EU GDPR

Cookies: An evolving picture

Posted on

Often website owners aren’t even aware that their websites are dropping cookies, especially those cookies which are used for behavioural advertising. Using these third party cookies advertisers can track a user across multiple websites. This helps build a profile for the user based on behaviours and habits, so advertisements can be targeted to their interests. […]

Brexit

Where can my personal data go? GDPR & Geography

Posted on
Which countries are safe for personal data processing, countries highlighted on a world map

Much has been written about the Brussels effect and how the EU is a regulatory superpower.  This article is about a different aspect of European Data Protection law and geography: it is about in which countries European’s personal data can lawfully be processed by default. Introduction Once data has been collected in our globalised world, […]

Brexit

Brexit & International Data Transfers

Posted on

International data transfers from the EU EU data protection law has evolved to provides common standards for data protection across Member States. With that evolution the EU now expect “adequacy” of data protection laws from third countries which are outside the EEA. This expectation was codified in the Data Protection Directive (1995) which prohibited the […]

Brexit

European Data Protection and Data Privacy law

Posted on

Without doubt Europe is driving the emergence of Data Protection laws across the globe. This tends to be framed as a result of the introduction of GDPR.  However as we have noted previously because of the two supranational legal orders in Europe,  today there are two subtlety different laws governing data protection as well as data […]

Data Breach

Re-Identification of anonymised data sets

Posted on

Many people seem that believe that a personal data can be anonymised by just writing over the identifier with asterixis. This is incorrect and exposes both the business or institution as well as the data subjects to major privacy risks. Useful Definitions Firstly it is worth considering two terms pseudonymisation & anonymisation again. The difference […]

Compliance

Do I have to do a Data Protection Impact Assessment?

Posted on

The law across Europe now says a DPIA is required when the processing is “likely to result in a high risk to the rights and freedoms of natural persons” (GDPR Article 35(1)).  Where the key term is “high risk”. To be clear not all processing requires a DPIA.  A DPIA is mandatory for that subset of processing activities which meet the threshold of high risk. Since GDPR […]

Documentation

What do you need in a GDPR privacy statement?

Posted on

Since the coming into force of the EU’s GDPR you will have noticed many GDPR privacy statements.  This is driven by the GDPR’s focus on transparency which is intrinsically linked to fairness and the principle of accountability. This is enumerated clearly in Article 5.2 where the onus is placed on the controller to demonstrate that personal data is […]

EU GDPR

Guest Blog by TenFold – Understanding the GDPR: General Data Protection Regulation

Posted on

The GDPR–or General Data Protection Regulation–is a regulation passed by the European Union on April 27, 2016, with an effective start date of May 25, 2018. Officially classified as regulation 2016/679, the GDPR expands upon and replaces the Data Protection Directive 95/46/EC of 1995. It serves as the EU’s effort to synchronize and harmonize laws on citizen and resident […]

EU GDPR

GDPR shifts the balance of right to individuals

Posted on

In legislating for the GDPR the European Union codifies the primacy of data protection in European law. EU law will grant enhanced rights to EU citizens  and residents (Data Subjects) which are superior to those enjoyed by citizens or residents of any other major state.  These rights can be summarised under two broad headings as the “right of access” and “right to […]

Audit

GDPR a primer

Posted on

General Data Protection Regulation or GDPR imposes new and arduous burdens on business and other organisations across Europe from May 2018.  Behaviours will have to change and companies have to make sure they are ready for the deadline or face fines up to 20 M euro. This primer summarises some aspects of the GDPR which […]