Data Protection Commission’s RoPA Guidance and Practical means of achieving compliance

The Data Protection Commission (DPC) has published a guidance document to assist controllers on how to approach the development of the Record of Processing Activities (RoPA) required under Article 30 GDPR. Prior to the publishing of this guidance document, the DPC conducted a RoPA sweep involving 30 organisations across the public and private sectors in […]

AI Enabled Software Products: First Steps to Compliance

Chat-GPT has propelled artificial intelligence (AI) to the fore of public debate. The popularity of the ground-breaking chatbot has accelerated an arms-race in the technology sector to develop new goods and services and to enhance existing software products with AI capabilities. All organisations that use software from third party vendors embedding this functionality into existing […]

The DPC Decision on Meta EU-US data transfers is imminent – what can we expect?

The DPC Decision on Meta EU-US data transfers is imminent – what can we expect? The European Data Protection Board (EDPB) has adopted a dispute resolution decision about Meta’s Facebook EU – US Data Transfers, which will be binding upon the DPC in relation to its own final decision. Although there are many territorial transfers […]

The ICO issues guidance on direct marketing and regulatory communications

The Information Commissioner’s Office (hereafter “ICO”) recently released new guidance to assist organisations to comply with data protection law when a regulatory communication message they need to send out is direct marketing. In undertaking activities that may count as direct marketing, entities have to ensure compliance with data protection requirements by balancing their interests to […]

Coordinated Enforcement Action on the role of Data Protection Officers: What to Expect?

In March 2023, the EDPB announced a second coordinated enforcement action focused on the role of Data Protection Officers (DPOs). This article delves into the this recent announcement by discussing the intended role of the DPO, the expected questions included in the action. The article will also elaborate on the approaches of different Supervisory Authorities […]

Managing ESG risks with poor data? That’s risky business

Barely a day goes by without the term ‘ESG’ appearing in our news and social media feeds. So, what exactly is it? ESG goes beyond Corporate Social Responsibility (CSR), and refers to the Environmental, Social and Governance factors used “to measure and evaluate a business’s impact on society, the environment, and how transparent, accountable and sustainable it […]

The Data Protection Commission Annual Report 2022

On March 7th, 2023, the Data Protection Commission (DPC) published it’s 2022 Annual Report. Once again, this year’s report highlights the volume of work undertaken as well as some large-scale inquiries that have been concluded throughout the year. These inquiries resulted in decisions on infringements and in many cases the imposition of corrective measures. The […]