Business Continuity Planning and Cyber-resilience

Business Continuity Planning and Cyber-resilience

The COVID-19 crisis is hopefully a once in a hundred years event. As we are asked to self-isolate and reduce face to face interactions, many organisations are dusting off and implementing their business continuity plans. Business Continuity Plans, if written,
Data Protection Commission Report for the First Full Year of GDPR

Data Protection Commission Report for the First Full Year of GDPR

On February 20th, Ireland’s Data Protection Commission (DPC) published their annual report covering the first full year of GDPR. This report sets out the areas of focus and activities carried out by the DPC between 1 January 2019 – 31
coronavirus

COVID-19 and Data Protection in Emergency Circumstances

As of today, the coronavirus COVID-19 is affecting 124 Countries and territories around the globe, calling governments and businesses worldwide to face an emergency situation that might continue for longer than expected. During these troubled times, with the perspective of
Cross-border data transfers between public authorities: the EDPB guidance

Cross-border data transfers between public authorities: the EDPB guidance

The digitalisation of the public sector and its information assets has reduced the barriers and boosted synergies in the public domain. Public authorities, now more innovative and digitalised than ever, are looking into strong synergies to better perform their tasks
How to Protect Your Organisation Against Phishing Attacks

How to Protect Your Organisation Against Phishing Attacks

Phishing attacks are one of the biggest threats to both individual and organisational privacy and security. A 2019 Cyber Breaches Survey published by the UK Government notes that 80% of cyber breaches are a result of a phishing attack. User
Events and attendee lists – Can I release them?

Events and attendee lists – Can I release them?

In February of this year, the Data Protection Commission (DPC) released guidance on attendee lists and the fact that some organisations are refusing to release such lists on the basis of the GDPR. The DPC’s guidance makes clear that the
Cryptography and Privacy

Cryptography and Privacy

In a recent blog post the Spanish Data Protection Agency (AEPD) released some guidance on data protection and the use of encryption. This article is not going to be a technical exploration of the tools available, for a technical review
Ireland's National Cyber Security Strategy 2019-2024

Ireland’s National Cyber Security Strategy 2019-2024

This article explores the key points to be taken from the National Cyber Security Strategy and its key role in meeting the requirements of the NIS Directive.
Data protection roles in health research: Controllers vs Processors

Data protection roles in health research: Controllers vs Processors

Regulation (EU) 2016/679 (GDPR), has been criticised for being overly burdensome and disproportionally prescriptive for organisations, especially where data is the enabler for providing services and products. Whereas the GDPR has set high compliance standards, organisational compliance is rather scalable
All you need to know to get ready for the ICO’s Age Appropriate Design Code

All you need to know to get ready for the ICO’s Age Appropriate Design Code

This article highlights how organisations can understand the scope of the ICO’s Age Appropriate Design Code and get ready for the implementation of the Code.
Emerging Technologies: Account Based Ticketing

Emerging Technologies: Account Based Ticketing

A presentation by the Chief Executive of Dublin Bus titled “Energy and Carbon: The Race to Zero” was recently shared widely on LinkedIn.  In it, Ray Coyne, the CEO of the public transport system set out his vision for the
Standard Contractual Clauses: New obligations for data transfers?

Standard Contractual Clauses: New obligations for data transfers?

Just before the advent of 2020, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) rendered his 70-page Opinion on the Schrems II case. This followed the finding of the CJEU in Schrems that the
Loading...

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.