Cyber crisis, especially ransomware incidents, are the most heinous situations for organizations to manage. When you deal with ransomware attacks, a combined response from experts in cybercrime, legal, negotiation and communication is necessary.

Under the moderation of our Belgian legal expert Ruben Roex from Timelex, learn how to fight ransomware in its various phases, you will hear more about:

- prevention with the Cybersecurity expert Simon Wiseman, from Deep Secure

- legal protection with Mitch Koczerginski, from McMillan LLP

- mitigation via communication with Christina Forsgård from Netprofile

Watch this webinar to learn how to deal with Ransomware attacks!

In this episode of Privacy Espresso, Gleb Kapusto, from First Bridge in Ukraine, discussed the importance of e-governance in the era of all-remote. In particular, Gleb explained why the digitalization of the public sector is beneficial for both government and population and presented a fascinating case study from Ukraine -the first country in the world to legislate digital passports.

Earlier this year, the Central Bank of the UAE issued the groundbreaking Consumer Protection Regulation and Standards which lay the foundations for the new financial consumer protection regulatory framework. This is expected to standardize the principles of business conduct with consumers in banking and financial services across the UAE.

In this #privacyespresso session with the UAE PrivacyRules expert Rima Mrad, allows the listeners to learn more about the new regulation and standards and to understand how this is going to impact financial institutions as well as consumers in the present and in the near future.

Investigating complex criminal cases usually involves executing privacy-invasive procedures in secrecy and sometimes in demanding circumstances.

In this espresso, Juan Carlos Manriquez Rosales, Chilean expert at PrivacyRules and founder of the MBCIA law firm, explains how the use of surveillance tools through AI or technological tools can collide with standards of protection of Due Process and HHRR.

The expert also analyzed two complex real cases issues: Crime predictability to feed risk maps and the use of drones without a prior court order.

After almost 3 years with General Data Protection Regulation, there is still big uncertainty among businesses regarding its particular obligations in case of a data breach. Under the GDPR, any incident resulting in the destruction, loss, alteration or disclosure of personal data is a data breach and its occurrence triggers the controller’s obligation to examine the breach and, in some cases, to notify Data Protection Authority (DPA) and inform data subjects whose personal data the breach concerned. In case the breach poses risks to data subjects (of a monetary loss or physical harm) the controller is obliged to notify the DPA within 72 hours. In addition, in case the risks identified by the controller are particularly high, it is also necessary to inform the data subjects.

Recently Polish DPA issued decisions regarding the data breach notifications which were quite controversial. As an example, in one of the cases the scale of the breach was quite insignificant (mail send by mistake to wrong receiver). The company identified the incident as data breach, however, with no risk to data subject identified, it decided not to notify the DPA. The conclusion reached by the DPA (after the proceeding initiated by the e-mail receiver) was different – it found that not only the breach posed risk to data subjects but that the risk was high and that also the data subject should have been notified.

During the espresso, our Polish expert, Karolina Miksa from WKB lawyers in Poland, will provide more details about the Polish cases and discuss, if, to avoid sanctions, the companies should consider to notify any data breaches to the DPA.

Listen to the podcast version of this espresso here