The Data Protection Blog

October 12, 2017

GDPR : Who’s most at risk and what’s the risk?

Facebook is under pressure as a result of a €1.2-million fine by the Spanish Data Protection Authority for not adequately collecting the consent of its user and non-users. This infringement of data privacy is the second in a matter of months, following a €150 000 fine from the French privacy regulators for a violation along similar lines.
October 11, 2017

Archive Or Delete : What Should You Do With Your Data?

The volume of data you have on your computer system grows by the day. But do you need it all and how will you manage the storage of it as it increases? Since backing up has become vital to business continuity, you need to be smart about what you keep and what you don’t. Redstor looks at the question in their data management article: Archive or delete – What should you do with your data?
October 10, 2017

Irish court asks for review on data transfers

In a move that spotlights the accelerating importance of data protection and privacy worldwide, Ireland’s High Court will ask the EU’s Court of Justice for a ruling on whether business enterprises operating via the Internet, such as social media giant Facebook, will be allowed to transfer users’ data to the United States. Needless to say, a ban on data transfers would have huge consequences not only for social media, but for all US enterprises that process data on EU residents, whether for online purchases, accommodation bookings or moving employee data between countries. Just think of all the US websites that are used heavily by Europeans every day: Amazon, Google, HomeExchange, Airbnb, Whatsapp and Booking.com.
October 6, 2017

GDPR365 announces strategic partnership with international data management experts, Redstor

In anticipation of the EU’s General Data Protection Regulation (GDPR), which will come into effect in May 2018, Redstor has partnered with compliance specialists GDPR365 to offer their clients a cloud-based software tool that will enable initial and ongoing compliance with the new data protection law. Every organisation – inside or outside the EU – that processes personal information belonging to individuals in the EU will need to comply with the GDPR. The regulation has been developed primarily to strengthen the rights of individuals and, as a result, sets new data privacy and protection standards for organisations doing business with Europe.
September 20, 2017

Equifax hack makes you ask: are US organisations ready for the GDPR?

On 7 September the The Washington Post reported that a security breach at Equifax, a US credit rating bureau, resulted in hackers gaining access to personal data belonging to an estimated 143 million individuals. Apparently, the breach was due to an 11-year-old website application flaw that compromised the personal information of not only Americans, but British and Canadian consumers. Amongst the stolen personal data are names, driver’s license details, credit card numbers, social security numbers and birth dates – basically the key ingredients for identity fraud.
September 19, 2017

Irish guidance on DPOs

Time is marching on to May 2018, when the EU’s data protection law will be revamped to give individuals much more control over their personal data. You probably already know that organisations need to show compliance with the General Data Protection Regulation (GDPR) and that many will need to employ a Data Protection Officer. But who can be a DPO? What do you need to do to become one? The role of a DPO has been relatively informal in the past but has now been formalised by the regulation. Still, the regulation doesn’t give hard and fast rules on the requirements or qualifications a DPO needs to have. To this end, the Irish Data Protection commissioner released guidance on what it sees as appropriate qualification.
September 11, 2017

THE GDPR will become law in the UK

On 7 August 2017 the UK Government committed to a new Data Protection Bill that will bring the UK’s laws into line with the EU’s General Data Protection Regulation, which comes into effect in May 2018. So finally (you can hear my audible sigh of relief), a couple of weeks ago, we received absolute clarity on what data protection will look like in the UK post-Brexit. If you’re based in the UK and have not yet read the Department for Digital, Culture Media & Sport statement of intent, please do so! Here is the link. It removes any uncertainty about what the data protection law will be post-Brexit.
August 29, 2017

What is a Data Protection Officer (DPO)?

DPO is an acronym for Data Protection Officer. A DPO is a person who is given formal responsibility for data protection compliance within an organisation. Under the EU’s General Data Protection Regulation (GDPR), some organisations will be required to appoint a DPO. When appointed, the GDPR prescribes a framework around the roles and responsibilities of the DPO. But it is important to note that not all organisations will have to appoint DPOs and that the DPOs themselves will not personally be responsible for an organisations non-compliance with the GDPR. Data protection compliance is ultimately the responsibility of the controller or processor of the personal data.
August 23, 2017
GDPR principles

7 Core principles of the GDPR

Understanding the principles of the General Data Protection Regulation (GDPR) is vital to becoming compliant with it. The principles of the GDPR expand on those of the Data Protection Directive of 1995 and introduce a new “accountability” requirement, which specifies that holders of personal information are responsible for compliance and must be able to demonstrate how they comply with the law. Every organisation that holds or uses European personal data inside or outside Europe – no matter the nature of its business or the sector in which it operates – is affected by the new data protection law.