The DPC’s new approach to addressing personal data breach notifications 

Data Breach

The Data Protection Commission Ireland, in its Annual Report 2021, announced a changed approach towards handling data breach notifications. The report explains that the focus of DPC will shift towards enforcement rather than the current approach that prioritises communication and conciliation with data controllers to assist mitigating the impacts of data breaches on the controllers […]

ENISA Report on Deploying Pseudonymisation Techniques in the Health Sector

ENISA Report on Deploying Pseudonymisation Techniques

On 24 March 2022, the European Union Agency for Cybersecurity (‘ENISA’) published a report on deploying pseudonymisation techniques in the health sector. Building on previous ENISA guidance in this area, the report explores, through the illustration of simple use cases, how such techniques can improve the protection of health data.  The digitisation of medical data […]

EU-US Data Transfers – The Inception of Privacy Shield 2.0

Transatlantic Data Privacy

On 6 April 2022, the European Data Protection Board (EDPB) released a statement adopting the announcement dated 25 March 2022 regarding an European Union (E.U.) – United States (U.S.) Transatlantic Agreement for facilitating data transfers. In its statement, the EDPB highlights the “unprecedented” measures that the U.S. intends on implementing to ensure adequate protection of […]

Transparency while processing Children’s personal data

Transparency is a key obligation for any data processor to discharge while processing personal data. The same has been mentioned within Article 5(a) of the GDPR. Recently, documents filed in the UK Courts have accused TikTok, a popular social media platform, of processing children’s personal data without meeting transparency obligations or seeking consent as required […]

Analysing the human-factor aspects of cybersecurity

Human Factor Aspects of Cybersecurity

Cybersecurity has become increasingly important across organisations, departments and teams. However, effective cyber-security requires both technical and organisational measures to reduce risks to organisations and the clients they serve. Furthermore, attacks on many types of critical infrastructure service providers, such as financial, healthcare or public institutions, could result in serious economic and societal repercussions.  An […]

EDPB issues new guidelines on Codes of Conduct as tools for transfers

Under Article 46 of the GDPR, Controllers and Processors must implement appropriate safeguards for transfers of personal data to third countries or to international organisations.  Where the European Commission has not determined a third country as having adequate protection, there are several mechanisms available to achieve this end. The most utilised of these are Standard […]

Greek DPA imposes its highest to date fine on Telecom Providers 

On January 27, the Hellenic Data Protection Authority (DPA) imposed a fine of 6 million euros and 3.25 million euros to the mobile phone operator Cosmote and its parent company OTE, respectively. The companies were involved in a data breach caused by a cyber-attack occurred in September 2020 concerning the leakage of subscriber call data.   […]

Annual Report by the Data Protection Commission – Trends and Forecasts

The Data Protection Commission (DPC) has, on 24 February 2022, published its third annual report since its inception. The Annual Report 2021 highlights several achievements and large-scale inquiries that the DPC has concluded during 2021. The DPC observed a high volume of complaints (an increase of 7% from 2020) and reported data breaches and predicted […]

The GoDaddy data breach

GoDaddy is an American domain registrar and web creating and hosting company. As reported at the beginning of 2021, the number of customers of the company was 20.6 million, and has likely increased since as statistics show. As part of its services, GoDaddy offers domain names suited to the requirements of a new company, hosts […]