How to plan, deliver and maintain a robust Record of Processing Activities project

Planning for Record of Processing Activities

In addition to being a requirement under Article 30 of the GDPR, the Record of Processing Activity (RoPA) can also be a key data protection compliance driver for your organisation. In previous articles, we have provided guidance on the specific requirements of Article 30, its relevance to organisations, the implications of non-compliance and the steps […]

A Retention Schedule for your Organisation

Data Storage

The General Data Protection Regulation (GDPR) has been in force for over four years, and many are now well aware of the seven core principles of the GDPR. One of these which is often overlooked is storage limitation, instructing us that data must not be kept for longer than is necessary. For many, depending on […]

Mapping and understanding human factors in effective cybersecurity: a finance-sector organisation case study

The role of human factors in cybersecurity has gained increasing interest in the past decade. Social science research methods can provide a unique avenue for obtaining a holistic overview of how cybersecurity is both implemented and perceived within an organisation. One-to-one semi-structured interviews were conducted with 17 participants from a finance sector organisation. Five themes […]

Expansion of the Data Protection Commission

On the 27th of July the Department of Justice announced that the Government had approved the expansion of the Data Protection Commission by two additional Commissioners. The Data Protection Commission (DPC) since its inception, has had only one Commissioner. The appointments will be made in accordance with Section 15 of the Data Protection Act, 2018 […]

Landmark CJEU judgment confirms broad interpretation of Special Category Data 

Earlier this month, a case referred by the Regional Administrative Court of Lithuania to the CJEU OT v Vyriausioji tarnybinės etikos komisija resulted in a landmark judgment that included a broad interpretation of what constitutes special category personal data, which should give pause for thought for all organisations processing personal data. This article explains the potential […]

Regulating Cybersecurity: The EDPS Opinion on the Proposal for a Regulating  Cybersecurity and the Creation of a High Common Standard for EUIs (European Union Institutions)

The Proposed European Commission Proposal for Cybersecurity Regulation lays down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union (EUIs). The Proposal constitutes one of the regulatory initiatives of the EU’s Cybersecurity Strategy for the Digital Decade from 16 December 2020. It will impact EUIs and […]

ENISA’s Cybersecurity Certification

ENISA Cybersecurity Certification

On 2nd–3rd June, ENISA held the 2022 edition of its Cybersecurity Certification Conference. The conference focused on the future of certification and how certification schemes will be developed and implemented as part of the EU’s certification approach. The ENISA Cybersecurity Certification Conference provided insightful presentations and panel discussions from cybersecurity experts, service providers, Conformity Assessment […]

What the Public Sector Cyber Security Baseline Standards Mean for your Organisation

The cyber-attack on the Irish Health Service Executive (HSE) in 2021 brought cybersecurity into sharp focus, particularly for public service bodies (PSBs). If the likelihood of cyber incidents of this nature and impact seemed remote to many within the public sector prior to this attack, they were now fully aware of their vulnerability. The introduction […]

Article 30 Record Keeping – Know your data

Record Keeping

Following the ‘Ask the DPC anything’ webinar hosted by the Irish branch of EADPP – European Association of Data Protection Professionals, it has been suggested that the Irish Supervisory Authority, the Data Protection Commission (DPC) is planning a “deep dive” review of organisations’ documentation of their processing activities, across a range of sectors.  The DPC […]