Compliance

Cookies Can Kill You!

Posted on

Website owners targeting EU and EEA EFTA residents must take steps to protect themselves following yet another court ruling. Websites that drop third-party cookies and other trackers without proper end-user consent, will find themselves in legal jeopardy as they are now deemed responsible for personal data collected using cookies that is shared with other organisations. Since […]

Compliance

Convention 108: What and who?

Posted on
Graphic showing the words: Council of Europe Convention 108

As we have written about elsewhere on this site, Convention 108 was the first enforceable Data Protection transnational legislation globally.  As the Council of Europe (CoE) describes it “This Convention is the first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data and which seeks […]

Brexit

European Data Protection and Data Privacy law

Posted on

Without doubt Europe is driving the emergence of Data Protection laws across the globe. This tends to be framed as a result of the introduction of GDPR.  However as we have noted previously because of the two supranational legal orders in Europe,  today there are two subtlety different laws governing data protection as well as data […]

Compliance

Do I have to do a Data Protection Impact Assessment?

Posted on

The law across Europe now says a DPIA is required when the processing is “likely to result in a high risk to the rights and freedoms of natural persons” (GDPR Article 35(1)).  Where the key term is “high risk”. To be clear not all processing requires a DPIA.  A DPIA is mandatory for that subset of processing activities which meet the threshold of high risk. Since GDPR […]

Compliance

CCTV and Data Privacy: What’s the story?

Posted on

A sensible and well-designed and CCTV system is a powerful tool for deterring criminals and tackling security issues. On the other hand, badly designed systems, cause legal and PR problems while generating a false sense of security. In our experience, privacy and security are not mutually exclusive. We find a pragmatic approach based on the […]

Audit

PECR: an Introduction

Posted on

Privacy and Electronic Communications Directive (PECR) refers to a set of European directives which have been issued and refined since 2002. These directives were written specifically to address the requirements of new digital technologies and ease the adoption of new and innovative electronic communications services. The Directives complement the Data Protection Directive and applies to […]

Audit

Four key points to include in contracts between Data Controllers and Data Processors

Posted on

The General Data Protection Regulation (2016/679), imposes clear requirements controlling the appointment of data processors by data controllers.  One of these is a requirement prescribing various matters which must be stipulated in a written contract (Article 28). As and from 25 May 2018 all agreements between Data Controllers and Data Processors need to meet these new GDPR requirements. This is a major change for many organisations, […]

Compliance

Consent: one of six lawful bases to process personal data, in GDPR

Posted on

Article 6 of Regulation 2016/679, the General Data Protection Regulation (hereafter: GDPR). sets the conditions for a lawful personal data processing and describes the six and only six, lawful bases for personal data processing, only one of which is consent. It is important to note that one of these six bases must be established prior to processing for each specific purpose. Generally, consent can only […]

Audit

GDPR and Charities in Ireland

Posted on

Ireland is fortunate in having a thriving voluntary sector. A sector which between employment, sport, caring and entertainment touches the lives of almost every citizen on the island of Ireland. Possibly retaining personal data on every citizen on the Island of Ireland. Every city, town and parish in the country has sports clubs and schools […]