Guidance and Commentary
These pages include both guidance and topical commentary on aspects of business information risk.
You can also browse our extensive Integrated InfoSec library of risk-related material.
Please let us know if there’s a specific topic you would like covered.

A rational privacy notice structure
To assist in fulfilling Data Controller obligations under the UK GDPR Articles 13 & 14, we offer a rational privacy notice structure template, freely usable under the Open Content License.

Calculating scenario probability
The overall probability of a scenario can be calculated reliably and quite easily from the probabilities of its root causes.

Some realities of risk
To assess the likelihood of a scenario reliably, we must first assess the likelihoods of its causal factors.

Take the Red Pill
Just how reliable are your risk assessments? The tools may be letting you down.

Diligence or disaster?
Businesses are unwittingly leaking confidential documents via online anti-virus services.

Article 14 – beware of the leopard
Inadequate compliance with Article 14 of the GDPR attracts a €220,000 fine in Poland.

GDPR and the use of web tracking
Questions in the European parliament on the extent and lawfulness of tracking on government web sites.

Data protection contingency planning for a 'no deal' Brexit
Twelve steps small and medium businesses should take now to cover themselves in case of a ‘no deal’ Brexit.

GDPR, data transfers and Brexit
The possibility of disruption to personal data exchanges with the EU after Brexit remains to be formally addressed and the clock is ticking for British businesses.

Multiple GDPR lawful bases per purpose
We discuss the controversy around using multiple lawful bases per purpose and propose a safer alternative.

Instant expertise in the GDPR?
We challenge the fantasy of five-day training for Data Protection Officers.

The ‘big six’ Data Protection myths
We identify six prevalent myths about the GDPR that many businesses have fallen for, preventing them achieving compliance.

The GDPR lawful bases for processing
For most businesses, the five generally applicable lawful bases for processing under the GDPR fall into a natural hierarchy that facilitates appropriate selection.

GDPR-compliant privacy notice structure
Our recommendations on the structure and content of privacy notices for GDPR compliance.