When is a data breach notifiable to the Supervisory Authority?

Article 33 of the General Data Protection Regulation (GDPR) imposes obligations on data controllers to report personal data breaches to the relevant Supervisory Authority (SA) within 72 hours of the data controller becoming aware of the breach. These obligations arise unless the personal data breach is unlikely to result in a risk to the rights and freedoms […]

Publishing house fined for data security violation under the GDPR

In late 2021, the Spanish Data Protection Authority (‘AEPD’) initiated an investigation on the data processing activities of Bayard Revistas S.A., a publishing house in Madrid, after receiving a complaint by an individual. According to this complaint, the person in charge of Bayard’s web portal notified all data subjects via e-mail that a third party […]

Landmark CJEU judgment confirms broad interpretation of Special Category Data 

Earlier this month, a case referred by the Regional Administrative Court of Lithuania to the CJEU OT v Vyriausioji tarnybinės etikos komisija resulted in a landmark judgment that included a broad interpretation of what constitutes special category personal data, which should give pause for thought for all organisations processing personal data. This article explains the potential […]

Article 30 Record Keeping – Know your data

Record Keeping

Following the ‘Ask the DPC anything’ webinar hosted by the Irish branch of EADPP – European Association of Data Protection Professionals, it has been suggested that the Irish Supervisory Authority, the Data Protection Commission (DPC) is planning a “deep dive” review of organisations’ documentation of their processing activities, across a range of sectors.  The DPC […]

Human intervention and human oversight in the GDPR and AI Act

Differences and Practical Challenges The GDPR introduced the notion of ‘human intervention’ as a way to prevent, in certain circumstances, decision-making based solely on automated means. The forthcoming AI proposal for a Regulation (“AI Act”) uses the term ‘human oversight’ and sets out certain obligations. For instance, in December 2021, the European Committee of the […]

Helping SMEs better cope with the GDPR

thumbnail scaled 1

As part of the STAR II project, TRI has been working on better understanding how small and medium enterprises (SMEs) have coped with the GDPR, and the challenges they have faced. The project has also researched how EU data protection authorities have attempted to support SMEs and the guidance they have made available. These findings […]

Developing GDPR training materials for data protection authorities

We are delighted to introduce the STAR GDPR training material. As a result of the collaboration between the Law, Science, Technology & Society research group at VUB (https://lsts.research.vub.be/), the Hungarian data protection authority NAIH (https://naih.hu/) and Trilateral Research, as part of the EC funded project STAR, we have developed a set of General Data Protection […]

The GDPR: A business imperative

In this article, we look at what it means to be GDPR compliant and the benefits of doing so. Referring to the latest study carried out by the European project STAR II, Trilateral Research’s Data Protection Consultant Kai Matturi investigates the impact surrounding SMEs not being GDPR compliant and the effects it can have on […]

Privacy, data protection and drone operations: the new EASA Guidance

Trilateral’s DroneRules PRO materials on privacy and data protection have been included in official European Aviation Safety Agency Guidance to assist the drone industry to comply with the new EU wide drone Regulations and the General Data Protection Regulation (GDPR). In 2018 the European Aviation Safety Agency (EASA) took over regulatory responsibility for the use […]