Data Protection Regulation

25 April 2017 at 2:30pm
[UPDATE: the Irish GDPR coalition have a nice infographic on information lifecycles under the GDPR] Anyone who has looked at an information security standard is likely to be familiar with the idea of an Information Asset Register. These cover the What and Where of information that an organisation relies on: what information do we hold, and where is it kept.
19 April 2017 at 9:46am
Although the Information Commissioner's "Twelve Steps to Prepare" is an excellent guide to what organisations need to do in the eighteen months before the General Data Protection Regulation  becomes UK law in May 2018, following them in order from 1 to 12 may n
19 April 2017 at 9:46am
The recent European Court case of Breyer v Germany provides welcome support for those who wish to protect the security of on-line services.
19 April 2017 at 9:47am
I'll be talking on Tuesday about how the General Data Protection Regulation will create some more reasons for organisations to practise good information security.
19 April 2017 at 9:48am
Now that the General Data Protection Regulation has been completed, the European Commission is reviewing the ePrivacy Directive. This law was introduced in 2002 as part of the telecommunications framework, and it was recognised at the time that it was likely to be largely replaced by a future general privacy law.
19 April 2017 at 9:49am
A few hours after the result of Thursday's referendum on membership of the European Union, I gave a presentation on the significance of the EU's General Data Protection Regulation, due to come into force in May 2018. That might seem a waste of time, but my suggestion was that the referendum result might in fact make the GDPR more important to us.
14 April 2016 at 9:23am
The Article 29 Working Party’s new Opinion on the US–EU Privacy Shield draft adequacy decision leaves a lot of questions unanswered and further prolongs the period of uncertainty for anyone transferring personal data from Europe to the USA.
29 February 2016 at 2:40pm
The European Commission has now published draft texts that could be used to implement an EU/US Privacy Shield to replace the previous Safe Harbor agreement. It appears that the new scheme would only cover "commercial exchanges" of personal data between the EU and US so it is unlikely to be appropriate for export of personal data to US universities or non-profit organisations.
19 April 2017 at 9:50am
The Commission's original draft Regulation included explicit support for the work of computer security and incident response teams, recognising that such activities were a legitimate interest that involved processing of personal data.
12 February 2016 at 9:29am
The Article 29 Working Party of European data protection supervisors had hoped to make a full statement on the EU/US Safe Harbor agreement at the end of January. However this has now been postponed, probably until mid-April. The European Court of Justice declared last October that the original Safe Harbor did not guarantee adequate protection when personal data were transferred from Europe to the USA.
Subscribe to Data Protection Regulation