EU Digital Services Act and Digital Markets Act – Compliance Countdown

The EU Digital Services Act (DSA) came into force on 17 February 2024, with the Digital Markets Act (DMA) applying to the specifically designated ‘gatekeepers’ from now onwards; both are quickly being exercised by regulators. A proactive two-pronged approach to enforcement activities has been apparent from the outset, in addition to standalone actions.  Organisations of […]

Responding to Cyberattacks: A European Approach

Cyberattacks and cyberthreats have become increasingly prominent in the news. Every month there is at least one major cyberattack featured in European mass media, while thousands go unnoticed and unreported. If cyber threats and cyberattacks are becoming an everyday reality, how can society respond, and who is responsible for that response?   The literature  As part […]

Learning from European Commission’s Data Compliance Gap in the Use of Microsoft Services

The European Data Protection Supervisor (EDPS) has recently shared in a press release the outcome of its investigation into the European Commission (EC)’s use of Microsoft 365 (MS 365). It identified several instances of non-compliance, particularly concerning international transfers of personal data. These findings extend beyond MS 365 procurement, potentially affecting any IT service provider […]

EU Parliament passes AI Act

Over the last few months, European and multi-national organisations have been waiting for the outcome of the vote on the world’s first comprehensive piece of AI legislation. While an early version of the EU’s AI Act was largely agreed in 2022, recent innovations, including Generative AI like Chat-GPT, called the efficacy of some of the […]

European Data Protection Board’s (EDPB) Coordinated Enforcement Action: Role and Responsibilities of Data Protection Officers (DPOs)

On 16th January 2024, the EDPB released a report based on the second coordinated enforcement action (CEF 2023), focusing on the designation and position of DPOs. This report follows a coordinated enforcement action involving 25 European Economic Area (EEA) supervisory authorities (SAs) under the EDPB’s CEF. This article delves into the recent report discussing the […]

ICO Issues Draft Guidance on Employment Records and the Recruitment and Selection Process

On 12 December 2023, the Information Commissioner’s Office (ICO) released two draft guidance documents regarding employment practices and data protection, in order to help organisations identify their data protection obligations under the UK data protection legislation. The first guidance provides practical advice to employers on keeping employment records. The second guidance assists employers with compliance […]

The Impact of AI on Cybersecurity Threats and How to Best Defend Against These

The launch of ChatGPT marked a turning point in our Information age, the overnight surge in the uptake of AI it created has only continued to increase. This trend shows no signs of abating.  Whilst this era of AI offers humanity many significant opportunities for advancement, there are also important implications for cybersecurity. This article […]

Towards Ethical Data Sharing Solutions for Resilient Healthcare Systems

Many people familiar with the world of tech have heard the phrase “data is the new oil.” It’s easy to dismiss the saying as a celebration of techno-capitalism’s most promising (and least ethical) revenue stream, but the analogy extends beyond profit. Both have the potential to power society. Data is often locked away—in organisational siloes, […]