Conor Donnelly, Author at IT Governance Blog En

Facebook under investigation by the Irish Data Protection Commissioner

Conor Donnelly 18th December 2018 Data Protection, GDPR, Irish Blogs No Comments

Last Friday, Facebook announced that it has uncovered a bug that may have affect up to 6.8 million of its members. This bug gave third-party apps access to more users’ photos than they originally thought. The bug was found in …

[Continue Reading...]

Who requires a DPO?

Conor Donnelly 24th July 2018 Data Protection, GDPR No Comments

Under the GDPR, certain organisations are required to appoint a DPO (data protection officer). Organisations are also required to publish the details of their DPO and provide these details to their national supervisory authority.

[Continue Reading...]

The DPO role and why you should consider outsourcing it

Conor Donnelly 17th July 2018 Data Protection, GDPR No Comments

Under the EU GDPR (General Data Protection Regulation), which came into force on 25 May 2018, certain organisations are required to appoint a DPO (data protection officer).

[Continue Reading...]

Teamwork is key to your organisation’s cyber security

Conor Donnelly 13th July 2018 Cyber Security No Comments

Staff awareness is key to ensuring an organisation is secure. All members of staff need to be able to spot suspicious activity and, more importantly, know who to report this to, to ensure it is properly dealt with.

[Continue Reading...]

NIS Directive: Adopt a “human first” approach to compliance

Conor Donnelly 20th June 2018 Cyber Security, ISO 27001 No Comments

Organisations should take a “human-first approach” to preparing for the Directive on security of network and information systems (NIS Directive), the new law designed to help ensure that essential services remain operational, says the co-founder and chief technology officer of …

[Continue Reading...]

5 practical tips for planning ISO 27001 internal audits

Conor Donnelly 19th June 2018 Cyber Security, ISO 27001 No Comments

Control A15.2 of ISO 27001 requires that, as part of an information security management system (ISMS), “managers within an organisation ensure that security policies are followed”. Here are five practical tips to consider when planning your internal audits.

[Continue Reading...]

Having trouble complying with the PCI DSS? Here are some tips

Conor Donnelly 30th May 2018 PCI DSS No Comments

Keeping cardholder data secure can be incredibly difficult, but have you tried… not storing so much information? You’d be surprised at how effective that apparently flippant advice is. Organisations often store more information than they need, making security trickier than …

[Continue Reading...]

PCI DSS dissected: Reducing your cardholder data environment

Conor Donnelly 28th May 2018 PCI DSS No Comments

The requirements of the Payment Card Industry Data Security Standard (PCI DSS) should be considered the starting point of security. The Standard doesn’t cover everything that organisations can do to protect payment card data, but it does cover everything that …

[Continue Reading...]

The GDPR – health and safety for a digital age

Conor Donnelly 22nd May 2018 Data Protection, GDPR No Comments

The GDPR will not require transposition into law, so organisations involved in data processing of any sort need to be aware that it addresses them directly and that they must comply.

[Continue Reading...]

Why ISO 27001 is integral to data protection compliance

Conor Donnelly 10th May 2018 Cyber Security, Data Protection, GDPR, ISO 27001 No Comments

Supervisory authorities such as Ireland’s Data Protection Commissioner (DPC) have highlighted ISO 27001, the international standard that describes best practice for an information security management system (ISMS), to provide assurance that the necessary technical and organisational requirements to prevent a …

[Continue Reading...]

Conor Donnelly Archive