The ethics of a multilingual app in humanitarian emergencies: finding a voice or excluding voices?
The ethics of a multilingual app in humanitarian emergencies: finding a voice or excluding voices?
Many operations in disaster relief invariably involve search and rescue teams who come from different countries to help the current mission. Indeed, if First Responders could communicate more quickly and ...
Recover Better, Recover Stronger, Recover Together: key takeaways from the UN Global Compact 20th Anniversary Leaders Summit
Recover Better, Recover Stronger, Recover Together: key takeaways from the UN Global Compact 20th Anniversary Leaders Summit
The UN Global Compact (UNGC) is a call to companies everywhere to align their operations and strategies with ten universal principles in the areas of human rights, labour, environment and ...
“Siri, talk dirty to me” - The Ethics of Conversational AI
“Siri, talk dirty to me” – The Ethics of Conversational AI
This blog focuses on conversational agents such as Siri and Alexa and the ethical implications of how they respond to gendered abuse. In designing such agents, technologists must make decisions ...
Practicing information hygiene routine to flatten the curve of the ‘infodemic’ – EUNOMIA project’s recommendations
Practicing information hygiene routine to flatten the curve of the ‘infodemic’ – EUNOMIA project’s recommendations
The Covid-19 outbreak has raised afresh the debate about the dangers of misinformation on social media. During the time of the pandemic, myths about coronavirus cures and treatments, its origins ...
Creating clusters to develop sustainable data-driven policing solutions by adopting an ethical approach
Creating clusters to develop sustainable data-driven policing solutions by adopting an ethical approach
Data-driven policing tools that collect and process potentially personal data may interact with the rights and freedoms of individuals, such as cybercrime victims, perpetrators or other Internet users. In order ...
“Failing to plan for the day after”: planning for civilian protection in Libya
“Failing to plan for the day after”: planning for civilian protection in Libya
In early 2011, Libya descended into chaos and violence. In March the UN Security Council passed Resolution 1973 authorising “all necessary measures” to protect Libyan civilians. At the end of ...
Cyber Threats and Pandemics: Tackling Risk Through Shared Responsibility
Cyber Threats and Pandemics: Tackling Risk Through Shared Responsibility
In this interview with Philipp Amann, Head of Strategy of Europol’s European Cybercrime Centre, we discuss an approach to organisational cybersecurity and cyber resilience that underlines, among other things, the ...
Witness seminar_privacy
What is it like to participate in a Witness Seminar in the time of COVID-19?
This article outlines the meaning and structure of a "witness seminar", with a focus on the importance of privacy and data protection, in particular related to the technical solutions developed ...
Developing a sustainable model to enhance policing’s ability to safeguard children – interview with Chris Todd from West Midlands Police and National Policing lead for Data Analytics
Developing a sustainable model to enhance policing’s ability to safeguard children – interview with Chris Todd from West Midlands Police and National Policing lead for Data Analytics
In this interview, Detective Chief Superintendent Chris Todd from West Midlands Police and National Policing lead for Data Analytics shares unique insights on how new technologies can make policing more ...
Security research ethics
Ethically developed technologies for safer societies – the ROXANNE project case study
ROXANNE is a security project funded under the European Union Horizon 2020 innovation programme. ROXANNE brings together research institutions, law enforcement agencies and industry to build tools to assist law ...
Analysing the impact of COVID-19 on gender, peace and security
Analysing the impact of COVID-19 on gender, peace and security
In April 2020, we published a post titled ‘Why is human security important?’ to kick-off a series of blog posts for Project HAMOC exploring the importance of this concept for ...
CC-DRIVER_drivers_of_cybercriminality
Combating Cybercriminality by Understanding Human and Technical Drivers
Trilateral Research joins twelve partners from across the EU in the newly launched three-year Horizon 2020 project CC-DRIVER to examine the drivers behind cybercriminality in the EU with a special ...
Can new technologies improve healthcare?
Can new technologies improve healthcare?
New technologies are not inherently ethically good or bad; they can both enhance or violate fundamental rights and values and their use can have far-reaching consequences. This is especially apparent ...
Detecting identity fraud to reduce abuses and vulnerabilities
Detecting identity fraud to reduce abuses and vulnerabilities
Imagine an individual with a known criminal past has recently renewed his passport with a morphed image created by combining his own photo with that of another person without a ...
Unpicking the contradictions that facilitate tax crime
Unpicking the contradictions that facilitate tax crime
Trilateral Research is proud to work with our partners in PROTAX project, contributing to strengthening the prevention and prosecution of tax crimes in Europe. PROTAX has so far shown the ...
Using digital surveillance tools - what are the privacy and ethical issues to take into account?
Using digital surveillance tools – what are the privacy and ethical issues to take into account?
A variety of digital surveillance solutions are ready for use by law enforcement agencies (LEAs), such as advanced algorithms, network analysis, data mining and machine learning. Although the gathering and ...
SATORI standard, ethics assessment
The future of ethics assessment: contribute to SATORI’s European standard
How do we embed ethics in innovation? As innovations do not follow a fixed recipe, their development or use may raise ethical concerns or unintended consequences. A successful innovation must, ...
CESIUM early warning, early intervention
Develop better early intervention strategies to combat child exploitation – interview with Kay Wallace, Police and Justice lead for the NWG
In this interview with Kay Wallace the Police and Justice lead for the NWG – Exploitation Response Unit, we discuss how Project CESIUM supports a better understanding of risks and ...

Outsourced DPO

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Serve as your DPO

Company name and contact details transmitted to the ICO Company name and contact details available to:
  • Management
  • Employees
  • Data subjects
Article reference: 37

Contact point for data subjects

  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data access requests.
Article reference: 38(4)

Contact point for Data Protection Authorities
(e.g. ICO)

Liaise with the ICO in case of issues with data subjects and data breaches.
Article reference: 39(1)(d), 39(1)(e), 36

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Every 6 months
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Article reference: 39

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email and telephone assistance

-
Article reference: -

Bespoke notifications to management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Training seminar on the developments of data protection law and policy

-
Article reference: -

Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents
Article reference: 39(1)(b)

Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays
Article reference: -

DPO Assist

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Ad hoc advice on difficult data protection issues

Written opinions on data protection queries, with an analysis of relevant issues or other relevant legislative elements
Article reference: 39(1)(a)

Regular newsletter to inform and advise on relevant developments and possible challenges in data protection

Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities.
Monthly
Article reference: 39(1)(a)

Annual gap analysis

Audit and gap analysis to map new activities and data-processing practices
Virtual
Article reference: 39(1)(b)

Status discussion (via phone/skype) and report

Discussion and report
Annually
Article reference: 39(1)(b)

Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.
Article reference: 39(1)(b)

Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Article reference: 39(1)(c)

Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Article reference: 33(3)(b)

Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of training materials, where appropriate
Article reference: 39(1)(b)

Email abd telephone assistance

-
Article reference: -

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation
Article reference: 39(1)(a)

Compliance Support

See below a list of standard requirements for this service, however we are always available to tailor our services in relation to our clients' needs.

Contact us to discuss further.

Data Mapping

Map the data flows within your organisation to better understand how personal information flows between departments

Data Protection Impact Assessments

Where required by the GDPR or national law, conduct or review DPIAs using our library of good practices
Article reference: 35

Consent and Privacy Notice Requirements

Revise and improve consent and privacy notices to meet transparency and accoutnability requirements

Gap Analysis

Identify gaps in your organisation's compliance with the GDPR, national data protection legislation or sectoral legislation

Data Protection Audit

Audit your organisation's activities to assess your compliance with applicable data protection law

Data Protection-by-design and -default

Work with your technical and admin teams to operationalise Data Protection-by-design and -default, using established good practice
Article reference: 25

Training

We offer general, role-based (e.g., HR) and activity based (e.g., DPIA) training. All our training materials are designed to be accessible to non-experts and easy to use

General compliance support

Support for creating required documentation, including, but not limited to Records of Processing activities, Data retention (and deletion) schedules, Personal Data Breach procedures, Subject Access Request procedures, Training materials, Legitimate Interest Assessments, etc.)

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.