dcsimg

GDPR – maintaining compliance and Brexit

In our final blog, GDPR – One Year On, Alice Turley examines the impact of the GDPR maintaining compliance with the Regulation, and the effect of Brexit on the Regulation.     Key messages from the DPC The Association of Compliance Officers in Ireland held a conference on 31 March 2019 focusing on data breach notifications and risk assessments. Among those speaking was Niall Cavanagh, … [Read more...]

How to become a data protection officer

As you might have expected, the GDPR (General Data Protection Regulation) has created a spike in demand for data protection and privacy experts. Organisations are desperate to hire people who can guide them towards regulatory compliance and avoid large fines.  For many organisations, this isn’t just a wish; they are legally required to find such a person and appoint them as a DPO (data protection … [Read more...]

The GDPR: Why you need to review your third-party service providers’ security

Organisations share personal data with third parties all the time, but can they be trusted?  The GDPR (General Data Protection Regulation) extended the scope of responsibility when it comes to data protection and privacy, so where does that leave you when it comes to security incidents caused by service providers?    How third-party relationships work under the GDPR Before we begin, let’s be … [Read more...]

Data breach costs Netherlands hospital €460,000

Haga Hospital, based in the Netherlands, was this week fined €460,000 by the Dutch data protection authority (AP) for breaching the GDPR (General Data Protection Regulation).   Haga was investigated by the AP after 85 hospital employees had access to the medical records of Samantha de Jong, AKA Barbie, a well–known Dutch reality TV star.   In addition to the fine, Haga must improve the … [Read more...]

Apple hit with third DPC enquiry

Ireland’s DPC (Data Protection Commissioner) has launched a third investigation into Apple’s GDPR (General Data Protection Regulation) compliance.  The investigation will examine the tech giant’s compliance with the relevant GDPR provisions in relation to a customer’s DSAR (data subject access request). It follows two investigations opened last year into Apple’s processing of personal data and … [Read more...]

Should you take a GDPR or DPO training course?

The introduction of the GDPR (General Data Protection Regulation) has led to a surge in interest in data protection training courses.  Education is particularly important for anyone taking on the responsibilities of the DPO (data protection officer), a position that’s become a formal requirement for many organisations.  But how should you pursue training? Should you enrol on a DPO training … [Read more...]

How the GDPR affects CCTV and workplace monitoring

Did you know that the GDPR (General Data Protection Regulation) doesn’t just apply to basic information like names and addresses, but also to information about people’s habits and movements?  This means that things like having CCTV and monitoring employees’ browsing activities are covered by the Regulation.  However, that doesn’t mean you can no longer put up cameras or track your employees; it … [Read more...]

British Airways fine could be the start of GDPR tidal wave

Earlier this week, the ICO (Information Commissioner’s Office), the UK’s data protection authority, announced that it would be fining British Airways £183.4 million (about €204 million) for a data breach that occurred last year.  The incident, which affected 500,000 customers, involved a sophisticated attack in which criminals diverted traffic from British Airways’ website to a bogus replica, … [Read more...]

List of data breaches and cyber attacks by region: June 2019

It’s been a bad month for Australia and Canada: dumped out of the Women’s World Cup and responsible for 13 data breaches. Meanwhile, another Irish hospital has left medical records on a city street for the public to find and local US governments continue to be plagued by ransomware. In total, there were at least 62 data breaches and cyber attacks in June 2019. You can read the full list below, and … [Read more...]

From pandemonium to fines – a review of GDPR enforcement in Europe

Do you remember the Y2K bug in the run-up to the new millennium? Warnings that computer systems and networks would stop functioning on 1 January 2000 led to panic and pandemonium as people prepared for its impact.   In some ways, the introduction of the GDPR (General Data Protection Regulation) was reminiscent of the Y2K scare.  Despite the two-year transition period, a lot of organisations left … [Read more...]