The new EU-US Data Privacy Framework: the solution to transatlantic data flows?

The ability to transfer data between countries is the bedrock of trade and international relations. To facilitate barrier-free transfers of data between the EU and US, the European Commission (EC) adopted an adequacy decision under Article 45 of the GDPR on the new EU-US Data Privacy Framework (the DPF) on 10 July 2023. As the […]

ICO Publishes New Guidance on Responding to Subject Access Requests (SARs)

ICO Publishes New Guidance on Responding to Subject Access Requests (SARs)

Background On May 24, the UK Information Commissioner’s Office (ICO) published New Guidance, in the form of a Q&A, for businesses and employers on responding to Subject Access Requests (SARs). Subject Access Requests form part of the UK General Data Protection Regulation (UK GDPR) in Art.15 of the UK GDPR and Data Protection Act 2018 […]

Data protection by design and default: what data controllers need to know and do

Data protection by design and default: what data controllers need to know - and do 

The Future of Privacy Forum (FPF), a prominent Washington thinktank, published a May 2023 report reflecting on data protection by design and by default. Data controllers’ duty to implement appropriate technical and organisational measures (‘TOMS’) was a novel obligation introduced into EU data protection law in 2018 through Article 25 GDPR. The law requires controllers […]

Data Protection Commission’s RoPA Guidance and Practical means of achieving compliance

The Data Protection Commission (DPC) has published a guidance document to assist controllers on how to approach the development of the Record of Processing Activities (RoPA) required under Article 30 GDPR. Prior to the publishing of this guidance document, the DPC conducted a RoPA sweep involving 30 organisations across the public and private sectors in […]

AI Enabled Software Products: First Steps to Compliance

Chat-GPT has propelled artificial intelligence (AI) to the fore of public debate. The popularity of the ground-breaking chatbot has accelerated an arms-race in the technology sector to develop new goods and services and to enhance existing software products with AI capabilities. All organisations that use software from third party vendors embedding this functionality into existing […]

Decoding the European Data Protection Board’s Opinion on the European Commission’s Draft Adequacy Decision concerning the EU-US Data Privacy Framework

Introduction:  The Data Privacy Framework (DPF) is an attempt by the US to replace the invalidated Privacy Shield Agreement. The DPF contains within it a set of guarantees, safeguards and protections that aims to provide essentially equivalent protection to the data of EU citizens when it is transferred and processed within the US. Currently, the […]