Generative AI: Capabilities, Risks and Safeguards

Generative AI Capabilities Risks and Safeguards

Rapid advances in Generative AI (GenAI), which creates text, images, and media – drawing on the patterns and structure of input data to generate new data with similar characteristics – has seen its use grow over the past few years. Predictably, we are also witnessing how technological development is outpacing regulatory developments, exposing organisations to […]

The ICO’s Guidance on Workers Monitoring: Key Hints for Companies

On October 3, 2023, the Information Commissioner’s Office (ICO) adopted a guidance to assist employers in adhering to data protection laws while monitoring workers. The guidance applies to any form of monitoring (both systematic and occasional) of people who carry out work on behalf of an organisation, regardless of the nature of the contract between […]

Top Tips for Incident Response Planning

October is Cyber Security Month and it’s a good time to reflect on your organisation’s preparedness for responding to a serious incident such as a cyber-attack. Preparing for an incident is money well spent. Having well tested plans will ensure your response to an incident is more efficient and effective than it may otherwise have […]

What Can We Learn from the PSNI Data Breach?

In a recent data breach, the Police Service of Northern Ireland (PSNI) fell victim to human error in a Freedom of Information (FOI) response that demonstrated the importance of ensuring that data protection and freedom of information are well integrated. Over 100 countries have implemented FOI laws, which allow individuals to request access to data […]

Navigating Data Scraping Challenges: Protecting User Privacy in the Digital Age

On August 24, 2023, 12 data protection authorities members of the Global Privacy Alliance’s International Enforcement Cooperation Working Group, including the Information Commissioner’s Office, adopted a joint statement concerning data scraping. The joint statement primarily addresses the privacy risks associated with data scraping and also offers an overview of measures that organizations and individuals can […]

Preparing for NIS 2 Directive: Obligations and Implementation Strategies

On 16 January 2023 the NIS 2 Directive (Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union) came into force. NIS 2 is a continuation, expansion and replacement of the original cybersecurity directive NIS 1 (Directive EU 2016/1148). NIS 2 aims to future-proof NIS 1 on account of the […]

How to introduce third-party applications: Lessons from NHS Lanarkshire

The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Lanarkshire for breaches of the UK General Data Protection Regulation (UK GDPR), arising from the sharing of patient personal data via WhatsApp. The case-study offers actionable insights for other data controllers into how to effectively manage the introduction of new applications (apps)into their organisations […]

A Step Closer to the Adoption of the Data Act

On 14th July 2023 the Chairman of the Council of the European Union’s Committee of the Permanent Representatives of the Governments of the Member States to the EU (Coreper), announced the approval of the text of the Data Act, as amended as a result of the political agreement reached with the European Parliament in June […]