Preparing for NIS 2 Directive: Obligations and Implementation Strategies

On 16 January 2023 the NIS 2 Directive (Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union) came into force. NIS 2 is a continuation, expansion and replacement of the original cybersecurity directive NIS 1 (Directive EU 2016/1148). NIS 2 aims to future-proof NIS 1 on account of the […]

How to introduce third-party applications: Lessons from NHS Lanarkshire

The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Lanarkshire for breaches of the UK General Data Protection Regulation (UK GDPR), arising from the sharing of patient personal data via WhatsApp. The case-study offers actionable insights for other data controllers into how to effectively manage the introduction of new applications (apps)into their organisations […]

The new EU-US Data Privacy Framework: the solution to transatlantic data flows?

The ability to transfer data between countries is the bedrock of trade and international relations. To facilitate barrier-free transfers of data between the EU and US, the European Commission (EC) adopted an adequacy decision under Article 45 of the GDPR on the new EU-US Data Privacy Framework (the DPF) on 10 July 2023. As the […]

An Introduction to the ICO’s Guidance on Privacy-Enhancing Technologies

In June 2023, the UK Information Commissioner’s Office (ICO) published its guidance on enterprise privacy-enhancing technologies (PETs). Alongside it, the regulator has issued a call for organisations to adopt PETs within the next five years. Leaders will want to understand these technical, privacy-preserving solutions to capture the benefits of data collection, sharing and analysis in […]

AI Enabled Software Products: First Steps to Compliance

Chat-GPT has propelled artificial intelligence (AI) to the fore of public debate. The popularity of the ground-breaking chatbot has accelerated an arms-race in the technology sector to develop new goods and services and to enhance existing software products with AI capabilities. All organisations that use software from third party vendors embedding this functionality into existing […]

Managing ESG risks with poor data? That’s risky business

Barely a day goes by without the term ‘ESG’ appearing in our news and social media feeds. So, what exactly is it? ESG goes beyond Corporate Social Responsibility (CSR), and refers to the Environmental, Social and Governance factors used “to measure and evaluate a business’s impact on society, the environment, and how transparent, accountable and sustainable it […]

The Data Protection Commission Annual Report 2022

On March 7th, 2023, the Data Protection Commission (DPC) published it’s 2022 Annual Report. Once again, this year’s report highlights the volume of work undertaken as well as some large-scale inquiries that have been concluded throughout the year. These inquiries resulted in decisions on infringements and in many cases the imposition of corrective measures. The […]