As part of the STAR II project, TRI has been working on better understanding how small and medium enterprises (SMEs) have coped with the GDPR, and the challenges they have faced. The project has also researched how EU data protection authorities have attempted to support...

In order to protect staff, customers and visitors from exposure to COVID-19, many businesses and organisations are installing temperature checking systems to monitor individuals when on-site. It is important, however, to ensure that business owners fulfil their (new) public health management assistance in a manner...

The threat of ransomware is rapidly evolving in not only sophistication but prevalence. Most recently, details have come to light, exposing the extent of the ransomware attack against US-based Magellan Health affecting over 364,000 individuals. Although ransomware attacks have been an emerging trend for several...

In this interview with Philipp Amann, Head of Strategy of Europol’s European Cybercrime Centre, we discuss an approach to organisational cybersecurity and cyber resilience that underlines, among other things, the need for prevention and awareness as well as a holistic view of the threats and...

New technologies are not inherently ethically good or bad; they can both enhance or violate fundamental rights and values and their use can have far-reaching consequences. This is especially apparent in the medical and health sectors. The rapid development of new technologies deployed in this sector...

The current response to the Coronavirus is making massive changes to all our lives, but it’s also accelerating various existing trends. One of these has been to move education online, due to the closure or suspension of schools and universities. Educators have had to move incredibly...

As of today, the coronavirus COVID-19 is affecting 124 Countries and territories around the globe, calling governments and businesses worldwide to face an emergency situation that might continue for longer than expected. During these troubled times, with the perspective of a global health crisis ahead,...

The Council of Europe (CoE) in 2006 launched a Data Protection Day to be celebrated each year on 28th January, the date on which the CoE’s data protection convention, known as “Convention 108” was signed. The day, known as Data Protection Day in Europe, is...

We are delighted to introduce the STAR GDPR training material. As a result of the collaboration between the Law, Science, Technology & Society research group at VUB (https://lsts.research.vub.be/), the Hungarian data protection authority NAIH (https://naih.hu/) and Trilateral Research, as part of the EC funded project STAR,...

In this article, we look at what it means to be GDPR compliant and the benefits of doing so. Referring to the latest study carried out by the European project STAR II, Trilateral Research’s Data Protection Consultant Kai Matturi investigates the impact surrounding SMEs not...

Trilateral’s DroneRules PRO materials on privacy and data protection have been included in official European Aviation Safety Agency Guidance to assist the drone industry to comply with the new EU wide drone Regulations and the General Data Protection Regulation (GDPR). In 2018 the European Aviation Safety...

A recent article by Boston Consulting Group outlined how organisations should assess cybersecurity risks in order to target spending on the risks most likely to have a significant financial impact. It noted that cybersecurity attacks and cybersecurity spending are on the rise with the latter...

On 25 September 2019, Trilateral conducted, in cooperation with RoboAcademy, a DroneRules PRO training session at the Faculty of Aerospace Engineering TU Delft in the Netherlands. This was the final in a series of workshops that brought together more than 90 drone stakeholders in 6...

Trilateral has worked with DPAs, academics and business to develop a set of freely available GDPR training materials which will be presented in this month's project final conference in Brussels and Tirana. In this article, David Barnard-Wills, Research Manager at Trilateral Research, presents the  DPAs’ approach to training in countries...

It is over a year now since the General Data Protection Regulation (GDPR) came into force throughout the EU and the STAR II project has also been designed to understand how small and medium enterprises (SMEs) have experienced the GDPR during this period. To find out...

The new world economy relies on data-driven technologies and systems. Data is knowledge and innovation, ensuring scientific progress. There is a strong debate on whether the new General Data Protection Regulation (GDPR) constitutes an enabler or hindrance for scientific research. Although the focus has been...

Data Protection Authorities including the ICO and the Irish Data Protection Commission have recently released updated cookie guidance and CNIL, the French Data Protection Authority, have released updated guidelines, repealing their 2013 guidelines which suggested that a valid form of consent to cookies included the...

In a historic move, the Danish Data Protection Authority, Datatilsynet has recommended its first fine under the GDPR regime for taxi company Taxa4x35 for its failure to adhere to principles of data minimisation and a failure to properly anonymise personal data. Organisations who wish to avoid...

A recent editorial (March 2019) and article (Jan 2019) in the British Medical Journal have focused on how medical mobile apps, currently a booming market, routinely share users’ data. Given the purpose of these mobile applications and the fact that their use is sometimes suggested to patients...

Due to their manoeuvrability, varying designs and sizes, as well as the vast array of hardware and software capabilities they could be equipped with, drones have found widespread applications in fields spanning cinematography, insurance valuations, construction project planning, real estate sales and infrastructure inspections among...

Many organisations have already recognised the need to appoint specialist personnel to ensure they are meeting their obligations in relation to the protection of personal data. For example, the General Data Protection Regulation (GDPR) requires many types of organisations to appoint a Data Protection Officer...

The French Supervisory Authority, Commission nationale de l'informatique et des libertés (CNIL) has issued Google LLC with a €50m (£44m) fine following an investigation into their advertisement personalisation purposes. This marks the first occasion Google has been fined under the EU General Data Protection Regulation...

The General Data Protection Regulation (GDPR) creates a new role called a Data Protection Officer which assists a data controller or processor to monitor their internal compliance. Although not every organisation requires a Data Protection Officer (DPO), the GDPR provides that the DPO may be an...

To mark Data Protection Day, Trilateral has produced a special article that examines how the General Data Protection Regulation (GDPR) changes the rules for research. The GDPR adopts a “broad” definition of research, encompassing the activities of public and private entities alike (Recital 159). Research occupies...

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.