Human intervention and human oversight in the GDPR and AI Act

Differences and Practical Challenges The GDPR introduced the notion of ‘human intervention’ as a way to prevent, in certain circumstances, decision-making based solely on automated means. The forthcoming AI proposal for a Regulation (“AI Act”) uses the term ‘human oversight’ and sets out certain obligations. For instance, in December 2021, the European Committee of the […]

The DPC’s new approach to addressing personal data breach notifications 

Data Breach

The Data Protection Commission Ireland, in its Annual Report 2021, announced a changed approach towards handling data breach notifications. The report explains that the focus of DPC will shift towards enforcement rather than the current approach that prioritises communication and conciliation with data controllers to assist mitigating the impacts of data breaches on the controllers […]

A survey of AI risk assessment methodologies


In recognition of both the increasing importance of AI in our digital society and the wide diversity of use cases, policymakers across the globe are seeking to better understand the risks that these new AI systems might pose to society. A growing consensus is emerging in favor of risk-based approaches to regulating the use of […]

Raising awareness as a first step towards change – the ENISA report

AdobeStock 362074732

Effective cyber-security awareness raising should form part of a broad national strategy. In its report on cybersecurity awareness, ENISA reviewed the strategies of 11 EU Member States and identified that increased dependence on Information and Communication Technology (ICT) generates the need to become more aware of cyber-security and cyber-threats in order to be better equipped […]

GDPR fines may be susceptible to significant reductions upon appeal

AdobeStock 291849717 1

The General Data Protection Regulation (GDPR) substantially increased the amount that data protection authorities (DPAs) are empowered to fine organisations, to €20m or 4% of worldwide annual turnover. The UK Information Commissioner’s Office (ICO) has issued a limited number of fines for data protection breaches in the first 5 years of the UK GDPR. It […]

Tackling child exploitation – Join the CESIUM webinar

Irish Data sharing SMALL

We are delighted to announce that Trilateral Research, Lincolnshire Police and The NWG will be holding a free webinar on March 24 and March 25 to demonstrate the development of CESIUM, our cutting-edge partnership tool to tackle child exploitation and offer early intervention opportunities. The CESIUM application will be presented and demonstrated at two identical webinars […]

WhatsApp: Why you must get your privacy notice right

privacy notice

Could a privacy notice cause a data-protection concern so massive to trigger the loss of millions of customers within a few weeks, draw the attention of governments and supervisory authorities across the world, and lead to major reputational damage? The answer is yes, and it recently happened to WhatsApp. This scenario highlights how data protection documentation is an essential part of the governance of personal data and the impacts […]

Data protection made simple(r) for small and medium sized enterprise


Small and medium-sized companies often feel they lack the resources or the expertise to manage their data protection obligations. In this user-friendly and free to download handbook, we offer guidance and practical suggestions for small and medium-sized enterprises (SMEs) that could facilitate compliance with the General Data Protection Regulation (GDPR). The Handbook explains how to […]