DPIA

The origin of Data Protection Impact Assessments

Posted on

The use of an assessment methodology to personal understand privacy risks and rights has been known since the mid-1990s [1]. The growing interest in what were then called Privacy Impact Assessments (PIA) was triggered by the exponential growth of data storage and analysis plus the public reaction to the inevitable leaks and scandals. Today DPIAs […]

Compliance

Cookies Can Kill You!

Posted on

Website owners targeting EU and EEA EFTA residents must take steps to protect themselves following yet another court ruling. Websites that drop third-party cookies and other trackers without proper end-user consent, will find themselves in legal jeopardy as they are now deemed responsible for personal data collected using cookies that is shared with other organisations. Since […]

Compliance

Convention 108: What and who?

Posted on
Graphic showing the words: Council of Europe Convention 108

As we have written about elsewhere on this site, Convention 108 was the first enforceable Data Protection transnational legislation globally.  As the Council of Europe (CoE) describes it “This Convention is the first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data and which seeks […]

Brexit

European supranational legal orders

Posted on

The mess of acronyms which denote various European organisations can be overwhelming. None more so that the legal orders and courts involved in European Data Protection. In this article we explain the origins and purposes of the two main courts CJEU and ECtHR. The big European institutions We discuss the two major European institutions: the […]

Data Breach

Re-Identification of anonymised data sets

Posted on

Many people seem that believe that a personal data can be anonymised by just writing over the identifier with asterixis. This is incorrect and exposes both the business or institution as well as the data subjects to major privacy risks. Useful Definitions Firstly it is worth considering two terms pseudonymisation & anonymisation again. The difference […]

Data Breach

Data Breaches across Europe

Posted on

A Data Protection Commission 2018 survey reported that GDPR awareness amongst Irish SMEs is pleasingly high (90%). However, a 2018 MicroWarehouse survey of 100 CIOs and IT Managers found that large implementation gaps remain. Over 50% of Irish SMEs had yet to implement data protection measures, with 30% of respondents reporting that cyber security is […]

Audit

PECR: an Introduction

Posted on

Privacy and Electronic Communications Directive (PECR) refers to a set of European directives which have been issued and refined since 2002. These directives were written specifically to address the requirements of new digital technologies and ease the adoption of new and innovative electronic communications services. The Directives complement the Data Protection Directive and applies to […]

EU GDPR

Guest Blog by TenFold – Understanding the GDPR: General Data Protection Regulation

Posted on

The GDPR–or General Data Protection Regulation–is a regulation passed by the European Union on April 27, 2016, with an effective start date of May 25, 2018. Officially classified as regulation 2016/679, the GDPR expands upon and replaces the Data Protection Directive 95/46/EC of 1995. It serves as the EU’s effort to synchronize and harmonize laws on citizen and resident […]

Compliance

Big Data : The New Oil or Nuclear Waste?

Posted on
Data leaking is like nuclear waste leaking. Once we believed that big data would drive new industries by monitoring data freely. Now we see its a bit more complicated.

We have been told that big data usage will differentiate successful businesses from failures.  That is probably true, but not only as “the new oil” driving innovation.  Perhaps data is more like nuclear waste, it costs a fortune to store and when it leaks…..? The new oil arguments for using big data are well known: […]