Data protection challenges and priorities 2023: The Annual IAPP-EY Privacy Governance Report

Each year the International Association of Privacy Professionals and Ernst & Young team up to survey the privacy landscape across the globe. To do so they survey hundreds of privacy professionals in different regions, sectors and countries to identify key trends in professionals’ and organisations’ experience and expectations to guide activities for the following year. […]

The ICO’s Transfer Risk Assessment and How it works in Practice

On 17 November 2022 the Information Commissioner’s Office (ICO) published much needed guidance on international data transfers alongside a Transfer Risk Assessment (TRA) tool. The tool is designed to assist data controllers in assessing whether restricted data transfers can be made. Restricted transfers (UK) are data transfers made from the UK to a third country […]

“Data scraping” investigation results in €265m data protection fine for Meta

Meta fined in Ireland

Background Meta Ireland Platforms Limited (“Meta”, formerly Facebook Ireland Limited) is the subject of another fine from the Irish Data Protection Commission (“the DPC”) following what it termed its “Data Scraping” investigation into Meta platforms. This investigation by the DPC had commenced in Spring of 2021 after news broke of a leaked dataset online containing […]

Digital Services Act: A First Step in Regulating the Online Environment

The Digital Services Act (DSA), which entered into force on 16 November 2022, marks a milestone in the fight to create a safe online environment. As a Regulation, the Act is directly applicable and will therefore ensure there is harmonised approach throughout the EU. The Act not only tackles illegal activities but also imposes new […]

When is a data breach notifiable to the Supervisory Authority?

Article 33 of the General Data Protection Regulation (GDPR) imposes obligations on data controllers to report personal data breaches to the relevant Supervisory Authority (SA) within 72 hours of the data controller becoming aware of the breach. These obligations arise unless the personal data breach is unlikely to result in a risk to the rights and freedoms […]

What Are The Risks Of Not Sharing Data For Safeguarding Children?

Child exploitation is too often hidden in plain sight which makes it hard to detect and tackle. In response, Trilateral Research has co-designed the CESIUM Application with Lincolnshire Police to identify children who are vulnerable to exploitation. CESIUM promotes intelligence collaboration for safeguarding children by using our ethical artificial intelligence (Ethical AI) to gain new […]

Transatlantic Data Privacy Framework a Step Closer – What Next?

Transatlantic Data Privacy

With transatlantic data flows under scrutiny since court rulings in both Schrems I and Schrems II  resulting in the invalidation of previous data transfer frameworks, organisations have been seeking to ensure that US data transfers can continue to flow lawfully. Post ‘Schrems’, Standard Contractual Clauses (SCCs) have been the transfer mechanism of choice for many […]

How to plan, deliver and maintain a robust Record of Processing Activities project

Planning for Record of Processing Activities

In addition to being a requirement under Article 30 of the GDPR, the Record of Processing Activity (RoPA) can also be a key data protection compliance driver for your organisation. In previous articles, we have provided guidance on the specific requirements of Article 30, its relevance to organisations, the implications of non-compliance and the steps […]