Data Protection Regulation

Jisc Security Conference 2016

Andrew Cormack
19 April 2017 at 9:47am
#Jiscsec
Data Protection Regulation
GDPRprocess
I'll be talking on Tuesday about how the General Data Protection Regulation will create some more reasons for organisations to practise good information security.
Read more
19 April 2017 at 9:48am

Privacy online: is a separate Directive still needed?

Andrew Cormack
Data Protection Regulation
ePrivacy Directive
GDPRdevelopment
Now that the General Data Protection Regulation has been completed, the European Commission is reviewing the ePrivacy Directive. This law was introduced in 2002 as part of the telecommunications framework, and it was recognised at the time that it was likely to be largely replaced by a future general privacy law.
Read more
19 April 2017 at 9:49am

Referendum: has the GDPR gone away?

Andrew Cormack
Data Protection Regulation
GDPRprocess
A few hours after the result of Thursday's referendum on membership of the European Union, I gave a presentation on the significance of the EU's General Data Protection Regulation, due to come into force in May 2018. That might seem a waste of time, but my suggestion was that the referendum result might in fact make the GDPR more important to us.
Read more
14 April 2016 at 9:23am

Privacy Shield – Unfinished Business

Andrew Cormack
Data Protection Directive
Data Protection Regulation
Safe Harbor
The Article 29 Working Party’s new Opinion on the US–EU Privacy Shield draft adequacy decision leaves a lot of questions unanswered and further prolongs the period of uncertainty for anyone transferring personal data from Europe to the USA.
Read more
29 February 2016 at 2:40pm

Safe Harbor/Privacy Shield

Andrew Cormack
Data Protection Act
Data Protection Regulation
Safe Harbor
The European Commission has now published draft texts that could be used to implement an EU/US Privacy Shield to replace the previous Safe Harbor agreement. It appears that the new scheme would only cover "commercial exchanges" of personal data between the EU and US so it is unlikely to be appropriate for export of personal data to US universities or non-profit organisations.
Read more
19 April 2017 at 9:50am

Incident Response and the GDPR

Andrew Cormack
Data Protection Regulation
incident response
GDPRtopics
The Commission's original draft Regulation included explicit support for the work of computer security and incident response teams, recognising that such activities were a legitimate interest that involved processing of personal data.
Read more
12 February 2016 at 9:29am

Safe Harbor: Advice Postponed

Andrew Cormack
Data Protection Act
Data Protection Regulation
Safe Harbor
Cloud computing
The Article 29 Working Party of European data protection supervisors had hoped to make a full statement on the EU/US Safe Harbor agreement at the end of January. However this has now been postponed, probably until mid-April. The European Court of Justice declared last October that the original Safe Harbor did not guarantee adequate protection when personal data were transferred from Europe to the USA.
Read more
8 February 2016 at 11:21am

Breach Notification and the GDPR

Andrew Cormack
Data Protection Regulation
Breach Notification
[this article is based on the draft text published by the European Council on 28th January 2016. Recital and article numbers, at least, will change before the final text]
Read more
19 April 2017 at 9:51am

Federated Access Management and the GDPR

Andrew Cormack
Data Protection Regulation
Access Management
GDPRtopics
[this article is based on the draft text published by the European Council on 28th January 2016. Recital and article numbers, at least, will change before the final text]
Read more
3 March 2016 at 3:42pm

GDPR - the final text?

Andrew Cormack
Data Protection Regulation
incident response
Access Management
Cloud computing
Breach Notification
ePrivacy Directive
The European Council of Ministers have now published a proposed text for the General Data Protection Regulation. This still needs to be edited by the Commission's "lawyer-linguists" to check for inconsistencies, sort out the numbering of recitals and articles etc. But the working parties of both the Parliament and the Council have recommended that the resulting text should be adopted by the respective full bodies at meetings in the next couple of months.
Read more
Subscribe to Data Protection Regulation