Guidance and Commentary
These pages include both guidance and topical commentary on aspects of business information risk.
You can also browse our extensive Integrated InfoSec library of risk-related material.
Please let us know if there’s a specific topic you would like covered.

Some realities of risk  04/10/21
To assess the likelihood of a scenario reliably, we must first assess the likelihoods of its causal factors..

Take the Red Pill  
Just how reliable are your risk assessments? The tools may be letting you down.

Diligence or disaster?  21/08/2019
Businesses are unwittingly leaking confidential documents via online anti-virus services

Article 14 – beware of the leopard  05/04/2019
Inadequate compliance with Article 14 of the GDPR attracts a €220,000 fine in Poland

GDPR and the use of web tracking  28/03/2019
Questions in the European parliament on the extent and lawfulness of tracking on government web sites

Data protection contingency planning for a 'no deal' Brexit  15/01/2019
Twelve steps small and medium businesses should take now to cover themelsves in case of a ‘no deal’ Brexit

GDPR, data transfers and Brexit  03/09/2018
The possibility of disruption to personal data exchanges with the EU after Brexit remains to be formally addressed and the clock is ticking for British businesses

Multiple GDPR lawful bases per purpose  31/08/2018
We discuss the controversy around using multiple lawful bases per purpose and propose a safer alternative

Instant expertise in the GDPR?  23/08/2018
We challenge the fantasy of five-day training for Data Protection Officers

The ‘big six’ Data Protection myths  25/07/2018
We identify six prevalent myths about the GDPR that many businesses have fallen for, preventing them achieving compliance

The GDPR lawful bases for processing  21/07/2018
For most businesses, the five generally applicable lawful bases for processing under the GDPR fall into a natural hierarchy that faciliates appropriate selection

GDPR-compliant privacy notice structure  15/06/2018
Our recommendations on the structure and content of privacy notices for GDPR compliance