Compliance

Convention 108: What and who?

Posted on
Graphic showing the words: Council of Europe Convention 108

As we have written about elsewhere on this site, Convention 108 was the first enforceable Data Protection transnational legislation globally.  As the Council of Europe (CoE) describes it “This Convention is the first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data and which seeks […]

Brexit

Where can my personal data go? GDPR & Geography

Posted on
Which countries are safe for personal data processing, countries highlighted on a world map

Much has been written about the Brussels effect and how the EU is a regulatory superpower.  This article is about a different aspect of European Data Protection law and geography: it is about in which countries European’s personal data can lawfully be processed by default. Introduction Once data has been collected in our globalised world, […]

Brexit

Brexit & International Data Transfers

Posted on

International data transfers from the EU EU data protection law has evolved to provides common standards for data protection across Member States. With that evolution the EU now expect “adequacy” of data protection laws from third countries which are outside the EEA. This expectation was codified in the Data Protection Directive (1995) which prohibited the […]

Brexit

European Data Protection and Data Privacy law

Posted on

Without doubt Europe is driving the emergence of Data Protection laws across the globe. This tends to be framed as a result of the introduction of GDPR.  However as we have noted previously because of the two supranational legal orders in Europe,  today there are two subtlety different laws governing data protection as well as data […]

Brexit

European supranational legal orders

Posted on

The mess of acronyms which denote various European organisations can be overwhelming. None more so that the legal orders and courts involved in European Data Protection. In this article we explain the origins and purposes of the two main courts CJEU and ECtHR. The big European institutions We discuss the two major European institutions: the […]

Data Breach

Re-Identification of anonymised data sets

Posted on

Many people seem that believe that a personal data can be anonymised by just writing over the identifier with asterixis. This is incorrect and exposes both the business or institution as well as the data subjects to major privacy risks. Useful Definitions Firstly it is worth considering two terms pseudonymisation & anonymisation again. The difference […]

Compliance

Do I have to do a Data Protection Impact Assessment?

Posted on

The law across Europe now says a DPIA is required when the processing is “likely to result in a high risk to the rights and freedoms of natural persons” (GDPR Article 35(1)).  Where the key term is “high risk”. To be clear not all processing requires a DPIA.  A DPIA is mandatory for that subset of processing activities which meet the threshold of high risk. Since GDPR […]

Data Breach

Data Breaches across Europe

Posted on

A Data Protection Commission 2018 survey reported that GDPR awareness amongst Irish SMEs is pleasingly high (90%). However, a 2018 MicroWarehouse survey of 100 CIOs and IT Managers found that large implementation gaps remain. Over 50% of Irish SMEs had yet to implement data protection measures, with 30% of respondents reporting that cyber security is […]

Compliance

CCTV and Data Privacy: What’s the story?

Posted on

A sensible and well-designed and CCTV system is a powerful tool for deterring criminals and tackling security issues. On the other hand, badly designed systems, cause legal and PR problems while generating a false sense of security. In our experience, privacy and security are not mutually exclusive. We find a pragmatic approach based on the […]