Data Protection Archive
The Irish Court of Appeal has upheld a decision that a hospice employee’s data protection rights were violated in an investigation over workplace conduct. Cormac Doolin became embroiled in the investigation after someone at his workplace, the Dublin-based Our Lady’s …
The EDPB (European Data Protection Board) has published new draft guidelines on how to calculate fines for GDPR (General Data Protection Regulation) violations. Much of the discussion surrounding the GDPR has centred on the disciplinary powers it gives to regulators, …
Organisations share personal data with third parties all the time, but can they be trusted? The GDPR (General Data Protection Regulation) extended the scope of responsibility when it comes to data protection and privacy, so where does that leave you when it comes to security incidents caused by …
The longer a breach goes undetected, the more embarrassing it is for the organisation in question. But what’s a good target for identifying an incident?
We’ve come a long way since the panic and scepticism that accompanied the introduction of the GDPR (General Data Protection Regulation). Several high-profile fines and the continued warnings from regulators have led to a sharp uptick in the number of …
The introduction of the GDPR (General Data Protection Regulation) requires all organisations within its scope to give data subjects the right to review the personal data being held on them. These requirements are broadly consistent with previous laws about personal data access requests, albeit more rigorous. However, …
Cookies are mentioned only once in the EU General Data Protection Regulation (GDPR), but the repercussions are significant for any organisation that uses them to track users’ browsing activity.
Personal data is at the heart of the GDPR (General Data Protection Regulation), but many people are still unsure exactly what ‘personal data’ refers to. There’s no definitive list of what is or isn’t personal data, so it all comes down …
The GDPR (General Data Protection Regulation) outlines six conditions under which organisations can process personal data. Contractual requirements, legal obligations, vital interests and tasks carried out in the public interest are all relatively self-explanatory, leaving consent and legitimate interest that …
For the past fifteen years, 28 January has marked Data Privacy Day, an international event that’s designed to raise awareness about online privacy. But this year, the event’s organiser, Stay Safe Online, has expanded the campaign into a full week. From …