Transatlantic Data Privacy Framework a Step Closer – What Next?
With transatlantic data flows under scrutiny since court rulings in both Schrems I and Schrems II resulting in the invalidation of previous data transfer frameworks, organisations have been seeking to ensure that US data transfers can continue to flow lawfully. Post ‘Schrems’, Standard Contractual Clauses (SCCs) have been the transfer mechanism of choice for many […]
How to plan, deliver and maintain a robust Record of Processing Activities project
In addition to being a requirement under Article 30 of the GDPR, the Record of Processing Activity (RoPA) can also be a key data protection compliance driver for your organisation. In previous articles, we have provided guidance on the specific requirements of Article 30, its relevance to organisations, the implications of non-compliance and the steps […]
Action taken by the ICO for failures relating to Subject Access Requests (SARs) and top tips to avoid caseload backlogs
In response to multiple complaints, the Information Commissioner’s Office in the United Kingdom has issued reprimands against a number of organisations for failing to meet statutory obligations under the right of access set out in the UK GDPR. These organisations, including government departments, local authorities and a high profile communications company, have been publicly named […]
CESIUM shines a light on the hidden exploitation of children
In a recent validation test, CESIUM identified 16 children several months before they were referred by safeguarding partners. A child being exploited has no voice, lives in fear of those exploiting them, and is hopeless to find a way out; they can depend only upon responsible adults in their community to recognise the signs and […]
EDPB instructs Irish DPC to expand infringements against Instagram in €405M fine
This month (September 2022), the Irish Data Protection Commission (DPC) issued a decision which included the imposition of a fine on Meta related to its social media platform, Instagram. The Meta fine was issued by the DPC following input from Supervisory Authorities from other EU Member States into the DPCs draft decision and a subsequent […]
A Retention Schedule for your Organisation
The General Data Protection Regulation (GDPR) has been in force for over four years, and many are now well aware of the seven core principles of the GDPR. One of these which is often overlooked is storage limitation, instructing us that data must not be kept for longer than is necessary. For many, depending on […]
Ransomware Threat Landscape – Common access points and how to protect against attacks
It’s rare that a month goes by without a significant hacking incident or ransomware attack entering the public domain. As you swipe from one ransomware news item to the next, you could be forgiven for thinking you are up to speed. However, the majority of ransomware attacks are not reported, with organisations often preferring to […]
Draft UK Data Protection and Digital Information Bill
On July 18, 2022, the U.K. government introduced the Draft Data Protection and Digital Information Bill (hereafter referred to as the “Bill”) to the House of Commons. Publication of the Bill was the natural next step following on from the consultation in September 2021 on the reform of UK data protection law, the final response […]
Expansion of the Data Protection Commission
On the 27th of July the Department of Justice announced that the Government had approved the expansion of the Data Protection Commission by two additional Commissioners. The Data Protection Commission (DPC) since its inception, has had only one Commissioner. The appointments will be made in accordance with Section 15 of the Data Protection Act, 2018 […]
Landmark CJEU judgment confirms broad interpretation of Special Category Data
Earlier this month, a case referred by the Regional Administrative Court of Lithuania to the CJEU OT v Vyriausioji tarnybinės etikos komisija resulted in a landmark judgment that included a broad interpretation of what constitutes special category personal data, which should give pause for thought for all organisations processing personal data. This article explains the potential […]
