• All
  • Data Science
  • News
  • Privacy
  • Research Highlights
  • Security

The COVID-19 crisis is hopefully a once in a hundred years event. As we are asked to self-isolate and reduce face to face interactions, many organisations are dusting off and implementing their business continuity plans. Business Continuity Plans, if written, are rarely reviewed, never mind...

On February 20th, Ireland’s Data Protection Commission (DPC) published their annual report covering the first full year of GDPR. This report sets out the areas of focus and activities carried out by the DPC between 1 January 2019 – 31 December 2019. The vast spectrum of...

As of today, the coronavirus COVID-19 is affecting 124 Countries and territories around the globe, calling governments and businesses worldwide to face an emergency situation that might continue for longer than expected. During these troubled times, with the perspective of a global health crisis ahead,...

The digitalisation of the public sector and its information assets has reduced the barriers and boosted synergies in the public domain. Public authorities, now more innovative and digitalised than ever, are looking into strong synergies to better perform their tasks and execute the administrative roles...

Phishing attacks are one of the biggest threats to both individual and organisational privacy and security. A 2019 Cyber Breaches Survey published by the UK Government notes that 80% of cyber breaches are a result of a phishing attack. User training is often a key...

In February of this year, the Data Protection Commission (DPC) released guidance on attendee lists and the fact that some organisations are refusing to release such lists on the basis of the GDPR. The DPC’s guidance makes clear that the GDPR does not forbid releasing...

In a recent blog post the Spanish Data Protection Agency (AEPD) released some guidance on data protection and the use of encryption. This article is not going to be a technical exploration of the tools available, for a technical review please see this previous article....

Regulation (EU) 2016/679 (GDPR), has been criticised for being overly burdensome and disproportionally prescriptive for organisations, especially where data is the enabler for providing services and products. Whereas the GDPR has set high compliance standards, organisational compliance is rather scalable and proportionate to the role...

A presentation by the Chief Executive of Dublin Bus titled “Energy and Carbon: The Race to Zero” was recently shared widely on LinkedIn.  In it, Ray Coyne, the CEO of the public transport system set out his vision for the “sustainable Dublin of the future”...

Just before the advent of 2020, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) rendered his 70-page Opinion on the Schrems II case. This followed the finding of the CJEU in Schrems that the Safe Harbor, i.e., the data...

The Council of Europe (CoE) in 2006 launched a Data Protection Day to be celebrated each year on 28th January, the date on which the CoE’s data protection convention, known as “Convention 108” was signed. The day, known as Data Protection Day in Europe, is...

As employers, managers need to be aware of their employees’ right to a reasonable expectation of privacy in the workplace, but what does this mean on the ground? Many employers still need additional support to recognise the scope of this obligation and implement adequate controls...

Since the introduction of Regulation (EU) 2016/679 (General Data Protection Regulation -GDPR), our experts have commented on European judgements, policy and legal developments and official guidance on the implementation of the GDPR.  With the implementation of the California Consumer Privacy Act (CCPA) on 1st January 2020,...

The explicit reference to ‘pseudonymisation’ in Regulation (EU) 2016/67 (General Data Protection Regulation – GDPR) has raised several questions about the impact and effect of pseudonymisation as well as about the nature of pseudonymised data. It also raises questions about the suitability of techniques currently...

The Irish Data Protection Commissioner (DPC) has released new guidance on Subject Access Requests (SARs) for individuals and controllers.  Unsurprisingly, the majority of queries and complaints the DPC receives concern individuals exercising their “right of access” under Article 15 of Regulation (EU) 2016/679 (General Data...

Special categories of personal data, colloquially called ‘sensitive data’, were already recognised under the Data Protection Directive 95/46/EC as a category of personal data requiring further protection. Regulation (EU) 2016/679 (GDPR) has added genetic and biometric data to the list of sensitive data and enhanced...

“Culture eats strategy for breakfast,” is a famous quotation attributed to the business management guru Peter Drucker. For Drucker, organisational culture plays a central role in how organisations work. When it comes to data protection, a culture must be created where protecting the personal data...

Ensuring the security of personal data is a key requirement of the General Data Protection Regulation, found under Article 32 (Security of Processing). This obligates organisations to ensure that appropriate technical and organisational measures are in place to protect personal data. Often, the first point...

Understanding and monitoring the data assets your organisation holds is crucial since knowing whether data is personal or not determines the application of EU Data Protection Law. Whereas the processing of personal data may be vital for providing your services and products, processing personal data...

ISO27701 is set to be the international standard for Privacy Information Management Systems (PIMS). It allows organisations that have already achieved ISO 27001 to align their privacy and Information Security Management Systems (ISMS) and demonstrate an appropriate control environment. In the same way that ISO 27001...

Data protection legislation now regulates every aspect of processing personal data, and your web presence is your shop window for your customers and a visible testament to how you treat their personal data. It is often your primary channel for informing people how the business...

There has been an ongoing discussion regarding the reporting of breaches to National Authorities since Regulation (EU) 2016/679 (GDPR) went live just over a year ago. Pinsent Mason’s law firm, in their recent review of reporting of personal data breaches (PDBs) in the UK, noted...

The new world economy relies on data-driven technologies and systems. Data is knowledge and innovation, ensuring scientific progress. There is a strong debate on whether the new General Data Protection Regulation (GDPR) constitutes an enabler or hindrance for scientific research. Although the focus has been...

‘Risk Assessment Report and Methodology’

You can view the Executive Summary and Table of contents of the Project Solebay Risk Assessment Methodology Report.

Please sign up to the Solebay mailing list to download the Full Solebay project report.