept image showing a hand touching an interactive display.]]></media:description>                                                            <media:text><![CDATA[Data protection and data storage concept image showing a hand touching an interactive display.]]></media:text>
                                <media:title type="plain"><![CDATA[Data protection and data storage concept image showing a hand touching an interactive display.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/FtNCoJ674CGi3HFhErDC6H-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The EU’s landmark General Data Protection Regulation (<a href="https://www.itpro.com/security/data-protection/gdpr">GDPR</a>) is costing companies more to store and manage their data and is causing them to reduce the quantity of data they collect and store, new research indicates. </p><p>The National Bureau of Economic Research (NBER) has issued a working paper looking into how European businesses have responded to the privacy laws just almost 6 years ago in 2018.</p><p>The <a href="https://www.nber.org/system/files/working_papers/w32146/w32146.pdf" target="_blank">paper</a> constructed an estimate of the increased costs GDPR is incurring on firms using a production function with storage and computation as the primary inputs, estimating a 20% increase in the cost of data on average.</p><p>In addition, the authors calculated the implementation of GDPR resulted in a 4% increase in the cost of producing information.</p><p>Previous survey evidence cited in the study found GDPR compliance costs typically range from $1.7 million for small to medium-sized enterprises to $70 million for large enterprises.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="9PUsy8YAihSuQ4tMfNRkCa" name="Software_Developer_GettyImages-1450616449.jpg" caption="" alt="Female software developer using GitHub Copilot AI assistant on computer station with screen reflection in her spectacles." src="https://cdn.mos.cms.futurecdn.net/9PUsy8YAihSuQ4tMfNRkCa.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/software/agile-development-has-a-security-problem-and-developer-champions-could-be-the-key-to-ensuring-safer-software">Agile development has a security problem - and developer ‘champions’ could be the key to ensuring safer software</a><a data-analytics-id="inline-link" href="https://www.itpro.com/software/developers-relying-on-github-copilot-could-be-creating-dangerously-flawed-code">Developers relying on GitHub Copilot could be creating dangerously flawed code</a><a data-analytics-id="inline-link" href="https://www.itpro.com/security/ransomware/bowing-to-ransomware-demands-doesnt-guarantee-the-safety-of-your-data-or-exemption-from-future-attacks">Nearly 80% of firms hit by ransomware in the last two years were compromised a second time</a></p></div></div><p>The study found EU firms had adapted by decreasing their data storage by just over a quarter and their <a href="https://www.itpro.com/business-operations/31681/what-is-data-processing">data processing</a> by 15%, relative to comparable US firms.</p><p>Speaking to <em>ITPro, </em>Alasdair Anderson, VP and GM of EMEA at Protegrity, said GDPR has made <a href="https://www.itpro.com/strategy/29269/what-is-data-management">data management</a> more arduous for companies and that although the initial investment spike has subsided, costs to businesses are still high.</p><p>“GDPR has undoubtedly added complexity and cost to all businesses working with consumer data. While the investment required has flattened out since the 2018 implementation deadline, the cost of business-as-usual remains stubbornly high.”</p><p>Anderson reported he is seeing customers allocate more time and money to their data strategy, but this forced investment has resulted in them generally having better quality data and thus being better placed to take advantage of <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI</a> tools.</p><p>“Our customers are now spending more time and money on their data than ever before. As commercial investments begin to focus on the enablement of AI, we would expect to see European businesses benefit from higher-quality AI outputs from their better-quality data inputs.”</p><h2 id="with-stronger-enforcement-comes-greater-responsibility">With stronger enforcement comes greater responsibility</h2><p>In July 2023, the <a href="https://www.itpro.com/tag/eu">EU</a> commission proposed a new law aimed at providing data protection authorities with more comprehensive procedural rules for enforcing GDPR in cases that span more than one member state’s jurisdiction.</p><p>David Dumont, partner at law firm Hunton Andrews Kurth LLP, told <em>ITPro</em> the law was an attempt to complement the original regulation and address a weakness it exhibited when applied to cross-border cases.</p><p>“The European Commission’s proposal is intended to complement, not alter, the GDPR. The aim of the proposed Regulation is to enhance the efficiency of cross-border data protection enforcement, which has been a point of criticism over the past years.”</p><p>Dumont argued, however, that the EU and relevant DPAs need to be aware of the responsibility they have when enforcing these regulations, which could result in levying multi-million dollar fines on businesses in the region</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="vUWDa7awGwo6FS8grsHUmf" name="The data store for AI_listing.jpg" caption="" alt="An eBook from IBM on integrating a data lakehouse strategy into your data architecture" src="https://cdn.mos.cms.futurecdn.net/vUWDa7awGwo6FS8grsHUmf.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: IBM)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/hybrid-cloud/the-data-store-for-ai"><em>Reduce costs, simplify data access, and automate unified governance to scale AI</em></a></p></div></div><p>The harmonization proposed in July 2023 expanded the scope of their authority, streamlining the process for penalizing firms found to be in violation of the regulations, and authorities should be cognizant of the consequences of a successful prosecution, according to Dumont.</p><p>“With more and stronger enforcement by the data protection authorities comes greater responsibility,” he said. </p><p>“Clear procedural rules with adequate safeguards for the defendants’ interests, such as the right to be heard and protective measures for safeguarding the defendants’ confidential information, are pivotal as organizations involved in enforcement proceedings face potentially major consequences, including multi-million euro fines which may end their business. The aim should be better enforcement instead of more.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Data privacy will be a critical enterprise focus in 2024 - and generative AI has torn up the rulebook ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/data-privacy-will-be-a-critical-enterprise-focus-in-2024-and-generative-ai-has-torn-up-the-rulebook</link>
                                                                            <description>
                            <![CDATA[ Ahead of Data Privacy Day, industry experts told ITPro that firms must prioritize security, staff awareness, and the responsible use of emerging technologies to prevent major data protection blunders ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">5LS6eYAb56gXHfek5Rqvwm</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ckqjvi4jTnxqRTMAHn4ZFE-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sun, 28 Jan 2024 18:00:49 +0000</pubDate>                                                                                                                                <updated>Mon, 29 Jan 2024 13:36:22 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ solomon.klappholz@futurenet.com (Solomon Klappholz) ]]></author>                    <dc:creator><![CDATA[ Solomon Klappholz ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/z2aSrrbwGAyWwinHzGraAP.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.&lt;/p&gt;
&lt;p&gt;Before he joined ITPro, Solomon graduated from the University of Warwick in 2018 with a BA (Hons) in Philosophy, Politics, and Economics which included an intercalated year studying Philosophy at the Erasmus University, Rotterdam.&lt;/p&gt;
&lt;p&gt;Outside of the office, Solomon enjoys reading, visiting new art exhibitions, and playing football.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ckqjvi4jTnxqRTMAHn4ZFE-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Data privacy and digital security concept art showing digital cloud image with locked padlock]]></media:description>                                                            <media:text><![CDATA[Data privacy and digital security concept art showing digital cloud image with locked padlock]]></media:text>
                                <media:title type="plain"><![CDATA[Data privacy and digital security concept art showing digital cloud image with locked padlock]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ckqjvi4jTnxqRTMAHn4ZFE-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Data privacy has become a recurring flashpoint for both consumers and businesses alike in recent years amid a flurry of major data breaches. </p><p>Within the last month, the issue was once again thrust into the public consciousness with news of the largest data leak of all time, known as the ‘<a href="https://www.itpro.com/security/data-breaches/why-the-mother-of-all-breaches-is-a-wake-up-call-for-everyone">mother of all breaches</a>’, that saw more than 26 billion records exposed.</p><p>Evolving industry trends have also given rise to more frequent discussions about data privacy through the proliferation of <a href="https://www.itpro.com/cloud-computing/28037/what-is-iot">IoT</a> devices, the shift to cloud, increased <a href="https://www.itpro.com/business/business-strategy/356096/remote-working-are-you-ready-for-the-new-normal">remote-working</a>, and the rapid adoption of generative <a href="https://www.itpro.com/strategy/28181/what-is-ai">artificial intelligence</a> (AI).</p><p>Corporate networks globally are growing in size and complexity, resulting in a sprawling<a href="https://www.itpro.com/security/cyber-security/369983/what-is-attack-surface-management"> attack surface</a> ripe for targeting by increasingly sophisticated threat actors.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="2tJwSpj9g49CmTpeMXwCN4" name="security_GettyImages-1442484864.jpg" caption="" alt="Security concept art stock image featuring padlock on a blue background" src="https://cdn.mos.cms.futurecdn.net/2tJwSpj9g49CmTpeMXwCN4.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/why-cyber-attacks-are-getting-quicker-and-costlier">Why cyber attacks are getting quicker and costlier</a><a data-analytics-id="inline-link" href="https://www.itpro.com/security/midnight-blizzard-claims-another-big-tech-scalp-with-hpe-hack-just-days-after-microsoft-breach-and-more-victims-could-be-coming">Midnight Blizzard claims another big tech scalp with HPE hack just days after Microsoft breach - and more victims could be coming</a><a data-analytics-id="inline-link" href="https://www.itpro.com/security/data-breaches/the-23andme-data-breach-is-getting-messier-by-the-day">The 23andMe data breach is getting messier by the day</a></p></div></div><p>Across 2024, industry experts predict that both security threats and breaches will continue to escalate, prompting increased investment from enterprises and a sharpened focus among IT leaders on data privacy and <a href="https://www.itpro.com/security">security</a>, according to Greg Clark, director of product management at OpenText.</p><p>Speaking to <em>ITPro</em>, Clark said businesses need to take both their data footprint and the threat landscape into account when developing their data strategies.</p><p>“Businesses need to understand their data footprint and threat landscape. Only then, they will be able to devise smart strategies needed for the evolving business environments of today,” Clark argued.</p><p>“Data discovery tools, especially those that go beyond data mapping or metadata scans, are essential for privacy programs as they help businesses find data, understand risk and set priorities with internal stakeholders and business owners to mitigate compliance and financial risks.”</p><p>Mark Molyneux, EMEA CTO at <a href="https://www.itpro.com/cloud/cloud-security/cohesity-expands-partnership-with-google-cloud-to-drive-generative-ai-data-insights">Cohesity</a>, told <em>ITPro</em> the security measures businesses have previously employed to protect data will need to be expanded to reflect the specific threats they will face in 2024.</p><p>“Previous concepts that build additional and higher security walls around data and systems no longer do justice to this new world,” he said. “Because even the highest wall becomes permeable when employees click on the wrong things, software products have hundreds of vulnerabilities, and remote working has stretched the entire security architecture.”</p><p>“Networks, although they are shielded by thousands of individual tools in large companies, have become much more permeable to hackers,” Molyneux added.</p><p>Chief security officer at flexible-work specialist GoTo, Attila Török, suggested shoring-up employee <a href="https://www.itpro.com/security/data-breaches/three-essential-requirements-for-flawless-data-protection">data protection</a> awareness should be a key objective in the year ahead.</p><p>“In 2024 businesses should be firing on all cylinders to scale up employee security, utilize zero trust products, continue to enforce a strong acceptable use policy (AUP), and move toward <a href="https://www.itpro.com/security/367243/how-to-implement-passwordless-authentication">passwordless authentication</a>. These are simple yet powerful ways we can improve and modernize current practices to ensure that cyber threats can’t breach company systems.”</p><h2 id="data-privacy-will-meet-ai-x2018-head-on-x2019-in-2024">Data privacy will meet AI ‘head-on’ in 2024</h2><p>Beyond protecting data from external threats, companies also need to be aware of how to maintain privacy while using the data. </p><p>Clark emphasized the attention this requires, particularly when using AI tools, and that firms should employ <a href="https://www.itpro.com/security/privacy/369840/what-are-privacy-enhancing-technologies-pets">privacy-enhancing technologies</a> (PET) accordingly.</p><p>“These technologies can enable organizations with anonymization or de-identification of personal data (non-reversible masking) that has become increasingly important for protecting unstructured data before it hits the <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI</a> pipeline in large language models.</p><p>Feeding private, potentially sensitive data into public models can be a dangerous move for businesses and as such they should add further protections to avoid sensitive data being exposed in this way, Clark explained.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Z8vonbUACcZzmAfYxEe63C" name="Build security for generative AI_listing.jpg" caption="" alt="An AWS eBook  on how to build security for generative AI" src="https://cdn.mos.cms.futurecdn.net/Z8vonbUACcZzmAfYxEe63C.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: AWS)</span></figcaption></figure><p class="fancy-box__body-text"><em>Get tips on how to safely integrate generative AI into your organization</em></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/answering-your-four-biggest-questions-about-generative-ai-security">DOWNLOAD NOW</a></p></div></div><p>“Great AI requires greater data, therefore, businesses must protect the data feeding these models. Encrypting or tokenizing data is also a strategic PET to deploy inside the business to ensure personal data is used responsibly and all privacy obligations are met. Techniques like format-preserving encryption ensure analytics are secure and have referential integrity. PETs help ensure compliance with privacy regulations and build a framework for building trust with customers.”</p><p>Audit alliance manager at software company Drata, Martin Davies, said AI’s impact on data protection in 2024 could be dictated by regulatory controls such as the EU commission’s AI Act.</p><p>“2024 will be the year when Data Privacy will meet AI head-on, and getting the balance of innovation, regulation and protection right will depend on the development of regulatory control”, Davies said.</p><p>He argued regulators will bear much of the responsibility for the level of data protection we see firms adopting in 2024.</p><p>“There is a clear responsibility on the part of global regulators to implement requirements that AI companies must adhere to in order to protect the data privacy of the end user and enable them to make informed decisions about how they interact with <a href="https://www.itpro.com/technology/artificial-intelligence/amazing-ai-tools-to-try-today">AI tools</a>.”</p><h2 id="zero-trust-will-be-a-key-tool-to-bolstering-data-privacy">Zero trust will be a key tool to bolstering data privacy</h2><p>Trevor Dearing, director of critical infrastructure at data center and cloud security firm Illumio, told <em>ITPro </em>current threat levels mean breaches are “inevitable” and as such more mature <a href="https://www.itpro.com/security/network-security/358282/what-is-zero-trust">zero trust</a> systems are required.</p><p>“Breaches are inevitable in today’s world, so businesses must put in place measures to rapidly contain and limit the likelihood of sensitive data being exposed. Traditional tools like firewalls and intrusion detection systems no longer cut it – you can’t use the past to protect the future.”</p><p>Implementing zero trust on corporate networks may cause some headaches, however, as IEEE’s senior member and professor of <a href="https://www.itpro.com/security/28133/what-is-cyber-security">cyber security</a> at Ulster University Kevin Curran explained.</p><p><br></p><p>“Organizations should also make sure that employees have up-to-date security protection on their devices, such as virus checkers, firewalls and device encryption. However, how many actually do this is questionable.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ICO dishes out fine to HelloFresh for marketing spam campaign ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/ico-dishes-out-fine-to-hellofresh-for-marketing-spam-campaign</link>
                                                                            <description>
                            <![CDATA[ HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">w8qRYXi8X5RgKEXm7SMkSm</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/4CaKz9WACSEjNjfb6uMk8A-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 15 Jan 2024 12:04:16 +0000</pubDate>                                                                                                                                <updated>Tue, 16 Jan 2024 19:44:23 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/4CaKz9WACSEjNjfb6uMk8A-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[HelloFresh logo displayed on a smartphone with branding and logo on white background]]></media:description>                                                            <media:text><![CDATA[HelloFresh logo displayed on a smartphone with branding and logo on white background]]></media:text>
                                <media:title type="plain"><![CDATA[HelloFresh logo displayed on a smartphone with branding and logo on white background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/4CaKz9WACSEjNjfb6uMk8A-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Recipe kit delivery service HelloFresh has been fined £140,000 by the <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner&apos;s Office</a> (ICO) for pestering customers with tens of millions of spam messages.</p><p>According to the <a href="https://www.itpro.com/security/data-protection">data protection</a> regulator, the company sent 79 million spam emails and a million texts in just seven months. The messages were sent on the basis of an opt-in statement which the ICO said didn&apos;t make any reference to the sending of <a href="https://www.itpro.com/development/web-development/368206/what-is-seo-marketing">marketing</a> via text.</p><p>Although there was a reference to marketing via email, this came as part of an age confirmation statement which the regulator said was likely to incentivize customers to agree.</p><p>The message read: "Yes, I’d like to receive sample gifts (including alcohol) and other offers, competitions and news via email. By ticking this box I confirm I am over 18 years old".</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="j3qKLuBJWSTwFybkYhYiMH" name="Security_Alert_Stock_Image_GettyImages-1403439566 (1).jpg" caption="" alt="Warning symbol in yellow pictured on a digital blue background signifying a security alert" src="https://cdn.mos.cms.futurecdn.net/j3qKLuBJWSTwFybkYhYiMH.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/data-breaches/almost-one-third-of-data-breaches-reported-to-ico-came-from-outsiders">Almost one-third of data breaches reported to ICO came from outsiders</a><a data-analytics-id="inline-link" href="https://www.itpro.com/security/data-protection/ico-fines-topped-dollar14-million-in-2023-amid-crackdown-by-regulator-on-data-protection-standards">ICO fines topped $14 million in 2023 amid crackdown by regulator on data protection standards</a><a data-analytics-id="inline-link" href="https://www.itpro.com/security/privacy/ico-threatens-to-name-and-shame-cookie-consent-rogues">ICO threatens to name and shame cookie consent rogues</a></p></div></div><p>Customers also weren&apos;t properly warned that their data would continue to be used for marketing purposes for up to 24 months after they had cancelled their subscriptions.</p><p>"This marked a clear breach of trust of the public by HelloFresh," said Andy Curry, head of investigations at the <a href="https://www.itpro.com/tag/ico">ICO</a>.</p><p>"Customers weren’t told exactly what they’d be opting into, nor was it clear how to opt out. From there, they were hit with a barrage of marketing texts they didn&apos;t want or expect, and in some cases, even when they told HelloFresh to stop, the deluge continued."</p><h2 id="hellofresh-complaints-began-in-2022">HelloFresh complaints began in 2022</h2><p>The ICO investigation began in March 2022 following complaints made to both the ICO and to the 7726 spam message reporting service. In some cases, the company carried on contacting people even after they had asked for this to stop.</p><p>"I had previously bought from this company and ensured that I did not consent to marketing material. I was not happy with their service so cancelled my subscription," one complainant said. </p><p>“Recently (last 1-2 months) I have started regularly receiving unsolicited advertising emails from the company, and now they are sending unsolicited text messages."</p><p>The emails and texts were sent in contravention of Regulation 22 of the Privacy and Electronic Communications Regulations (PECR), the investigation found.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Av3nRFiaqEiGSwrqjVywjK" name="How IBM and Adobe craft personalization at scale_listing.jpg" caption="" alt="Whitepaper from IBM on how to create the ideal customer experience, with image of colleagues in a meeting" src="https://cdn.mos.cms.futurecdn.net/Av3nRFiaqEiGSwrqjVywjK.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: IBM)</span></figcaption></figure><p class="fancy-box__body-text"><em>Discover how combining the content supply chain, CX orchestration, and intelligent commerce creates the ideal customer experience<br></em><br><a data-analytics-id="inline-link" href="https://www.itpro.com/business/business-strategy/how-ibm-and-adobe-craft-personalization-at-scale">DOWNLOAD NOW</a></p></div></div><p>The opt-out consent statement wasn&apos;t, as it should have been, &apos;specific&apos; and &apos;informed&apos;, as it didn&apos;t mention SMS, was unclear and bundled with other aspects, and didn&apos;t highlight the fact that customers would carry on receiving messages after they cancelled their HelloFresh subscription.</p><p>"In issuing this fine, we are showing that we will take clear and decisive action where we find the law has not been followed," Curry said. "We will always protect the right of customers to choose how their data is used."</p><p>The ICO said it&apos;s issued more than £2.44 million in fines against companies responsible for nuisance calls, texts and emails since April 2023, with another £2.8 million in 2021/22.</p><p>In December, it took action against Daniel George Bentley and his firm Taipan Trading for sending 2.5 million unsolicited direct marketing text messages, issuing an enforcement notice.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ICO fines topped $14 million in 2023 amid crackdown by regulator on data protection standards ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/ico-fines-topped-dollar14-million-in-2023-amid-crackdown-by-regulator-on-data-protection-standards</link>
                                                                            <description>
                            <![CDATA[ ICO fines across 2023 exceeded £14 million, with TikTok among the worst-hit for data protection violations ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">p2BAKXH8FCV2w36JbGUyfm</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ENwAjoGBgUPcK89tuSbxGP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 05 Jan 2024 11:43:32 +0000</pubDate>                                                                                                                                <updated>Fri, 05 Jan 2024 14:54:33 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ENwAjoGBgUPcK89tuSbxGP-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A photo of a silhouette of a hand holding a gavel is in the foreground, with a futuristic mesh of blue lines in the background]]></media:description>                                                            <media:text><![CDATA[A photo of a silhouette of a hand holding a gavel is in the foreground, with a futuristic mesh of blue lines in the background]]></media:text>
                                <media:title type="plain"><![CDATA[A photo of a silhouette of a hand holding a gavel is in the foreground, with a futuristic mesh of blue lines in the background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ENwAjoGBgUPcK89tuSbxGP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner’s Office</a> (ICO) fined businesses more than £14.3 million for misusing data last year, according to an analysis by cyber security and data protection consultancy CSS Assure.</p><p>ICO fines were imposed on 18 businesses, with the ICO also reprimanding 36 companies, issuing enforcement notices against a further 19, and prosecuting four businesses for failing to meet their obligations on information rights.</p><p>The year&apos;s largest fine, £12.7 million, was imposed on social media platform TikTok for breaching data protection law around the use of children’s personal data, with the ICO estimating that up to 1.4 million under-13s in the UK were able to use the video sharing app in 2020.</p><p>Charlotte Riley, director of information security at CSS Assure, said the ICO fines underline the serious repercussions faced by businesses for failing to adhere to robust data protection standards.</p><p>"The fines imposed by the ICO in 2023 highlight the serious consequences of misusing data," she said. "Mishandling personal information not only violates data protection laws but also erodes trust among consumers."</p><p>"TikTok’s £12.7 million penalty underscores the importance of lawful use of personal data and implementing appropriate safeguards, especially when it involves children," Riley added. "TikTok is a large, well-known brand, and its fine was substantial due to the sheer amount of data involved."</p><h2 id="ico-fines-issued-for-marketing-violations">ICO fines issued for marketing violations</h2><p>There were a combined £310,000 in ICO fines for three marketing firms found to be making a total of 483,051 unsolicited marketing calls to businesses and sending 107 million spam emails to jobseekers, analysis from CSS Assure revealed. </p><p>Similarly, two energy firms were fined a combined £250,000 for making marketing calls to people on the UK’s ‘do not call’ register.</p><p>A business support consultancy was also fined £30,000 for sending 558,354 direct marketing SMS messages without valid consent while an appliance service and repair company was fined £200,000 for making more than 1.7 million unsolicited direct marketing calls.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="jsDf3jLZpHDSCdinKXkGKb" name="security_padlock_GettyImages-1472032995 (1).jpg" caption="" alt="A digital padlock pictured on a circuit board" src="https://cdn.mos.cms.futurecdn.net/jsDf3jLZpHDSCdinKXkGKb.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/data-breaches/almost-one-third-of-data-breaches-reported-to-ico-came-from-outsiders">Almost one-third of data breaches reported to ICO came from outsiders</a><a data-analytics-id="inline-link" href="https://www.itpro.com/security/privacy/surge-in-workplace-monitoring-prompts-new-ico-guidelines-on-employee-privacy">Surge in workplace monitoring prompts new ICO guidelines on employee privacy</a><a data-analytics-id="inline-link" href="https://www.itpro.com/security/privacy/ico-threatens-to-name-and-shame-cookie-consent-rogues">ICO threatens to name and shame cookie consent rogues</a></p></div></div><p>During the second half of the year, 10 companies were collectively fined more than £800,000 for sending a total of 4,698,841 unwanted text messages, 39,906,342 emails, and making 1,937,028 nuisance phone calls.</p><p>Riley said the sharpened focus on cracking down on nuisance calls and spam marketing tactics serves a clear message to organizations across the country for the year ahead.</p><p>"The fines imposed on businesses for unsolicited calls and text messages, and spam emails, as well as firms for disregarding the &apos;do not call&apos; register, demonstrate the significant impact of invasive marketing practices," she said.</p><p>"These penalties send a clear message that companies must respect individuals’ privacy preferences and refrain from bombarding them with unwanted communications."</p><h2 id="the-ico-had-a-x201c-busy-year-x201d-in-2023">The ICO had a “busy year” in 2023</h2><p>The ICO described 2023 as &apos;a busy year&apos;, noting that it handled 116,000 business service calls and 70,000 public advice calls. </p><p>The watchdog also received more than 33,000 <a href="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures">data protection complaints</a> and over 7,000 FOI complaints, with 288 investigations opened and 346 closed.</p><p>Its priorities for this year, it said, are to support the new <a href="https://www.itpro.com/business/policy-and-legislation/data-protection-and-digital-information-dpid-bill-small-businesses">Data Protection and Digital Information (DPDI) bill</a> as it makes its way through Parliament, and to set out clear expectations that privacy and <a href="https://www.itpro.com/technology/artificial-intelligence">artificial intelligence</a> (AI) go hand in hand.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="FzDEWPg3WQaL7frXgSRaPo" name="A journey to cyber resilience_listing.jpg" caption="" alt="An eBook from SecurityScorecard on how to measure your business' cyber resilience" src="https://cdn.mos.cms.futurecdn.net/FzDEWPg3WQaL7frXgSRaPo.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: SecurityScorecard)</span></figcaption></figure><p class="fancy-box__body-text"><em>Enhance your organizations cyber resilience with proactive threat intelligence</em><br><br><a data-analytics-id="inline-link" href="https://www.itpro.com/security/a-journey-to-cyber-resilience">DOWNLOAD NOW</a></p></div></div><p>Speaking at TechUK’s Digital Ethics Summit last month, information commissioner John Edwards said the regulator will be taking a measured approach to <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI</a> in 2024, but warned businesses that data privacy standards must be a key consideration.</p><p>"I want to make it clear from the very start that we are not against organizations using AI," he said.</p><p>"We just want to ensure that they are using AI in sensible, privacy-respectful ways, ensuring that people’s personal information and privacy rights remain protected throughout."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ OpenAI’s Irish data processing move could ward off regulatory scrutiny ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/openais-irish-data-processing-move-could-ward-off-regulatory-scrutiny</link>
                                                                            <description>
                            <![CDATA[ OpenAI aims to assuage concerns about GDPR compliance in a similar move to other big tech firms ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">xt6JM4oLL2PomFqSR5CZiD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/L2vcwhRpeLeooQziAUvYxA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 03 Jan 2024 14:34:17 +0000</pubDate>                                                                                                                                <updated>Wed, 03 Jan 2024 15:21:15 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/L2vcwhRpeLeooQziAUvYxA-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[OpenAI and ChatGPT logos displayed on a smartphone with a black background]]></media:description>                                                            <media:text><![CDATA[OpenAI and ChatGPT logos displayed on a smartphone with a black background]]></media:text>
                                <media:title type="plain"><![CDATA[OpenAI and ChatGPT logos displayed on a smartphone with a black background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/L2vcwhRpeLeooQziAUvYxA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>OpenAI’s plans to shift European data processing to Ireland represent a significant step to ensuring GDPR compliance, but questions still remain over its US influence, experts have warned.  </p><p>In an email to users, OpenAI said it plans to make its Irish subsidiary the official data controller for customers that live in the European Economic Area (EEA) and Switzerland.</p><p>The announcement follows the opening of a Dublin office in September, with the data processing change due to be made on February 15.</p><p>"We have changed the OpenAI entity that provides services such as ChatGPT to EEA and Swiss residents to our Irish entity, OpenAI Ireland Limited,” users were told in an email by the firm.</p><p>There&apos;s also been a similar update to the company&apos;s <a href="https://openai.com/policies/eu-privacy-policy">privacy policy</a>.</p><p>The move from OpenAI appears to be a concerted effort to reduce regulatory friction across the European Union. The California-based tech giant has been embroiled in a series of data protection-related battles over the last year, with Italian regulators suspending the use of ChatGPT in April 2023 amid GDPR concerns.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="oPZFhwVpfQoKkTHnrgwqfD" name="Sam Altman OpenAI CEO - GettyImages-1257740433.jpg" caption="" alt="The OpenAI CEO Sam Altman in a darkly lit room" src="https://cdn.mos.cms.futurecdn.net/oPZFhwVpfQoKkTHnrgwqfD.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Imags)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/openai-talks-a-big-game-with-its-gpt-store-but-will-it-deliver-quality">OpenAI talks a big game with its GPT Store, but will it deliver quality?</a><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/openai-could-fast-become-a-money-pit-for-investors">OpenAI could fast become a money pit for investors</a><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/why-openai-is-fighting-a-losing-battle-with-in-house-chips">Why OpenAI is fighting a losing battle with in-house chips</a></p></div></div><p>Similarly, Polish regulators opened an investigation into the company in September following a complaint from privacy researcher and author of <em>Philosophy of Cybersecurity,</em> Lukasz Olejnik.</p><p>A key point of contention is the way OpenAI processes personal data, with critics complaining that it lacks a legal basis to justify the mass collection and storage of data, along with claims that it fails to adequately protect children.</p><p>Its activities, it&apos;s alleged, breach GDPR in terms of lawful basis, transparency, fairness, data access rights, and privacy by design. Regulators in both Germany and Spain have expressed similar concerns.</p><p>In the wake of Italy&apos;s decision, the European Data Protection Board (EDPB) <a href="https://edpb.europa.eu/news/news/2023/edpb-resolves-dispute-transfers-meta-and-creates-task-force-chat-gpt_en">announced</a> plans to launch a dedicated task force to foster cooperation and to exchange information on possible enforcement actions by data protection authorities against the company.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="bAGM7vLtC3xkReh7yQwtVa" name="generative-AI-storage-motherboard-GettyImages-1495819409.jpg" caption="" alt="Brain hovering above a chip on a motherboard, denoting AI and hardware" src="https://cdn.mos.cms.futurecdn.net/bAGM7vLtC3xkReh7yQwtVa.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><strong>The enterprise’s guide for Generative AI</strong></p><p class="fancy-box__body-text"><em>Discover how GenAI can change the way your organization operates</em></p><p class="fancy-box__body-text"><br><a data-analytics-id="inline-link" href="https://www.itpro.com/software/the-enterprises-guide-for-generative-ai">DOWNLOAD NOW</a></p></div></div><p>The GDPR’s “one-stop-shop” mechanism allows companies operating in the EU to have their privacy overseen by a single lead data supervisory authority, rather than having a free-for-all with each national privacy watchdog able to take action unilaterally.</p><p>By moving its European data processing to Ireland, OpenAI aims to ensure that its compliance with GDPR is monitored by the country&apos;s Data Protection Commission (DPC).</p><p>In this sense, it is following the likes of Google, Apple, Meta and TikTok.</p><p>While the DPC has investigated and issued a number of fines against big tech firms, it&apos;s widely seen as being both slow and over-lenient in its decisions.</p><p>Last year, Ireland’s data protection commissioner Helen Dixon said that while generative AI needed to be regulated, it would be unwise to rush into bans that “really aren&apos;t going to stand up”.</p><p>Speaking to <em>ITPro</em>, Olejnik said that the move by OpenAI will help attempts to calm regulators across the union, but questioned whether the influence of US operations could create friction further down the line.</p><p>"Having a local desk would aid in contact with the local EU regulators in various terms. It will not necessarily function as a go-to place for the needs of the EU <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a>, though," he said.</p><p>"It is the US HQ that is making the actual substantial decisions about the designs, so considering the existing way that some EU DPAs decide, it is not necessarily relevant to data processing, at least not always."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Using Excel for data analysis vs management ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/using-excel-for-data-analysis-vs-management</link>
                                                                            <description>
                            <![CDATA[ With many public sector organizations using Excel for data analysis and management, what are the risks and benefits of each approach? ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">SwVoDZfUUvpKnfwmnnb9MX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/CYwBvmmqU5ZvgFF5jipEUF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 07 Dec 2023 12:47:05 +0000</pubDate>                                                                                                                                <updated>Fri, 17 May 2024 15:12:57 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Kate O&#039;Flaherty ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LUULv6n7VJ3BHPnaoLHHdg.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/CYwBvmmqU5ZvgFF5jipEUF-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A 2D graphic depicting a Microsoft Excel spreadsheet. Behind the spreadsheet, a dark green shape with cogs on it can be seen, to represent data analysis. In one corner, a businessman holds an oversized magnifying glass to focus on highlighted cells on the spreadsheet, and in the other corner a block carries math symbols.]]></media:description>                                                            <media:text><![CDATA[A 2D graphic depicting a Microsoft Excel spreadsheet. Behind the spreadsheet, a dark green shape with cogs on it can be seen, to represent data analysis. In one corner, a businessman holds an oversized magnifying glass to focus on highlighted cells on the spreadsheet, and in the other corner a block carries math symbols.]]></media:text>
                                <media:title type="plain"><![CDATA[A 2D graphic depicting a Microsoft Excel spreadsheet. Behind the spreadsheet, a dark green shape with cogs on it can be seen, to represent data analysis. In one corner, a businessman holds an oversized magnifying glass to focus on highlighted cells on the spreadsheet, and in the other corner a block carries math symbols.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/CYwBvmmqU5ZvgFF5jipEUF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft’s Excel is cost-effective and easy to use, which are major draws for public sector organizations and small businesses. However, Excel has been under the spotlight over the last few months after the data breaches at the Police Service of Northern Ireland (PSNI) saw personal information inadvertently exposed in spreadsheets shared as part of a <a href="https://www.itpro.com/policy-legislation/30218/what-is-a-freedom-of-information-foi-request"><u>Freedom of Information (FOI) request</u></a>.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="JsN9VN75xknNiXBEL7gN5X" name="GettyImages-1362619910-data-driven-decisions-crop.jpg" caption="" alt="A hand touching a screen upon which a visualization of data is displayed in a red and green box chart. It represents data-driven decision-making, with the person touching the screen deriving value from the graph." src="https://cdn.mos.cms.futurecdn.net/JsN9VN75xknNiXBEL7gN5X.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business/business-strategy/how-data-driven-decision-making-can-inform-the-channel" target="_blank">How data-driven decision-making can inform the channel</a></p></div></div><p>The fear of another high-profile incident was so great that in September, UK regulator the <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico"><u>Information Commissioner’s Office (ICO)</u></a> issued a <a href="https://www.itpro.com/security/data-protection/ico-warns-against-excel-spreadsheets-to-curb-public-sector-data-breaches"><u>warning against using Excel spreadsheets</u></a> when responding to FOI requests.</p><p>There’s no doubt Excel is a flexible tool for <a href="https://www.itpro.com/strategy/29269/what-is-data-management"><u>data management</u></a> and analysis, but its openness can lead to security concerns and leave it vulnerable to breaches of regulation such as the <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know"><u>General Data Protection Regulation (GDPR)</u></a>.</p><p>Many public sector organizations are currently using Excel to manage and analyze their data. What are the risks and benefits of each approach?</p><h2 id="how-easy-is-it-to-use-excel-for-data-analysis">How easy is it to use Excel for data analysis?</h2><p>Excel is well-known and has been around for a long time so ease of use is one of its biggest benefits, says Katie McCullough, CISO at Panzura. “Virtually everyone knows how to navigate an Excel spreadsheet and that&apos;s a huge plus when you&apos;re trying to implement a system across an organization with varying levels of technical skill.”</p><p>Excel enables a variety of data manipulations and calculations, which is why it&apos;s often leaned on for <a href="https://www.itpro.com/business-intelligence/28220/what-is-data-analytics"><u>data analytics</u></a>, says McCullough. It’s also specifically aimed at business users and the <a href="https://www.itpro.com/operating-systems/microsoft-windows/356801/need-excel-training-try-these-10-cheap-or-free-options"><u>best Excel courses</u></a> can teach employees how to use the software to dramatically improve their efficiency at work. However, she says, Excel’s accessibility can be a “double-edged sword”. </p><p>When using the tool for data management, Excel&apos;s openness can lead to significant security concerns, says McCullough. “When you&apos;re handling sensitive public sector data, the unstructured nature of Excel can make it difficult to maintain control over who has access to the information and how it&apos;s being altered.”</p><p>Auditability can also be a challenge. “If you can&apos;t track the provenance of the data or the changes made to it, you&apos;re going to run into problems when you need to substantiate your findings or decisions, says McCullough. “While Excel is a powerful tool for analysis, its use for managing data – especially sensitive information – requires careful consideration of these inherent risks.”</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="3eEDrX7h6oGDSPSq46Qh9S" name="Building an outstanding digital experience_listing.jpg" caption="" alt="Whitepaper from BT on how to build an outstanding digital experience" src="https://cdn.mos.cms.futurecdn.net/3eEDrX7h6oGDSPSq46Qh9S.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: BT)</span></figcaption></figure><p class="fancy-box__body-text"><em>Discover how banks and financial services organizations can deliver the digital experiences customers expect</em><br><br><br><a data-analytics-id="inline-link" href="https://www.itpro.com/business/digital-transformation/building-an-outstanding-digital-experience">DOWNLOAD NOW</a></p></div></div><p>While sensitive data can be easily stored in Excel spreadsheets, this can be hard to do in compliance with <a href="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures"><u>data protection policies and procedures</u></a>. Indeed, Excel was never designed as a <a href="https://www.itpro.com/data-management/30216/three-keys-to-successful-data-management"><u>data management</u></a> tool: It is “simply too easy” for users to expose sensitive information to unintended audiences, says Nelson Petracek, CTO at business planning company Board International. </p><p>“Data is not managed in a way that is easily controlled or secured, and users can hide information via hidden tabs and columns, embedded data elements, formatting – or even by moving it to an area outside of the normal viewpoint,” Petracek says.</p><p>“This makes it difficult to determine if sensitive data exists in a workbook or Excel application.”</p><p>Security in Excel is typically set at a workbook or worksheet level, which is “simply not a fine enough level of granularity to ensure proper data security and privacy”, adds Petracek. “It is also easy to send files over insecure channels, lose track of versions, or for files to be sent or carried outside of an organization’s firewall.”</p><h2 id="the-risk-of-excel-macros">The risk of Excel macros</h2><p>Another security issue that has already been the subject of a <a href="https://www.ncsc.gov.uk/guidance/macro-security-for-microsoft-office"><u>warning</u></a> by the UK’s National Cyber Security Centre (NCSC) is macros. These are action scripts used to automate tasks in Excel and are often helpful for obtaining insights within the software. But they can also negatively impact security as Blake Jeffrey, general manager, security and identity at Intelliworx, tells <em>ITPro</em>. “Macros are often created for legitimate reasons, but they can also be used by attackers to gain access to or harm a system, or to bypass other security controls.”</p><p>At the same time, building a proper <a href="https://www.itpro.com/policy-legislation/data-governance/369834/building-a-data-governance-strategy">data governance strategy</a> and meeting compliance checks can be a challenge with Excel, says Jeffrey. “Excel lacks the specific features needed to manage complex tasks related to GDPR for example, such as data mapping, consent management, and data subject access request handling.”</p><p>The issue is not unique to UK organizations, as the US is impacted by security and data protection concerns too. “In the US and UK, public sector organizations often deal with sensitive data and Excel may not provide the level of security required,” says Jasmine Harrison, account manager at Data Protection People. </p><p>Regulations such as the Health Insurance Portability and Accountability Act (HIPAA) “emphasize stringent data protection measures”, she points out.</p><iframe width="100%" height="200px" frameborder="0" data-lazy-priority="low" data-lazy-src="https://widget.spreaker.com/player?episode_id=57393245&theme=light&playlist=false&playlist-continuous=false&chapters-image=true&episode_image_position=right&hide-logo=true&hide-likes=true&hide-comments=true&hide-sharing=true&hide-download=true"></iframe><p>Beyond regulation, Microsoft’s <a href="https://support.microsoft.com/en-us/office/using-access-or-excel-to-manage-your-data-09576147-47d1-4c6f-9312-e825227fcaea" target="_blank"><u>own guidance</u></a> recommends using Excel for data analysis and its software Access for data management – but this is frequently ignored. Experts say Access is a more structured and secure database management system. However, Excel&apos;s familiarity and popularity can make it the go-to choice, even when it&apos;s not the best fit for data management, says Harrison. </p><p>Excel is also readily available as part of the Microsoft Office suite that most organizations already have, McCullough points out. This means that despite the best intentions of Microsoft&apos;s guidance, the “convenience and familiarity of Excel” often leads to its use in scenarios better suited for a dedicated database management system such as Access. But this doesn’t make Excel the best option for <a href="https://www.itpro.com/data-insights/databases/357305/how-to-improve-database-costs-performance-and-value"><u>database costs, performance, and value</u></a> in the long run.</p><h2 id="alternatives-to-excel-for-data-management">Alternatives to Excel for data management</h2><p>It’s clear Excel is not fit for purpose when it comes to storing sensitive data, but what’s the alternative? While there are other options available, many of the pitfalls are the same, says McCullough. “It’s important to weigh the options against the risks, especially given the recent ICO guidance. The ICO emphasizes the importance of data integrity and security, which are critical for any organization, regardless of size.”</p><p>For smaller organizations, the key is to find solutions that maintain the simplicity and user-friendliness of Excel while offering enhanced security and data management features, says McCullough. </p><p><a href="https://www.itpro.com/business-operations/productivity/363979/google-sheets-vs-microsoft-excel">Google Sheets is one alternative to Excel</a>. “It&apos;s a familiar spreadsheet environment with the added advantage of automatic <a href="https://www.itpro.com/cloud/cloud-storage/368014/what-is-google-cloud-storage">Google cloud storage</a> and version control, which is not a perfect solution, but can help with data integrity,” McCullough says. It also allows for easier control of user access, which she says “aligns somewhat” with the ICO&apos;s emphasis on data protection.</p><p>While other options are available, the likes of OneTrust might be too expensive for smaller organizations, says Harrison. With this in mind, she recommends alternatives such as DataWise, which “may be more budget-friendly in comparison”.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="VUDZptndWJDCBjYxYfV9u6" name="python-code-GettyImages-1346778393.jpg" caption="" alt="Python code on a screen" src="https://cdn.mos.cms.futurecdn.net/VUDZptndWJDCBjYxYfV9u6.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/software/microsoft/could-python-in-excel-be-a-boon-for-cryptocurrency-miners">Could Python in Excel be a boon for cryptocurrency miners?</a></p></div></div><p>However, it&apos;s not just about picking a different spreadsheet tool: Organizations must understand the need for <a href="https://www.itpro.com/big-data-analytics/34532/structured-vs-unstructured-data-management">structured data management</a> practices, says McCullough. “Even with alternatives such as Google Sheets, the principles of good data management are the same – knowing where your data is, who has access to it, and ensuring it&apos;s backed up and recoverable in the event of an incident.”</p><p>To <a href="https://www.itpro.com/security/data-breaches/358455/10-ways-to-protect-your-company-from-the-next-big-data-breach">protect your company from the next big data breach</a>, it’s important to assess the tools you use for data management. Ease of use or employee familiarity should never come second to proper data controls.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Scope of GDPR fines to be limited under new EU ruling ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/scope-of-gdpr-fines-to-be-limited-under-new-eu-ruling</link>
                                                                            <description>
                            <![CDATA[ GDPR fines can only be imposed if infringement was intentional or negligent, according to the court ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">RuEtCntciwSzb4dMGTSeH4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ecKxRRhsQPQkQqPbk6L5NF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 07 Dec 2023 11:40:39 +0000</pubDate>                                                                                                                                <updated>Thu, 07 Dec 2023 15:56:17 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ecKxRRhsQPQkQqPbk6L5NF-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The statue of justice, goddess of justice in front of European union flag]]></media:description>                                                            <media:text><![CDATA[The statue of justice, goddess of justice in front of European union flag]]></media:text>
                                <media:title type="plain"><![CDATA[The statue of justice, goddess of justice in front of European union flag]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ecKxRRhsQPQkQqPbk6L5NF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A new ruling by the Court of Justice of the European Union (CJEU) limits the circumstances in which GDPR fines can be imposed on organizations.</p><p>The decision follows the case of a German real estate company, Deutsche Wohnen, after it was accused of retaining customer data longer than necessary by the Berlin Data Protection Commissioner in 2019.</p><p>The original fine of €14.5 million was reversed in 2021 on the grounds that, under German law, the company could only be held responsible if a specific individual or executive could be blamed.</p><p>However, hearing an appeal on the case, the CJEU ruled that a “data controller may not have an administrative fine imposed on it for an infringement of the GDPR unless that infringement was committed wrongfully; that is to say, intentionally or negligently”.</p><p>The result has been welcomed by Deutsche Wohnen.</p><p>"The case raised important questions about the application of GDPR," said Kai Mertens, a partner at Squire Patton Bogg, which represented the firm in the case.</p><p>"We are pleased that the European Court of Justice has now clarified that only an intentional or negligent infringement of the GDPR may result in an administrative fine."</p><p>The court ruled, though, that a controller can be punished for breaching the GDPR if they “could not have been unaware” of the illegality of their actions - regardless of whether they understood that they were in breach of GDPR provisions.</p><h2 id="ruling-offers-clarity-on-gdpr-fines">Ruling offers clarity on GDPR fines</h2><p><a href="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures">Data protection</a> expert Jonathan Kirsop of law firm Pinsent Masons said the decision provides welcome clarification.</p><p>"The judgment seems to limit the scope for fines being imposed for more ‘technical’ or administrative <a href="https://www.itpro.com/security/data-breaches">breaches</a> where a controller has acted in good faith and with its best efforts to ensure appropriate processes in place," he said.</p><p>"That said, fines will still be imposed where a controller should have known that it had committed a breach, whether or not it did so."</p><p>The decision applies to any organization that has a subsidiary within the EU that processes the personal data of EU citizens, or that offers goods and services within the union.</p><p>Kirsop believes that the UK government and <a href="https://www.itpro.com/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico">Information Commissioner’s Office</a> (ICO) are likely to adopt the CJEU&apos;s approach.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ovMSxaaARrLd4LYsh7bM4m" name="The Business Value of Zscaler Data Protection_listing.jpg" caption="" alt="Whitepaper cover with male and female colleague looking at, and pointing to, a digital padlock" src="https://cdn.mos.cms.futurecdn.net/ovMSxaaARrLd4LYsh7bM4m.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Zscaler)</span></figcaption></figure><p class="fancy-box__body-text"><strong>The business value of Zscaler Data Protection</strong></p><p class="fancy-box__body-text"><em><br>Discover a tool that minimizes the risks related to data loss and other security events</em></p><p class="fancy-box__body-text"><br><a data-analytics-id="inline-link" href="https://www.itpro.com/security/data-protection/the-business-value-of-zscaler-data-protection">DOWNLOAD NOW</a><br></p></div></div><p>"The CJEU’s finding, as a general rule, reflects how the ICO has tended to seek to enforce the UK <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a> by focusing on those violations which had the most impact and were derived from a materially deficient approach by controllers," he said.</p><p>"The UK government is currently seeking to update the UK data protection regime, with the Data Protection and Digital Information Bill currently before parliament, but the Bill maintains the administrative fine framework and principles of the GDPR, notwithstanding that it envisages expanding these to encompass electronic marketing violations."</p><p>As part of the ruling, the court also considered a Lithuanian case in which the National Public Health Centre under the Ministry of Health contested a €12,000 fine relating to a mobile app for registering and monitoring the data of people exposed to Covid 19.</p><p>The court concluded that an organization found to have breached <a href="https://www.itpro.com/security/data-protection/gdpr">GDPR</a> can be fined based on the turnover of its parent company, as well as its own turnover - thus increasing potential fines.</p><p>"By maintaining that an undertaking may encompass a group of entities – where engaged in a common economic activity – the court is explicit that group turnover will often be the basis for calculation," Kirsop added.</p><p>This, he noted, "closes the door for any attempt to create artificial group structures with controllers placed in legal entities with limited turnover."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Nvidia drives regional sovereign data infrastructure with new partnership ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/nvidia-drives-regional-sovereign-data-infrastructure-with-new-partnership</link>
                                                                            <description>
                            <![CDATA[ The Nvidia Inception program will shore up data sovereignty concerns for participating organizations ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">u8Wm5Vhefujd3qYgg7kDQD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/gYmNbiCnYrDELhj23qARRA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 20 Nov 2023 12:14:39 +0000</pubDate>                                                                                                                                <updated>Mon, 20 Nov 2023 14:49:41 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/gYmNbiCnYrDELhj23qARRA-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Nvidia logo on the side of a building]]></media:description>                                                            <media:text><![CDATA[Nvidia logo on the side of a building]]></media:text>
                                <media:title type="plain"><![CDATA[Nvidia logo on the side of a building]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/gYmNbiCnYrDELhj23qARRA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Nvidia and cloud service provider Scaleway have announced a new partnership aimed at driving the availability of sovereign infrastructure across Europe. </p><p>The two have teamed up to offer European startups cloud credits, access to GPUs, <a href="https://www.itpro.com/technology/artificial-intelligence-ai/370313/why-is-big-tech-choosing-nvidia-for-ai">Nvidia AI</a> Enterprise software, and large language models (LLMs) all on sovereign infrastructure based in the EU.</p><p>Through the deal, Scaleway, a subsidiary of French telecoms firm Iliad, is offering cloud credits for access to its <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI</a> supercomputer cluster, with 1,016 Nvidia H100 Tensor Core GPUs.</p><p>The firm said its sovereign infrastructure push aims to ensure compliance with EU <a href="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures">data protection</a> legislation. The firm’s data centers hold compliance certifications that ensure data security for critical services such as healthcare and public services.</p><p>This expanded access to sovereign computing comes via Nvidia&apos;s Inception program, a free global scheme that provides technical guidance, training, discounts, and networking opportunities. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="YQssKvvY9UjP8oW4X7UPyC" name="Generative_AI_Brain_GettyImages-1726117807.jpg" caption="" alt="Digital illustration of a human brain mimicking artificial intelligence" src="https://cdn.mos.cms.futurecdn.net/YQssKvvY9UjP8oW4X7UPyC.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence-ai/370313/why-is-big-tech-choosing-nvidia-for-ai">Why is big tech racing to partner with Nvidia for AI?</a><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/public-cloud/will-nvidias-ai-dominance-shake-up-the-public-cloud-big-three">Will Nvidia&apos;s AI dominance shake up the public cloud ‘big three’?</a><a data-analytics-id="inline-link" href="https://www.itpro.com/technology/artificial-intelligence/nvidia-announces-next-generation-ai-chip-in-preparation-for-trillion-parameter-llms">Nvidia announces next-generation AI chip in preparation for trillion-parameter LLMs</a></p></div></div><p>It&apos;s already attracted startups such as <a href="https://www.itpro.com/technology/artificial-intelligence/ai-goldrush-continues-as-hugging-face-snags-dollar235-million-from-ibm">Hugging Face</a>, which hosts operations in both the US and France.</p><p>"AI is the new way of building technology, and making the fastest AI accelerators accessible within regional clouds is key to democratizing AI across the world, enabling enterprises and startups to build the experiences of tomorrow," said Jeff Boudier, head of product at Hugging Face.</p><p>Scaleway said its new Nabuchodonosor supercomputer - an Nvidia DGX SuperPOD with 127 Nvidia DGX H100 systems - will help startups in France and across Europe scale up AI workloads.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="bvmLpWwnDGsuH7nN6zDy2n" name="The right workload in the right cloud_listing.jpg" caption="" alt="Whitepaper cover with title over an image of a city with a lightning bolt shaped cloud above in the blue sky" src="https://cdn.mos.cms.futurecdn.net/bvmLpWwnDGsuH7nN6zDy2n.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: CDW)</span></figcaption></figure><p class="fancy-box__body-text"><em>Looking to get more from your cloud experience? Discover the benefits of multi-cloud designed by Dell and CDW.</em></p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-management/the-right-workload-in-the-right-cloud"><strong>DOWNLOAD RESOURCE</strong></a></p></div></div><p>Regional Inception members will also be able to access Nvidia AI Enterprise software on Scaleway Marketplace, including the Nvidia NeMo framework and pretrained models for building large language models. </p><p><br></p><p>Access to Nvidia Rapids for accelerated data science will also be offered alongside options for Nvidia Triton Inference Server and Nvidia TensorRT-LLM for boosting inference.</p><p>This will offer access to cloud computing credits, Nvidia Deep Learning Institute courses, technology experts, preferred pricing on hardware and software, and guidance on the latest software development kits and AI frameworks.</p><h2 id="xa0-heightened-data-sovereignty-concerns-xa0"> Heightened data sovereignty concerns </h2><p>Under EU regulations, cloud services must be operated and personal data held within the EU to ensure <a href="https://www.itpro.com/security/28133/what-is-cyber-security">data security</a> and <a href="https://www.itpro.com/security/privacy">privacy</a> standards. This practice has been introduced due to lingering concerns that data could be shared with US government agencies. </p><p><a href="https://www.itpro.com/security/data-protection/why-the-matrix-offers-valuable-lessons-on-data-sovereignty-for-channel-partners">Data sovereignty</a> has become a regulatory flashpoint in recent months, with proposed new rules potentially requiring non-EU cloud providers such as <a href="https://www.itpro.com/software/microsoft">Microsoft</a>, Google, and AWS to enter into partnership with EU firms if they want to operate within the union.</p><p>Serge Lemonde, Nvidia Inception program lead for EMEA and India, said the partnership will help shore up data sovereignty efforts for participating organizations.</p><p>"When doing business in Europe, US companies, for example, need to comply with EU regulations on sovereignty to secure data against access from foreign adversaries or entities," he said. </p><p>"Noncompliance risks data vulnerabilities, financial penalties and legal consequences."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ DMA calls on UK parliament to push through data reform bill ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/dma-calls-on-uk-parliament-to-push-through-data-reform-bill</link>
                                                                            <description>
                            <![CDATA[ SMBs across the UK believe the DPDI bill could unlock significant business benefits ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">MQwpYwstnkUsHF4iVFWfeC</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/bMrMpeGHAcJtiRYA53sF3o-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 08 Nov 2023 12:45:37 +0000</pubDate>                                                                                                                                <updated>Wed, 08 Nov 2023 15:45:40 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/bMrMpeGHAcJtiRYA53sF3o-1280-80.jpg">
                                                            <media:credit><![CDATA[n/a]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Parliament]]></media:description>                                                            <media:text><![CDATA[Parliament]]></media:text>
                                <media:title type="plain"><![CDATA[Parliament]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/bMrMpeGHAcJtiRYA53sF3o-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Technology experts have called on the UK government to accelerate efforts to push through the Data Protection and Digital Information (DPDI) Bill during the current parliament. </p><p>Chris Combemale, CEO of the Data & Marketing Association (DMA) urged the government to bring forward the legislation as quickly as possible in the wake of the King’s speech on Tuesday 7 November. </p><p>The DPDI bill will see the UK diverge from the EU’s <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know">GDPR</a> legislation, which the government believes will boost the economy, encourage innovation, and reduce cumbersome red tape for businesses across the country. </p><p>"The Bill will create an innovative and flexible data protection regime which maintains the UK’s high standards of data protection,” the government said previously. </p><p>"At the same time, we will reduce burdens on businesses and researchers, and enable innovation in science, innovation and technology that advance the health and prosperity of society to the benefit of the British people."</p><p>Under the terms of the bill, only organizations whose processing activities are likely to pose high risks to individuals&apos; rights and freedoms will need to have a <a href="https://www.itpro.com/general-data-protection-regulation-gdpr/30326/what-is-a-data-protection-officer">data protection officer</a> and conduct risk assessments. </p><p>Customer data can be shared to provide services such as personalized market comparisons and account management, and more organizations will be exempt from the rules on consent to cookies.</p><p>Crucially, the definition of &apos;legitimate interest&apos; will be clarified to include attracting and retaining customers.</p><p>The bill was first introduced in summer 2022, but was withdrawn in March this year to be replaced by a new version aimed at managing a delicate balance between reducing regulation and retaining the <a href="https://www.itpro.com/policy-legislation/data-protection/358674/eu-grants-the-uk-provisional-data-adequacy-status">data adequacy deal</a> the UK currently holds with the EU.  </p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Rk4rhgMAJAHdkstmkcawmC" name="Trend Micro Vision One_listing.jpg" caption="" alt="An image of Trend Micro Vision One" src="https://cdn.mos.cms.futurecdn.net/Rk4rhgMAJAHdkstmkcawmC.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Trend Micro)</span></figcaption></figure><p class="fancy-box__body-text"><em>Discover how the XDR Workbench enables alert prioritization based on security scores<br></em><br><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/370275/analysing-the-economic-benefits-of-trend-micro-vision-one">DOWNLOAD NOW</a></p></div></div><p>Combemale said momentum on pushing through the bill must be stepped up in order to ensure UK businesses can maximize the use of data and unlock economic benefits. </p><p>"<a href="https://www.itpro.com/tag/data-privacy">Data privacy</a> reforms included within the DPDI Bill are key to unlocking business growth and realizing the full potential of the UK digital economy, by further enabling businesses to use customer insights to simultaneously improve the productivity of businesses and create relevance for customers," he said.</p><p>Combemale pointed to DMA research that shows two-thirds of UK-based SMBs are keen to see data privacy reform and the removal of needless red tape. </p><p>Nearly half (43%) of survey respondents said their business growth has been stunted by <a href="https://www.itpro.com/security/data-protection/gdpr">GDPR</a> since its introduction. </p><p>Meanwhile, over three-quarters believe that the processing of personal data is vital to the growth and success of their business. 79% of respondents stated that greater certainty around the use of legitimate interest as a legal basis for <a href="https://www.itpro.com/policy-legislation/general-data-protection-regulation-gdpr/361244/podcast-transcript-can-codes-of">direct marketing</a> would make it easier to build customer bases.  </p><p>"There is strong support for these opportunities across the UK’s SME community, as demonstrated by our latest research, so we would urge the UK Parliament to complete passage without hesitation,”  Combemale said. </p><p>The bill is now at the report stage and awaiting its third reading before progressing to the House of Lords.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ICO warns against Excel spreadsheets to curb public sector data breaches ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/ico-warns-against-excel-spreadsheets-to-curb-public-sector-data-breaches</link>
                                                                            <description>
                            <![CDATA[ The ICO's advisory follows a spate of data protection blunders at UK police forces in recent months ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mdquGKJSAnfkbU4khST5WF</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/HWqWDvcx4A4DFQfRyBhCan-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 28 Sep 2023 11:23:32 +0000</pubDate>                                                                                                                                <updated>Thu, 28 Sep 2023 13:45:31 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (Ross Kelly) ]]></author>                    <dc:creator><![CDATA[ Ross Kelly ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Y5vrV2V98Np6jHAGmAtCd3.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/HWqWDvcx4A4DFQfRyBhCan-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[ICO advises against spreadsheets story, illustrated by a Microsoft Excel spreadsheet window mockup in a cartoon style, set against a pale blue background]]></media:description>                                                            <media:text><![CDATA[ICO advises against spreadsheets story, illustrated by a Microsoft Excel spreadsheet window mockup in a cartoon style, set against a pale blue background]]></media:text>
                                <media:title type="plain"><![CDATA[ICO advises against spreadsheets story, illustrated by a Microsoft Excel spreadsheet window mockup in a cartoon style, set against a pale blue background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/HWqWDvcx4A4DFQfRyBhCan-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The UK’s Information Commissioner’s Office (ICO) has issued an advisory to public bodies urging them to “stop using spreadsheets” when responding to requests made under the Freedom of Information Act 2000 (FoI). </p><p>The advisory notice called for an “immediate end” to the use of Excel spreadsheets when responding to public requests for information, and outlined a series of recommendations for public authorities to follow. </p><p>The ICO listed a number of core recommendations for responses. Public bodies have been advised against replying to FoI requests with spreadsheets containing “hundreds or thousands of rows”.</p><p>A recommendation to improve investment in <a href="https://www.itpro.com/strategy/29269/what-is-data-management"><u>data management</u></a> systems that “support data integrity” was included in the guidance.</p><p>In addition, police services were advised to “convert spreadsheets and sensitive metadata into open reusable formats, such as comma-separated value (CSV) files”.</p><p>The advisory also called for better staff training for those involved in disclosing information to prevent the exposure of sensitive data. </p><p>UK information commissioner John Edwards said it’s “imperative” that robust measures are maintained by public authorities when dealing with personal information. </p><p>“The advice we have issued sets out the bare minimum that public authorities should be doing to protect personal data when responding to information access requests, and to reassure the people they serve, and their staff, that their information is in safe hands.”</p><p>While the ICO did not explicitly cite recent incidents, the advisory notice follows a series of FoI-related data protection blunders at UK police services across the country. </p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="m4RrtVqjwT66yyg8FYA9RP" name="Capture_a_strategic_approach_to_security (1).jpg" caption="" alt="A webinar screen with title and host name on the topic of a strategic approach to security" src="https://cdn.mos.cms.futurecdn.net/m4RrtVqjwT66yyg8FYA9RP.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Cloudflare)</span></figcaption></figure><p class="fancy-box__body-text"><em>Learn how to address inflation, political tensions, and supply chain challenges that influence your IT security in this webinar from Cloudflare </em></p><p class="fancy-box__body-text"><br><a data-analytics-id="inline-link" href="https://www.itpro.com/security/a-strategic-approach-to-security-intelligent-collaborative-and-efficient">DOWNLOAD FOR FREE</a></p></div></div><p>Personal information belonging to thousands of police officers and staff in Northern Ireland was exposed in August after a document was mistakenly uploaded in response to a <a href="https://www.itpro.com/policy-legislation/30218/what-is-a-freedom-of-information-foi-request"><u>freedom of information request</u></a>.  </p><p>The data breach exposed the names of around 10,000 actively serving officers and civilian staff. </p><p>Within the space of a week, this incident was followed by breaches at two other forces elsewhere in the UK. </p><p>Norfolk and Suffolk police revealed a “technical issue” that resulted in <a href="https://www.itpro.com/it-legislation/27814/what-is-gdpr-everything-you-need-to-know"><u>personally identifiable information</u></a> being exposed during a routine freedom of information response. </p><p>Details of hundreds of crime victims, suspects, and witnesses were exposed in the incidents. Much of the information leaked pertained to domestic abuse, assault, theft, and sexual offense cases.</p><p>Both police services have since apologized for the <a href="https://www.itpro.com/data-protection/28177/data-protection-policies-and-procedures"><u>data protection</u></a> blunders.  </p><p>“The recent personal data breaches are a reminder that data protection is, first and foremost, about people,” Edwards said. </p><p>“We have seen both the immediate and ongoing impact that the release of such sensitive personal information has had on the individuals and families involved, and that is why I have taken this action.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Why MSPs should focus their attention on data protection services, not backup ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/data-protection/why-msps-should-focus-their-attention-on-data-protection-services-not-backup</link>
                                                                            <description>
                            <![CDATA[ Accommodating for unique customer needs should be a key focus for channel partners ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">NF6p865zCF2AE4Dhaucspk</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/JiT3Ap3nyi8dqAUWbuxrF7-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 06 Sep 2023 11:30:00 +0000</pubDate>                                                                                                                                <updated>Thu, 24 Apr 2025 19:39:30 +0000</updated>
                                                                                                                                            <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Eric Harless ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/sAYjqva4FWGFgMBDuf5Y2d.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/JiT3Ap3nyi8dqAUWbuxrF7-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security padlock operating on the electronic circuit CPU]]></media:description>                                                            <media:text><![CDATA[Security padlock operating on the electronic circuit CPU]]></media:text>
                                <media:title type="plain"><![CDATA[Security padlock operating on the electronic circuit CPU]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/JiT3Ap3nyi8dqAUWbuxrF7-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Asking a customer to change their backup solution can be trickier than asking them to change any other part of their IT setup. </p><p>When a customer is comfortable with their backup and trusts it, there’s a perception that changing it means taking a risk with something unknown. </p><p>But the result is a trend whereby backup solutions tend to be taken on by an accommodating MSP, rather than switching the customer to the MSP’s preferred solution. </p><p>Unfortunately, for the MSPs who agree to this, this can quickly lead to maintaining several different <a href="https://www.itpro.com/backup/34178/picking-the-perfect-business-backup"><u>backup products</u></a>. Keeping a few customers happy can quickly become a major headache and a drain on resources. </p><h2 id="the-pitfalls-of-multiple-backup-solutions">The pitfalls of multiple backup solutions</h2><p>MSPs often manage four or more backup solutions at once. Sometimes these are at different stages of maturity — one is being onboarded, another is being sunset, and yet another is used for long-term retention — while others are maintained due to customer demand. </p><p>This can get increasingly out of control. </p><p>Each additional backup solution means more cost and not reaping the benefits of scale that comes from serving many customers with the same solution. Each solution means more complexity and more opportunity for something to go wrong. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="XegarHTRJ8d3dP2u3UkF7g" name="Matrix_Stock_Photo_GettyImages-1395726393 (1).jpg" caption="" alt="Close-up of computer screen displaying green zeroes and ones" src="https://cdn.mos.cms.futurecdn.net/XegarHTRJ8d3dP2u3UkF7g.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/data-protection/why-the-matrix-offers-valuable-lessons-on-data-sovereignty-for-channel-partners">Why The Matrix still offers valuable lessons on data sovereignty</a></p></div></div><p>When almost any other system goes wrong, the problem will be flagged immediately, usually by the customer complaining. </p><p>Backup, on the other hand, has the potential to go wrong without anyone noticing. It shouldn’t, of course, automatic alerts and dashboards should flag up the problem, but any sensible MSP won’t rely on this alone. They’ll want to check — and checking on several solutions obviously takes more time.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ThKG9CKMVvCXMCPLoSSo4d" name="A prudent approach to major security incidents_listing.jpg" caption="" alt="Dark whitepaper cover with orange shapes behind text: A prudent approach to major security incidents" src="https://cdn.mos.cms.futurecdn.net/ThKG9CKMVvCXMCPLoSSo4d.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: ServiceNow)</span></figcaption></figure><p class="fancy-box__body-text"><em>Confidently protect your organization from cyber criminals.<br></em><br><a data-analytics-id="inline-link" href="https://www.itpro.com/security/a-prudent-approach-to-major-security-incidents">DOWNLOAD FOR FREE</a></p></div></div><p>There are also additional costs thanks to the need for patches on multiple systems and training staff on all systems. Inevitably, with multiple solutions, some staff will be experts on some but not others, which can cause issues when staff leave or even just take time off. </p><p><a href="https://www.itpro.com/business-strategy/careers-training/367757/beating-the-it-brain-drain"><u>Knowledge gaps</u></a> are far more common when there are too many solutions to maintain. MSPs need to either tackle this problem before it takes hold or start to change how they work with their customers when it comes to protecting their data.  </p><h2 id="don-x2019-t-sell-x2018-backup-x2019">Don’t sell ‘backup’</h2><p>Of course, when we say, “don’t sell backup”, we don’t mean it quite as literally as it first appears. MSPs shouldn’t be selling their customers on a <a href="https://www.itpro.com/storage/29803/best-backup-software"><u>specific backup solution</u></a>. Instead, they should be selling <a href="https://www.itpro.com/data-protection/28020/data-protection-principles"><u>data protection services</u></a>.</p><p>What does this mean in practice? MSP customers shouldn’t have to care about the name of a product — all they need to know is the agreed SLA and recovery targets. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="8TbsahzKZ53F2B5cCVYakE" name="Dark_web_Stock_GettyImages-1417398548.jpg" caption="" alt="A web structure imposed on a black background" src="https://cdn.mos.cms.futurecdn.net/8TbsahzKZ53F2B5cCVYakE.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/how-mssps-can-leverage-dark-web-intelligence-to-counter-emerging-threats">How MSSPs can leverage dark web intelligence</a></p></div></div><p>How this is done should be down to the MSP, rather than the customer. All the customer needs to care about is their business remaining operational should the worst happen. </p><p>MSPs and their customers should spend time working out what will be protected (data, systems, applications), how often backups will take place, how quickly it can be recovered, and what it will cost. </p><p>People might care about the logo on the front of the car they are driving — they care much less about who made the vehicle if they’re taking transit — all they care about is whether it’s comfortable and gets them there on time.  </p><p>This is easier said than done. Some customers, as mentioned above, may be unwilling to change what already works for them. Changing the conversation to targets and SLAs over solutions may help, but this is in effect a sales conversation much like any other, with a need to outline the benefits and objections to overcome. </p><p>No MSP would want to say “no” to a potential customer, but they need to keep in mind that taking on an extra product is not trivial, and the time spent on onboarding and training — among other costs — has the potential to drastically reduce how profitable that customer could be. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="EXeL4hPNVaTQPuTt2HGWAF" name="Brain_Evolution_Stock_GettyImages-1436010616.jpg" caption="" alt="Digital generated image of multi coloured gear wheels connected together in shape of brain on grey background" src="https://cdn.mos.cms.futurecdn.net/EXeL4hPNVaTQPuTt2HGWAF.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business/business-strategy/how-to-bring-your-people-on-your-digital-evolution-journey">How to bring your people with you on your digital evolution journey</a></p></div></div><p>MSPs have spent a great deal of time and energy shifting from old break/fix business models. Working with multiple <a href="https://www.itpro.com/server-storage/backup/357713/how-good-is-your-backup-really"><u>backup solutions</u></a> due to customer demand is in some ways a holdover from those old ways of working. </p><p>Taking a firm line, while selling the benefits of their preferred data protection services, is key to making backup a profitable part of the business. And it’s vital for educating on customer security too, which should always be the role of the MSP. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>