Privacy Kitchen
Privacy Kitchen
  • 55
  • 268 143
Understanding AI with Kelwin Fernandes Part 3 of 3
Welcome to Part 3 of our 3 part series on Understanding AI with Kelwin Fernandes, CEO of NILG.AI. Kelwn has a PhD in AI but this series reflects Kelwin's ability to explain AI to non-technical people, which with AI is most of us!
If you've not watch Part 1 or Part 2 we recommend you watch those first, where we deal with what is AI, which orgs are using it most, which teams are using it most, supervised v unsupervised, hallucination, interpolation, MLOps - and lots more:
Here's what's in a packed Part 3!
00:17 AI: In-House or external via API
03:50 The API Route: risks & fine-tuning
07:16 Risk-managed alternative to fine-tuning
08:20 How much data do you need?
10:15 AI Risk: Security, Ops, Bias, etc
12:49 AI, Data & Ethics
13:32 AI & The Problem of Control
14:55 AI: Uncertainty & Safeguards
16:50 Accountability & Transparency
18:06 EO, EU AI Act, GDPR & AI
19:10 Recommended books on AI
20:23 Key Tip to get the best from AI
Do check out Kelwin's excellent UA-cam channel @nilg_ai.
And do check out keepabl.com to see how our award-winning Privacy Management Software can help you map out your processes, manage your risk and meet your accountability obligations!
Переглядів: 155

Відео

Understanding AI with Kelwin Fernandes Part 2 of 3 010224
Переглядів 1097 місяців тому
Welcome to Part 2 of our 3 part series on Understanding AI with Kelwin Fernandes, CEO of NILG.AI. Kelwn has a PhD in AI but this series reflects Kelwin's ability to explain AI to non-technical people, which with AI is most of us! If you've not watch Part 1 we recommend you watch that first, where we deal with what is AI, which orgs are using it most, which teams are using it most, and lots more...
Demystify Ai with Kelwin Fernandes of nilg_ai Part 1 of 3
Переглядів 2548 місяців тому
Need to understand AI? We've a great 3-part series with Kelwin Fernandes, the Founder of Nilg.ai. Kelwin has a PhD in AI but this series reflects Kelwin's ability to explain AI to non-technical people, which with AI is most of us! 00:00 Intros 03:44 What is AI? 07:09 AI vs ML vs LLM vs ... 11:00 Examples of everyday AI 12:13 Which orgs are using AI? 14:05 Which teams are using AI? Do check out ...
DSRs in Education with Claire Archibald
Переглядів 418Рік тому
Data Subject Rights (DSRs) under GDPR and UK law are not easy, but they're particularly charged and sensitive in Education. Join us and hear about DSRs in Education from Claire Archibald, founder of the Education Data Hub within Derbyshire County Council and one of the UK's leading Data Protection practitioners in Education. This is a longer video than normal as there's just so much great, prac...
The UK ICO on the ICO Accountability Framework
Переглядів 916Рік тому
Hear from the UK ICO's very own Chris Taylor, Head of Assurance, on the ICO's gold-standard Accountability Framework. Chris heads up the team that originated and created the Framework, so there's no-one better to discuss why the Framework is there, who it's for, how to use it, and what's coming in future! TIMELINE 00:00 Intros 01:22 Why did the ICO create the Framework? 03:19 How unique is the ...
UK GDPR Reforms: Brexit Bonus or Boris Bluster?
Переглядів 5972 роки тому
Robert Baugh, CEO of Keepabl, was delighted to discuss UK GDPR Reforms at the amazing Privacy & Equity Virtual Conference on 12 October 2022. Join us to hear the discussion on - timelines, how Brexit, GDPR and Prime Minister changes fit together - how UK Gov's statements have changed over time, including Ministerial comments at the Tory Party conference on 3 October 2022, and - a detailed look ...
The UK ICO's Accountability Framework with Tash Whitaker
Переглядів 7722 роки тому
You've probably heard about the UK ICO, they're the UK's data protection authority and they've created the Accountability Framework as their gold-standard benchmark against GDPR. You've also probably heard about Tash Whitaker! Tash is one of the UK's leading data protection consultants and influencers, with clients from startups to multinationals and across industries. Tash uses the ICO's Accou...
UK ICO Accountability Framework - 5 Pros & 5 Cons
Переглядів 1,3 тис.2 роки тому
How do you benchmark your Privacy compliance? If you’re covered by GDPR, there’s a good chance you’re thinking of the UK ICO’s popular, gold-standard benchmark - the Accountability Framework. In this video we break down exactly what the Accountability Framework is and call out 5 pros and 5 cons. If you're looking to improve Privacy in your organisation, why not arrange a demo and free 14-day tr...
Privacy Policy or Privacy Notice?
Переглядів 3,6 тис.2 роки тому
Privacy Policy or Privacy Notice? This recent debate shows no sign of slowing down! But does it have a legal basis? And does it matter? We give you a straight, clear answer, looking at the law, regulators's practice and recommendations, what leading law firms use and more. Warning: some may find it challenging... And if your organisation is looking to get its Privacy documentation in order, Kee...
Welcome to Privacy Kitchen!
Переглядів 2 тис.2 роки тому
Welcome to Privacy Kitchen, the free GDPR training channel brought to you by Keepabl. Our channel helps organisations operationalise Privacy for better compliance, answering the most important questions, from the basics such 'What is GDPR" to more specific Privacy issues such as "is Google Analytics illegal". If you're looking to roll out Privacy training in your organisation, we've compiled 10...
GDPR Reforms! Brexit changes to UK GDPR - UK Gov Response
Переглядів 2,6 тис.2 роки тому
GDPR Reforms! Brexit changes to UK GDPR - UK Gov Response
Privacy Kitchen with Laura Irvine on Claims and Damages 240522
Переглядів 6692 роки тому
Privacy Kitchen with Laura Irvine on Claims and Damages 240522
What are the UK IDTA & EU SCCs? When and why you should use them
Переглядів 1,9 тис.2 роки тому
What are the UK IDTA & EU SCCs? When and why you should use them
From Spreadsheets to SaaS with Chris Roberts and David Wylie
Переглядів 4412 роки тому
From Spreadsheets to SaaS with Chris Roberts and David Wylie
Google Analytics & GDPR - 3 Cases, 9 Takeaways and 4 Alternatives
Переглядів 4,9 тис.2 роки тому
Google Analytics & GDPR - 3 Cases, 9 Takeaways and 4 Alternatives
7 GDPR Traps for Groups & 3 Key Solutions
Переглядів 7622 роки тому
7 GDPR Traps for Groups & 3 Key Solutions
Article 6 GDPR: the 6 legal bases & 9 top tips
Переглядів 12 тис.2 роки тому
Article 6 GDPR: the 6 legal bases & 9 top tips
ISO 27701 - Does it make sense? The 7 Decision Factors
Переглядів 2,6 тис.3 роки тому
ISO 27701 - Does it make sense? The 7 Decision Factors
What are the 7 principles of GDPR?
Переглядів 102 тис.3 роки тому
What are the 7 principles of GDPR?
CARA TV Keepabl on GDPR 220421
Переглядів 6653 роки тому
CARA TV Keepabl on GDPR 220421
Privacy Kitchen DPOs Part 2 with Tom McNamara 23032
Переглядів 2873 роки тому
Privacy Kitchen DPOs Part 2 with Tom McNamara 23032
Privacy Kitchen Tom McNamara DPOs Part 1 Conflict 190321
Переглядів 7923 роки тому
Privacy Kitchen Tom McNamara DPOs Part 1 Conflict 190321
Cookies in 2021: CNIL fines, e-Privacy Regulation & Brexit!
Переглядів 1,4 тис.3 роки тому
Cookies in 2021: CNIL fines, e-Privacy Regulation & Brexit!
Copenhagen Business School's Pedro Telles interviews Keepabl's Robert Baugh 040221
Переглядів 2493 роки тому
Copenhagen Business School's Pedro Telles interviews Keepabl's Robert Baugh 040221
Privacy Kitchen Bigger Bite Security and Identity 260121
Переглядів 6093 роки тому
Privacy Kitchen Bigger Bite Security and Identity 260121
Privacy Kitchen Lifting the Hood on DSRs 190121
Переглядів 4363 роки тому
Privacy Kitchen Lifting the Hood on DSRs 190121
Your Personal Data Inventory Top Tips & Brexit Impact 161220
Переглядів 1,5 тис.3 роки тому
Your Personal Data Inventory Top Tips & Brexit Impact 161220
Brexit and the EU UK Representative with Tim Bell DataRep 151220
Переглядів 2083 роки тому
Brexit and the EU UK Representative with Tim Bell DataRep 151220
PK Webinar Ransomware Blackbaud Jamal Ahmed Kazient 050820
Переглядів 1904 роки тому
PK Webinar Ransomware Blackbaud Jamal Ahmed Kazient 050820
Privacy Shield is Down - Schrems II - what it means and 5 Action Points
Переглядів 10 тис.4 роки тому
Privacy Shield is Down - Schrems II - what it means and 5 Action Points

КОМЕНТАРІ

  • @Alan.Moffat
    @Alan.Moffat 23 дні тому

    I got a letter from my pension provider saying that they have recieved a letter that was sent to a random address that had my plan details on it. The occupier had opened my plan documents and realised that it was not for them and contacted the pension company returning my documents. I wonder if i Can i claim compensation for this breach

  • @neutralcorner5950
    @neutralcorner5950 24 дні тому

    A lawyer sent out a letter to some residents of a housing development but not all, one resident then photographed the letter and posted it to residents group. Is that ok?

  • @JenniferWilliams-m9b
    @JenniferWilliams-m9b Місяць тому

    Hegmann Village

  • @daverandle6045
    @daverandle6045 Місяць тому

    SOME ONE records a council meeting without informing anyone

  • @MaryWade-r7v
    @MaryWade-r7v Місяць тому

    Deckow Hollow

  • @RomeoRanjo
    @RomeoRanjo 2 місяці тому

    with DPO outsourced works or accepted by the Data Privacy Act of 2012 of the Phils?

  • @surajkumar-pr8xu
    @surajkumar-pr8xu 2 місяці тому

    i have interview today wish me all the best 🙏

  • @Boonified
    @Boonified 2 місяці тому

    So grateful for this clip - Thank you ! Could you please explain what you mean at 9:44 "The right to withdraw consent is a tactical, not a strategic one" ?

    • @robertbaugh1103
      @robertbaugh1103 2 місяці тому

      Hi, many thanks for your great comment! On consent being tactical not strategic - we mean that it can be withdrawn at any time by the individual and no longer relied on from that point forwards, so if you're eg looking for a legal basis for delivering a product someone has bought, you'd best use necessary for contract. When identifying an appropriate legal basis, there may be more than one available but you'll tend to find one stands out as most appropriate. Don't just go for consent without looking at the other equally valid - and potentially much more appropriate as per our example above - legal bases available. Hope that clarifies it.

    • @Boonified
      @Boonified 2 місяці тому

      @@robertbaugh1103 Ah yes, thank you, that's clear now. Anyone can withdraw consent anytime but all the processing before their withdrawal date remains lawful - got it. Thank you so much again, your videos are a lifesaver for solopreneurs like myself ! I hope you are well and wishing you all the best going forwrads too :)

    • @KeithJones-q7r
      @KeithJones-q7r 2 місяці тому

      ​ KeithJpoones-q7r 0:10

  • @mimimichou
    @mimimichou 3 місяці тому

    Can’t express enough appreciation to Privacy Kitchen! Such a great conversation and so practical! Highly recommend!

  • @georgelipinski8537
    @georgelipinski8537 3 місяці тому

    Thank you Robert very important we have included this in our jamjang app

  • @cintakhutbah
    @cintakhutbah 4 місяці тому

    In this Privacy Kitchen session, experts Tash Whitaker and David Clarke join host Robert Bohr to dissect the complexities of data mapping for privacy governance. They explore the nuances of GDPR compliance, the impact of Brexit on data protection strategies, and share practical advice and war stories from the field. The conversation delves into the importance of understanding data maps, the challenges of maintaining accurate records of processing activities, and the implications of Brexit for cross-border data transfers and marketing practices. Takeaways 🗺 The importance of a data map as a cornerstone of privacy governance was highlighted, emphasizing its role in understanding data flows and impacts on privacy. 🤝 Introductions of the panelists, Robert Bohr, Tash Whitaker, and David Clarke, who are experts in privacy management, consultancy, and cyber and data protection, set the stage for a deep-dive discussion. 🔍 The distinction between a data map and an asset register was explored, with the former being a broader concept that includes the latter, which is more about the security and inventory of data assets. 📝 The GDPR's record of processing activities was discussed as a subset of a data map, which is crucial for understanding data processing activities and responding to data subject requests. 🚫 The challenges of questionnaires for data mapping were noted, with panelists preferring interviews to get accurate insights into data processing activities. 🔑 The role of the Data Protection Officer (DPO) in maintaining the record of processing activities was emphasized, as they need a comprehensive understanding of the business to fulfill their role effectively. 📈 The impact of Brexit on data maps was anticipated, with the potential need to revisit and adjust data transfer agreements and the possible requirement for UK companies to appoint EU representatives. 🛑 The potential increase in data subject rights requests due to the removal of PEC Regulation (ePrivacy Directive) was flagged, necessitating a detailed data map to manage these effectively. 📉 The low adoption rate of ISO 27001 was mentioned, with GDPR and other privacy regulations driving a need for more comprehensive data governance practices. 🔄 The dynamic nature of data mapping was underscored, as it needs to evolve with the business and be part of ongoing risk management and compliance activities. 📚 The complexity of managing large-scale data maps was discussed, with the need for robust systems and processes to maintain and update the data map in line with business operations.

  • @marylincutes
    @marylincutes 4 місяці тому

    GDPR is applicable to Europe. But what if someone from Europe is accessing data illegally in Southern hemisphere? All these fines should apply to that person as well or the company that they work for, right?

  • @KevinLindley-q5r
    @KevinLindley-q5r 4 місяці тому

    I believe they use Confidentiality and Integrity rather than the broader "Security" because Security also covers Availability (the security Triad of CIA).

  • @andyMSH700
    @andyMSH700 5 місяців тому

    In my opinion the ICO has no teeth and pretty much useless to the general public....government organisations hide behind this service referring you back to them knowing full well they will close your query down....why are they being paid by the tax payer?

  • @medwayhospitalprotest
    @medwayhospitalprotest 6 місяців тому

    @PrivacyKitchen I wonder whether you could clarify something for me? Many people have been telling me that a "natural person" i.e. private individual, someone who does not have a business, just a regular Joe, can be considered a Data Controller. I know the DPA quite well but not the GDPR. I would imagine it being highly impractical for private individuals to be classed as Data Controllers but some fairly reliable people have told me this is the case. I can't find anything that validates their opinion.

    • @robertbaugh1103
      @robertbaugh1103 2 місяці тому

      Individuals can be controllers in very limited circumstances (given the vast majority of personal data processing happens in the context of a legal entity with employees). In GDPR, a controller is the person who determines the purposes and means of the processing. 'Person' can be either a natural person (a human) or a legal person (an LTD, PLC etc). In an employer-employee context, it's normally the employer who determines purposes and means, not the employee enacting that for the employer. But if the employee goes off on a frolic of their own, outside their employee duties, they're likely to be the controller for that. And, outside that employment context, if a person on their own processes personal data for a purpose other than 'in the course of a purely personal or household activity' then the GDPR likely applies to them as a controller.

  • @anggelngilah173
    @anggelngilah173 6 місяців тому

    I learn about risikan

  • @msinbalony
    @msinbalony 6 місяців тому

    I'm sorry, how can I focus on what you're saying when that cute little thing is walking around?? My God, he's so adorable.

  • @PriyankaDas-vl8hq
    @PriyankaDas-vl8hq 6 місяців тому

    Very Nice

  • @Taffmeister509
    @Taffmeister509 7 місяців тому

    Hello. Where do I stand with a ex employee. I left the fire service due to false allegations, I then joined the police. Once in the police they asked for a reference from the fire service. They replied back the don’t give a detailed reference. 3 months late messaged back stating my investigation. No one asked or gave permission for this. Where do I stand????

  • @GaneshJU
    @GaneshJU 7 місяців тому

    DPO - should NOT mark their own homework.

  • @AdEve-co7be
    @AdEve-co7be 8 місяців тому

    Merci

  • @davidrobertson5700
    @davidrobertson5700 8 місяців тому

    Please help me. I have been the victim of Brighton and hove city council's data fraud. A letter written yesterday to Brighton and hove city council's leader. I am stuck and forced to take this route The email is as follows Dear Bella, With concern I contact you regarding fraud by council staff who have knowingly covered up acts of data fraud against myself and others which directly contravenes Brighton and hove city council's policy and legal obligations stated under the data protection act. I have minutes of a coucil meeting that stated there were many deeply regrettable data breaches by outreach staff. I also have evidence from my housing file to back up my allegations. So since September 2020 I have made your council officers aware in writing and by recording calls and the situation has been denied, minimised, gaslight and backlit to try to affect my mental health. In short as literally your own policies and the law have been shattered broken I am unfortunately left to make a private prosecution against you, your corporation and your council officers that have taken part and failed to rectify this incredibly serious set of data breaches and total failure of your corporate body , led by you. I hope you will contact me in person as I have faced retribution every time I have bought this up and it is getting worse and worse with the members of your staff treating me differently by failing to address issues that are ongoing and egregious I hope you do not mind that I send this email to the Local government's ombudsman, the ICO and the media in full and the Labour party HQ so this may not be swept under the rug as it has been for far too long. I have reported these data breaches against myself and others for 4 years in writing to many department heads and staff and your policy is very clear that it must be dealt with full stop. Yet here we still are. Will you call me to lay my fears to rest that a cover up is not happening for the last 4 years ? Your senior governance team has my number. Kind Regards David These are deliberate data breaches in retaliation to complaints regarding fraud and forgery . Please, please help me someone

  • @adailydaughter6196
    @adailydaughter6196 9 місяців тому

    Thank you. Does this apply to small (1 or 2 person) business?

    • @PrivacyKitchen
      @PrivacyKitchen 9 місяців тому

      Hi, the size of business isn't a factor, it's whether your activities fall within Art 37's 3-part test: public sector, core activities large scale monitoring, core activities large scale special categories or crime. And of course you can voluntarily appoint on if you decide that's right for you.

  • @ppa5164
    @ppa5164 11 місяців тому

    Very simple, easy to understand and concise video, super helpful!

  • @Web3V
    @Web3V Рік тому

    Cool channel

  • @caroljones9908
    @caroljones9908 Рік тому

    Can you tell me if emails which have gone missing from a company who I'm in dispute with can be claimed against using GDPR? Or point me in the right direction for advice?

    • @PrivacyKitchen
      @PrivacyKitchen Рік тому

      We're afraid we can't give tailored personal advice, and recommend you seek legal advice. What we can say is that GDPR allows you to obtain your personal data, not the document itself nor information that isn't about you. Again, particularly in disputes, we strongly recommend seeking legal advice.

    • @caroljones9908
      @caroljones9908 Рік тому

      @@PrivacyKitchen thank you.

  • @DhrubapadaSinha
    @DhrubapadaSinha Рік тому

    How can l received my data from my stolen phone Micromax Q382 of imei1-911467754510476 because this phone is controlled by hackers

  • @governanceriskcompliancegr9963

    Hello Robert, it was a nice explanation of GDRP principles. Regulatory authorities in EU and other countries are tightening the supervision to ensure Data Protection of Data Subjects by the Data Controllers and Data Processors. Element of Free Data Consent f Data Subjects is of crucial importance.

    • @bempomaa489
      @bempomaa489 Рік тому

      Hi, I have a project this topic GDPR and DPA 2018 EU and UK opt-in into cookies can you link to me any website for my final project please? Thanks

    • @PrivacyKitchen
      @PrivacyKitchen Рік тому

      For cookies in the UK, we particularly recommend looking at articles and guides on law firm websites and looking at the particular rules in PECR and the draft DPDI2. Good luck with your project!

    • @bempomaa489
      @bempomaa489 Рік тому

      @@PrivacyKitchen Thankyou…, do you mind linking me please?

  • @MrTizzy4
    @MrTizzy4 Рік тому

    Fantastic video. Using this as part of my CIPP / US studies. Thanks!

  • @jonbance
    @jonbance Рік тому

    Is it breaching GPDR if a clients name is in an email title..on counselling?

  • @Tola_A
    @Tola_A Рік тому

    Amazing videos, using alongside my study for the CIPP/E exam. Did you get around to doing one on joint controllers?

    • @PrivacyKitchen
      @PrivacyKitchen Рік тому

      Many thanks! We've not yet but will do :)

    • @Tola_A
      @Tola_A Рік тому

      @@PrivacyKitchen great! I'm eagerly anticipating watching. By the way, I successfully passed the CIPP/E exam, and I must say your videos were particularly helpful in certain areas. Thank you! 😊

    • @PrivacyKitchen
      @PrivacyKitchen Рік тому

      Congratulations!@@Tola_A

  • @Brian-zn3ey
    @Brian-zn3ey Рік тому

    Shouldn't privacy be assumed, why are they asking you to consent with yes/no options? What are you actually consenting to?

  • @kotsbrown
    @kotsbrown Рік тому

    Great video. Love GDPR and all its nuances!

  • @marcusyoung3485
    @marcusyoung3485 Рік тому

    If u was to use a company laptop in a cafe and ask the person during a call if this is stil there email and address but none else in the cafe is this a breach ?

  • @torley
    @torley Рік тому

    Very clearly explained, thank you for the information. Was that dripping tap water in the background? Makes sense as part of a Privacy Kitchen, I suppose. 💧🚰

    • @PrivacyKitchen
      @PrivacyKitchen Рік тому

      It was! It's part of the real video movement :) Fixed now.

  • @GangeArtCom
    @GangeArtCom Рік тому

    I am seriously concidering taking someone to court over this.

  • @stanislavnikolskiy6122
    @stanislavnikolskiy6122 Рік тому

    Great Job🔥 thank you 🙏🏻

  • @chestercopperpot4455
    @chestercopperpot4455 Рік тому

    Any episodes in the pipeline? How about NIS2?! Thanks

  • @KPP365
    @KPP365 Рік тому

    How can you prove who gave your details to someone else ? Like my old employer, is someone is trying to get in touch with me and call them ? How long can your old employer keep your details IE phone number, Email?

    • @PrivacyKitchen
      @PrivacyKitchen Рік тому

      Hi, you'll understand we can't give long advice or even give advice at all - we're not a law firm and you should seek professional advice. What we can say is there should be retention periods for information depending on the purpose, and no personal data should be kept for ever.

  • @scottelev896
    @scottelev896 Рік тому

    Hi I had an occupational health report left out in a communal area where I work. The person who left it out investigated it themselves and decided no data was breached. Two months later they reported it to the organisation. Any ideas?

    • @rossblack9559
      @rossblack9559 Рік тому

      You would have to prove it got into someone else's hand.

  • @Dabes88
    @Dabes88 Рік тому

    So my collection of data can be collected on amopt out basis as a baseline and make it a dataset to run through a machine learning algorythm for sentiment analysis. Truthfull and whatever else I want.unpess the can tell m what I have and prove they are them and as long as I do t hold an unbekcrypted csv train a mlboy to do whatever I want with uptobamd including paroting them deep faking anything but I cqnsell the CSV however I can use the ml tlas a monthly membership making sat DWP the product?

  • @potatius6421
    @potatius6421 Рік тому

    as to the first thing you cited: don't wear a suit made from plastic and doesn't fit you...wink wink

  • @TukikoTroy
    @TukikoTroy Рік тому

    I've been watching a lot of 'auditing' videos lately and I'm fully acquainted with an auditor's right to film... but when it comes to publishing, especially when someone belonging to whatever company is being audited specifically says they do not want this being shown on UA-cam, I get lost in the tangled and layered swamp that covers privacy. Is auditing for 'personal use'? Do auditors have to comply with GDPR? Can they publish someone's image if they have been asked not to? Do Google rules apply in UK? I'm totally lost with all of the legislation.

    • @PrivacyKitchen
      @PrivacyKitchen Рік тому

      Hi, you'll understand we can't give long advice or even give advice at all - we're not a law firm and you should seek professional advice. Hope the videos help clarify matters!

  • @mrbcrowes
    @mrbcrowes Рік тому

    What would be the legal grounds for unfair dismissal for a private group conversation on Facebook leading to removal from a charity group? i.e if someone was raising awareness of manipulation or asking a question that would lead to a screen shot which in turn would be shown to the leaders. Thanks for any input, been round the merry go round with google search and Facebook privacy laws.

    • @williamrodgers4669
      @williamrodgers4669 Рік тому

      THEY USE VAPOR LEGALESE LIKE TO THIS TO SCARE PEOPLE AND BELIEVE THEY CAN FINE YOU AND COLLECT. TELL THEM GOFYOURSELF

  • @Ali54314
    @Ali54314 Рік тому

    This video is very good and helpful thank you so much for this. I would like to share my incident and if you could provide your view it will be great of you. I requested for CCTV footage under sujbect access request with Apple regarding an incident in store. They have deleted the footage and apologied saying we failed. ICO has told me they will ask them to improve future incident better. I am at loss on everything, esp with the racist incident in store.. what can I do?

  • @acousticleo4354
    @acousticleo4354 Рік тому

    I have a question. In UK, I bought an electronic device, the Application necesary to set up and run this electronic device wasn't available in Google Play store. So I called support centre and they emailed me a link to a Web page to download the phone application. I was anxious to open my new gadget and this webpage contained virus/malware my personal mail( containing all type of sensitive data)was open. After some time I notice the phone working really bad and reset it afraid of Virus. Is this a data breach? Many thanks! #PrivacyKitchen

  • @kaxar6954
    @kaxar6954 Рік тому

    Good discussion. I have three questions. Does UK GDPR apply to UK employers who use cloud-based companies in EU countries to store staff training and competency records? What polices should they have in place if they are moving away from a paper-based system to digital? Can a UK employer insist on staff having their photo/video used to document a training or competency activity to be held in the cloud based outside the UK?

    • @robertbaugh1103
      @robertbaugh1103 Рік тому

      Hi, glad you enjoyed the conversation! You'll appreciate we can't give advice and we're not a law form or consultancy. We can say that UK GDPR applies to all employers established in the UK. We can also say that an employer should have a range of policies and procedures for Privacy and Security (both can be covered in the same policy they don't need to be separate whatever works for you), just as you should have an Employee Handbook dealing with equality, holidays, expenses, etc. To go further would be to be advising on your situation which we can't do, we can only recommend you obtain appropriate advice, a good Privacy consultant can help you here.

    • @kaxar6954
      @kaxar6954 Рік тому

      @@robertbaugh1103 Thanks. The questions were hypothetical in the event those questions are raised in the future with this new framework.

  • @A5tr0101
    @A5tr0101 Рік тому

    Hey i wanted to ask, can any thing come up from using a declaration vs a checkbox in any scenario I agree to Terms and Conditions [checkbox] I agree to Privacy Policy [checkbox] vs on registration showing a declaration By proceeding i agree to [Service]'s Terms and Conditions and Privacy Policy (popular in tech giants, and other apps i've tested, its nicer UX) I am in a debate with this at work at the moment and am told i am wrong, what about class 2 medical devices?

    • @robertbaugh1103
      @robertbaugh1103 Рік тому

      That's a few questions in there! We don't provide advice and can't advise on particular situations. We always recommend clarifying what the processing activity is, or the multiple activities, deciding on the appropriate legal basis, then deciding on the appropriate notices / flow / records etc.

  • @madhvikaria9404
    @madhvikaria9404 Рік тому

    This is really helpful. How does intra-group data processing work? For example. Need more guidance on this pls.

    • @PrivacyKitchen
      @PrivacyKitchen Рік тому

      Great topic for a video, thanks Madhvi! It's essentially the same as if each group member is an unknown third party. There's no free passes for group members. If you have BCRs (and wow, only 200 groups have ever had BCDRs approved so you most likely do not have BCRs) then the BCRs set out the rules - still no free pass, the BCR is a chunky set of rules.

  • @andys-ctg827
    @andys-ctg827 Рік тому

    Hi. I don't understand the detail about the Art 28 being covered by the EU SCC Addendum but not the IDTA. The ICO's addendum template mentions Art 28 once, and it is very tentative. However, their IDTA template mentions it five times and does have clauses that mention the need for a linked agreement between the parties that complies with Art 28. Could you clarify more please? Thanks.

    • @PrivacyKitchen
      @PrivacyKitchen Рік тому

      Hi Andy. The IDTA refers to a linked agreement which is to address Art 28. See eg Bird & Bird: www.twobirds.com/en/insights/2022/uk/new-uk-standard-contractual-clauses-for-personal-data-transfers: "The mandatory processor requirements under Art. 28 UK GDPR are not included: Whereas the new EU SCCs incorporate the Art. 28 GDPR requirements (i.e. when module 2 (controller to processor) of the new EU SCCs is used, it already has the appropriate mandatory processor obligations under Art. 28 built in so a separate data processing agreement is not needed between controller and processor), this is not the case with the IDTA - Clause 1.4 of the IDTA’s Mandatory Clauses makes it clear that it envisages that a linked agreement will cover this off, which it may well do in practice. However it complicates the patchwork of data transfer agreements."