DPIA

The origin of Data Protection Impact Assessments

Posted on

The use of an assessment methodology to personal understand privacy risks and rights has been known since the mid-1990s [1]. The growing interest in what were then called Privacy Impact Assessments (PIA) was triggered by the exponential growth of data storage and analysis plus the public reaction to the inevitable leaks and scandals. Today DPIAs […]

Brexit

Brexit & International Data Transfers

Posted on

International data transfers from the EU EU data protection law has evolved to provides common standards for data protection across Member States. With that evolution the EU now expect “adequacy” of data protection laws from third countries which are outside the EEA. This expectation was codified in the Data Protection Directive (1995) which prohibited the […]

Data Breach

Re-Identification of anonymised data sets

Posted on

Many people seem that believe that a personal data can be anonymised by just writing over the identifier with asterixis. This is incorrect and exposes both the business or institution as well as the data subjects to major privacy risks. Useful Definitions Firstly it is worth considering two terms pseudonymisation & anonymisation again. The difference […]

Compliance

Do I have to do a Data Protection Impact Assessment?

Posted on

The law across Europe now says a DPIA is required when the processing is “likely to result in a high risk to the rights and freedoms of natural persons” (GDPR Article 35(1)).  Where the key term is “high risk”. To be clear not all processing requires a DPIA.  A DPIA is mandatory for that subset of processing activities which meet the threshold of high risk. Since GDPR […]

Data Breach

Data Breaches across Europe

Posted on

A Data Protection Commission 2018 survey reported that GDPR awareness amongst Irish SMEs is pleasingly high (90%). However, a 2018 MicroWarehouse survey of 100 CIOs and IT Managers found that large implementation gaps remain. Over 50% of Irish SMEs had yet to implement data protection measures, with 30% of respondents reporting that cyber security is […]

Compliance

CCTV and Data Privacy: What’s the story?

Posted on

A sensible and well-designed and CCTV system is a powerful tool for deterring criminals and tackling security issues. On the other hand, badly designed systems, cause legal and PR problems while generating a false sense of security. In our experience, privacy and security are not mutually exclusive. We find a pragmatic approach based on the […]

DPIA

The What, Which, When & Who of DPIAs

Posted on
DPIAs are how an organisation manages risk when start a new type of data processing

Data Protection Impact Assessments (DPIAs) are an often misunderstood element of GDPR compliance. Like so much of the GDPR there is little precision in the regulations, but a process must be followed and an artefact must be produced.  This DigiTorc article, one of a series of occasional articles, defines: What a DPIA must consist of? Which processing activities require a DPIA? […]

Documentation

What do you need in a GDPR privacy statement?

Posted on

Since the coming into force of the EU’s GDPR you will have noticed many GDPR privacy statements.  This is driven by the GDPR’s focus on transparency which is intrinsically linked to fairness and the principle of accountability. This is enumerated clearly in Article 5.2 where the onus is placed on the controller to demonstrate that personal data is […]

EU GDPR

Guest Blog by TenFold – Understanding the GDPR: General Data Protection Regulation

Posted on

The GDPR–or General Data Protection Regulation–is a regulation passed by the European Union on April 27, 2016, with an effective start date of May 25, 2018. Officially classified as regulation 2016/679, the GDPR expands upon and replaces the Data Protection Directive 95/46/EC of 1995. It serves as the EU’s effort to synchronize and harmonize laws on citizen and resident […]

Audit

First five questions for GDPR compliance

Posted on

When confronted with the looming deadline of May 2018 for GDPR compliance there are five big questions any organisation should ask. Who deals with personal data in your organisation? Individuals or departments whichever is appropriate. What data do you gather across organisation?  list it out there may be repetition which can be rationalised later. Why is the data collected or processed? Different users may have […]