dcsimg

GDPR – maintaining compliance and Brexit

In our final blog, GDPR – One Year On, Alice Turley examines the impact of the GDPR maintaining compliance with the Regulation, and the effect of Brexit on the Regulation.     Key messages from the DPC The Association of Compliance Officers in Ireland held a conference on 31 March 2019 focusing on data breach notifications and risk assessments. Among those speaking was Niall Cavanagh, … [Read more...]

British Airways fine could be the start of GDPR tidal wave

Earlier this week, the ICO (Information Commissioner’s Office), the UK’s data protection authority, announced that it would be fining British Airways £183.4 million (about €204 million) for a data breach that occurred last year.  The incident, which affected 500,000 customers, involved a sophisticated attack in which criminals diverted traffic from British Airways’ website to a bogus replica, … [Read more...]

Why your organisation needs a privacy notice

Your organisation must create and circulate a privacy notice. It’s a document given to data subjects explaining how their personal data is being collected and used.  Any organisation that’s subject to the GDPR (General Data Protection Regulation) is required to have a privacy policy, as it helps them comply with two of Regulation’s core principles.  First, it promotes … [Read more...]

Things to consider when processing biometric data

Biometric data is being used in countless systems these days. If you’ve ever used your fingerprint scan to unlock your phone or facial recognition software, then your biometric data is being processed.  But like any form of data, biometrics – i.e. information relating to individual’s physical, physiological or behavioural characteristics – are potentially accessible by malicious sources, and the … [Read more...]

An overview of the GDPR with Alice Turley, data protection expert

The GDPR (General Data Protection Regulation), which came into effect on 25 May 2018, places obligations on organisations to be more accountable for data protection.   What is personal data?  Personal data is any information relating to an identified or identifiable natural person (data subject). The GDPR places much stronger controls on the processing of special categories of personal data … [Read more...]

The GDPR: How to respond to data subject access requests

The introduction of the GDPR (General Data Protection Regulation) requires all organisations within its scope to give data subjects the right to review the personal data being held on them.  Individuals can make this request by submitting a DSAR (data subject access request), which organisations must respond to by providing:  Confirmation that the individual’s data is being processed.  Access to … [Read more...]

The GDPR: When do you need to seek consent?

One of the most misunderstood aspects of the GDPR (General Data Protection Regulation) is its consent requirements. Many people believe that organisations must get consent to process personal data, but that’s not true. Consent is only one of the six lawful grounds you can seek, and it’s generally regarded as the least preferable option. Where possible, you should seek one of the following … [Read more...]

How to write GDPR-compliant consent forms

The new consent requirements introduced in the GDPR (General Data Protection Regulation) mean you need to be extra vigilant when it comes to requesting information. The rules for lawful consent are much tougher than in the past, and savvy data subjects will be bound to query anything that seems suspicious.  You can be sure your data processing activities meet the GDPR’s consent … [Read more...]

IT Governance Europe exhibiting at TechConnect Live 2019

IT Governance Europe will be exhibiting at this year’s TechConnect Live in Dublin on 30 May 2019.   Attendees are invited to visit us at stand F18, where we will be presenting a wide range of GDPR (General Data Protection Regulation), IT GRC (governance, risk and compliance), and cyber and technical products and services. Our team will be on hand to … [Read more...]

GDPR non-compliance costs data analytics company €220,000

Bisnode, a Swedish data analytics company with a base in Poland, has been hit with a €220,000 (PLN 944,470) fine from Poland’s data protection authority, UODO. The fine was issued after Bisnode failed to inform millions of people that it was processing their data, denying them the opportunity to object to the processing, and the right to rectification or erasure of their details, as noted in … [Read more...]