The DPC’s new approach to addressing personal data breach notifications
The Data Protection Commission Ireland, in its Annual Report 2021, announced a changed approach towards handling data breach notifications. The report explains that the focus of DPC will shift towards enforcement rather than the current approach that prioritises communication and conciliation with data controllers to assist mitigating the impacts of data breaches on the controllers […]
European Commission launches proposal for a Regulation for the European Health Data Space (EHDS)
The health sector, like many other sectors, is going through transformative change fuelled by advances; amongst others, in Artificial Intelligence (AI), Machine Learning (ML) and Smart Devices. The aim of the proposed EHDS is the creation of data spaces to facilitate access to data in safe and secure environments and ensure EU data is used […]
ENISA Report on Deploying Pseudonymisation Techniques in the Health Sector
On 24 March 2022, the European Union Agency for Cybersecurity (‘ENISA’) published a report on deploying pseudonymisation techniques in the health sector. Building on previous ENISA guidance in this area, the report explores, through the illustration of simple use cases, how such techniques can improve the protection of health data. The digitisation of medical data […]
EU-US Data Transfers – The Inception of Privacy Shield 2.0
On 6 April 2022, the European Data Protection Board (EDPB) released a statement adopting the announcement dated 25 March 2022 regarding an European Union (E.U.) – United States (U.S.) Transatlantic Agreement for facilitating data transfers. In its statement, the EDPB highlights the “unprecedented” measures that the U.S. intends on implementing to ensure adequate protection of […]
Transparency while processing Children’s personal data
Transparency is a key obligation for any data processor to discharge while processing personal data. The same has been mentioned within Article 5(a) of the GDPR. Recently, documents filed in the UK Courts have accused TikTok, a popular social media platform, of processing children’s personal data without meeting transparency obligations or seeking consent as required […]
Analysing the human-factor aspects of cybersecurity
Cybersecurity has become increasingly important across organisations, departments and teams. However, effective cyber-security requires both technical and organisational measures to reduce risks to organisations and the clients they serve. Furthermore, attacks on many types of critical infrastructure service providers, such as financial, healthcare or public institutions, could result in serious economic and societal repercussions. An […]
EDPB issues new guidelines on Codes of Conduct as tools for transfers
Under Article 46 of the GDPR, Controllers and Processors must implement appropriate safeguards for transfers of personal data to third countries or to international organisations. Where the European Commission has not determined a third country as having adequate protection, there are several mechanisms available to achieve this end. The most utilised of these are Standard […]
Greek DPA imposes its highest to date fine on Telecom Providers
On January 27, the Hellenic Data Protection Authority (DPA) imposed a fine of 6 million euros and 3.25 million euros to the mobile phone operator Cosmote and its parent company OTE, respectively. The companies were involved in a data breach caused by a cyber-attack occurred in September 2020 concerning the leakage of subscriber call data. […]
Annual Report by the Data Protection Commission – Trends and Forecasts
The Data Protection Commission (DPC) has, on 24 February 2022, published its third annual report since its inception. The Annual Report 2021 highlights several achievements and large-scale inquiries that the DPC has concluded during 2021. The DPC observed a high volume of complaints (an increase of 7% from 2020) and reported data breaches and predicted […]
The GoDaddy data breach
GoDaddy is an American domain registrar and web creating and hosting company. As reported at the beginning of 2021, the number of customers of the company was 20.6 million, and has likely increased since as statistics show. As part of its services, GoDaddy offers domain names suited to the requirements of a new company, hosts […]
