The Online Safety Act (UK): Contents, Implementation, and Compliance

The controversial Online Safety Act (OSA) came into force as UK law on 26th October, presenting online service providers with new obligations to prevent and remove harmful content from their platforms. The regulator, Ofcom, has received enhanced enforcement powers and published its implementation approach with envisaged timelines for each stage. Organisations of any size providing […]

Is your organisation subject to NIS2?: How can you prepare?

The 2016 Network and Information Systems Directive (NIS) was EU wide legislation, which aimed to impose a common level of network and information system security across critical infrastructure within the EU Member States. However, this legislation left much up to Member States to determine, such as which entities come under its scope, the specific requirements, […]

Generative AI: Capabilities, Risks and Safeguards

Generative AI Capabilities Risks and Safeguards

Rapid advances in Generative AI (GenAI), which creates text, images, and media – drawing on the patterns and structure of input data to generate new data with similar characteristics – has seen its use grow over the past few years. Predictably, we are also witnessing how technological development is outpacing regulatory developments, exposing organisations to […]

The ICO’s Guidance on Workers Monitoring: Key Hints for Companies

On October 3, 2023, the Information Commissioner’s Office (ICO) adopted a guidance to assist employers in adhering to data protection laws while monitoring workers. The guidance applies to any form of monitoring (both systematic and occasional) of people who carry out work on behalf of an organisation, regardless of the nature of the contract between […]

Top Tips for Incident Response Planning

October is Cyber Security Month and it’s a good time to reflect on your organisation’s preparedness for responding to a serious incident such as a cyber-attack. Preparing for an incident is money well spent. Having well tested plans will ensure your response to an incident is more efficient and effective than it may otherwise have […]

What Can We Learn from the PSNI Data Breach?

In a recent data breach, the Police Service of Northern Ireland (PSNI) fell victim to human error in a Freedom of Information (FOI) response that demonstrated the importance of ensuring that data protection and freedom of information are well integrated. Over 100 countries have implemented FOI laws, which allow individuals to request access to data […]

Navigating Data Scraping Challenges: Protecting User Privacy in the Digital Age

On August 24, 2023, 12 data protection authorities members of the Global Privacy Alliance’s International Enforcement Cooperation Working Group, including the Information Commissioner’s Office, adopted a joint statement concerning data scraping. The joint statement primarily addresses the privacy risks associated with data scraping and also offers an overview of measures that organizations and individuals can […]

Preparing for NIS 2 Directive: Obligations and Implementation Strategies

On 16 January 2023 the NIS 2 Directive (Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union) came into force. NIS 2 is a continuation, expansion and replacement of the original cybersecurity directive NIS 1 (Directive EU 2016/1148). NIS 2 aims to future-proof NIS 1 on account of the […]

How to introduce third-party applications: Lessons from NHS Lanarkshire

The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Lanarkshire for breaches of the UK General Data Protection Regulation (UK GDPR), arising from the sharing of patient personal data via WhatsApp. The case-study offers actionable insights for other data controllers into how to effectively manage the introduction of new applications (apps)into their organisations […]