In a recent NAFP session, we approached the subject of data transfers. Transferring data is something agencies do everyday in one form or another and it became clear during the discussion that the approach to these transfers differs from agency to agency.

Here are a few of the transfer scenarios:

  • Agency to agency
  • Reporting to the inspectorate
  • Subject access requests
  • Third party consultations
  • Police and LADO investigations
  • Change in an agency’s system of record (Charms, Jellybabies, Intuitive Care etc.)

It is important to remember that when changing a business process that involves a lot of Personal Information or Special Categories of personal information, companies are required to conduct a Data Protection Impact Assessment

This means that not only do you have to articulate the business change risks, but you also need to understand the technical controls that mitigate those risks.

We will look at some scenarios, based on true events, to help understand the potential pitfalls of not getting it right.

Whilst the UK GDPR and ICO advice is clear that appropriate technical controls must be used when transferring or processing personal information, it is not always clear what these measures are. Most of our clients understand that the use of encryption is a key control, but what type of encryption is appropriate?

You would be right in thinking that some forms of security such as encryption are set ‘out of the box’, but how do you know? Do you know if TLS (Transport Layer Security) is set or limited to the correct version? What if the receiving party is not set to the same standard? We know there are often challenges when trying to communicate with specific individuals when they may use group mailboxes.

Guardian Saints will look at these data transfer challenges and will explain some key concepts to help you make the right decisions when transferring or processing information. We will also help you to differentiate between sharing data and transferring data; yes, they are different things!

We will take questions during the session for your specific issues and will either provide an answer on the day or revert back to questions after the event, after all, as Chris frequently says… ‘No one knows everything.’

Guardian Saints is a not for profit community interest company founded in 2014 by two parents and a foster carer all with successful careers in cyber security, data protection and compliance within the corporate sector

(this event will be hosted on Zoom; delegates will be emailed details of how to join a few days beforehand)

Book a place

Registered as a company in England & Wales No. 06717310 Registered office: Corbridge Business Centre, Tinklers Yard, Corbridge, Northumberland NE45 5SB
Log in | Powered by White Fuse