Writing and Blog

A collection of my writing, musings, and opinion pieces. Please check back for updates!

Hire Ross

Ross is available for technical and other writing.

Should you be interested, please get in touch!

Training your Information Officer

In an ideal world, your Information Officer (or Data Protection Officer under GDPR) comes from a legal background and is familiar with privacy regulation and other related laws. In reality though, particularly for SMEs, this is rarely the case.
read more

Processing European Data in South Africa

Within the context of GDPR, there are a number of restrictions on how one may process data outside of the European Union (EU) or European Economic Area (EEA). One mechanism for moving past these restrictions is when the European Commission judges a foreign nation's privacy law as "adequate".
read more

Upcoming Public Events – Oct / Nov

Throughout the year there are a number of public events hosted by Ross G Saunders Consulting and our partners, the following events are approaching for late October and November.
read more

Privacy by Design in SOPs

In past articles, I've mentioned Privacy by Design and Standard Operating Procedures. In this post, I will chat about the importance of combining them. GDPR, Europe's privacy regulation, mandates the need for Privacy by Design and Default. While no set guideline exists in the regulation, there are a number of questions you can ask as part of your SOP design.
read more

Privacy by Design

Although its been around for a while, Privacy by Design and by Default has really come to the fore in Article 25 of the GDPR. This concept puts forward that if you are designing a process, technology, or any other item in a business, it should be designed to be secure and private by default.
read more

Special Offer – “Introduction to Data Privacy” Workshop

Although its been around for a while, Privacy by Design and by Default has really come to the fore in Article 25 of the GDPR. This concept puts forward that if you are designing a process, technology, or any other item in a business, it should be designed to be secure and private by default.
read more

Incident Response Plans and Policies

For the remainder of 2019, I am running a promotion on my popular "Introduction to Data Privacy" workshop - a workshop designed to upskill all staff in a company on what Data Privacy is. A while back I wrote an article on why education is important, this workshop facilitates that and so much more!
read more

Upcoming Data Protection Brunches

A vital part of any Data Protection strategy is that of an incident response plan and policy. Your incident response policy dictates what your company does in the event that there is an incident within the business involving data, and the incident response plan details who is responsible for what function during an incident, and how to perform any actions that need to take place.
read more

Saving Passwords – Browsers vs Managers

Everybody needs to know about Data Protection and Privacy, particularly the C-suite and senior management. My Data Protection Brunch series is just the thing to up-skill yourself and your leadership team. These informal brunch meetings take place around the country and detail the ins and outs of Data Protection for your business.
read more

Events, Threats, Incidents and Breaches

Recently, a bank in South Africa (FNB) drew the ire of the security and privacy communities when they disabled the use of password managers on their online banking system - resulting in people having to remember much shorter and less secure passwords as opposed to highly secure passwords generated in password managers. From their press releases, it would seem that their intention was to disable the saving of passwords in a browser, which inadvertently disabled the use of password managers too. They have since retracted the code that disabled this so that password managers can remain in use, while issuing a stern warning against saving your passwords in a browser.
read more