How to plan, deliver and maintain a robust Record of Processing Activities project

Planning for Record of Processing Activities

In addition to being a requirement under Article 30 of the GDPR, the Record of Processing Activity (RoPA) can also be a key data protection compliance driver for your organisation. In previous articles, we have provided guidance on the specific requirements of Article 30, its relevance to organisations, the implications of non-compliance and the steps […]

Draft UK Data Protection and Digital Information Bill

On July 18, 2022, the U.K. government introduced the Draft Data Protection and Digital Information Bill (hereafter referred to as the “Bill”) to the House of Commons. Publication of the Bill was the natural next step following on from the consultation in September 2021 on the reform of UK data protection law, the final response […]

Expansion of the Data Protection Commission

On the 27th of July the Department of Justice announced that the Government had approved the expansion of the Data Protection Commission by two additional Commissioners. The Data Protection Commission (DPC) since its inception, has had only one Commissioner. The appointments will be made in accordance with Section 15 of the Data Protection Act, 2018 […]

Landmark CJEU judgment confirms broad interpretation of Special Category Data 

Earlier this month, a case referred by the Regional Administrative Court of Lithuania to the CJEU OT v Vyriausioji tarnybinės etikos komisija resulted in a landmark judgment that included a broad interpretation of what constitutes special category personal data, which should give pause for thought for all organisations processing personal data. This article explains the potential […]

How to deal with Processors: Facts and hints to do it in an efficient way

Data processors

How to deal with Processors: Facts and hints to do it in an efficient way Data controllers must consider the management and control of processors, as a priority prior to commencing new projects or during their development, with any parties with whom personal data is shared. Data controllers are, however, subject to investigations, often resulting […]

The EDPS Annual Conference 2022: Trilateral’s involvement and key take-aways

EDPS Conference

On 16 and 17 June, Trilateral Research was pleased to attend and present at the 2022 EDPS Conference on “Effective Enforcement in the Digital Age”. The conference was attended by leading academics, activists, practitioners, regulators and policy-makers, and featured several high-level keynote speeches by individuals like Max Schrems (NOYB), Wojciech Wiewiórowski (EDPS) and Shoshana Zuboff […]

EDPS Opinion on Information Security Proposal

The Proposal for a Regulation of the European Parliament and of the Council on the information security in the institutions, bodies, offices and agencies of the Union (EUIs)[1] suggest developing a set of standards and rules regarding information security that EUIs will need to adhere to. These aim to firstly, facilitate the interoperability of information classification […]

Googles decides to make easier to Reject All 

Google on laptop

Recently, Google announced its plans to introduce a “Reject All” option within its famous cookie banner. The decision was appreciated by the Information Commissioners Office, by observing this to be a change that was long awaited to improve not only the user interaction, but also the compliance aspects. The ICO in its statement was also […]

The DPC’s new approach to addressing personal data breach notifications 

Data Breach

The Data Protection Commission Ireland, in its Annual Report 2021, announced a changed approach towards handling data breach notifications. The report explains that the focus of DPC will shift towards enforcement rather than the current approach that prioritises communication and conciliation with data controllers to assist mitigating the impacts of data breaches on the controllers […]