GRCI Law

Ransomware attackers are charging millions to cover up GDPR breaches

Luke Irwin 6th August 2020 GDPR

Cyber criminals have developed a new way of strong-arming people into paying ransomware demands, according to a Sophos report.

[Continue Reading...]

EU–US Privacy Shield ruled invalid: what now?

Rachel McKinney 24th July 2020 GDPR

16 July 2020 is likely to be remembered as the day the CJEU (Court of Justice of the European Union) invalidated the EU–US Privacy Shield Framework. The CJEU handed down its judgement on Schrems II, in which it considered the …

[Continue Reading...]

EU–US Privacy Shield ruled invalid by the European Court of Justice

Luke Irwin 22nd July 2020

The ECJ (European Court of Justice) has declared that the EU–US Privacy Shield fails to protect people’s rights to privacy and data protection. The Privacy Shield was adopted in 2015 as way for organisations on both sides of the Atlantic …

[Continue Reading...]

Making your contracts GDPR compliant: a complete guide

Luke Irwin 9th July 2020

Contracts are essential for GDPR (General Data Protection Regulation) compliance. Whether you’re dealing with employees, third parties or organisations outside the EU, a written agreement of data protection practices is the only way to make sure everyone is on the …

[Continue Reading...]

What are the key provisions of the GDPR?

Luke Irwin 5th June 2020 GDPR

Chapter 1 of the GDPR (General Data Protection) outlines four general provisions that summarise the Regulation’s aims, regulatory requirements and key definitions. Understanding these are essential for GDPR compliance, so if there’s anything that you’re unsure of, you’ll benefit from …

[Continue Reading...]

DPO and C-suite roles: conflict of interest?

Luke Irwin 19th May 2020 GDPR

A Belgian organisation was recently fined €50,000 (about £44,300) by the country’s DPA (Data Protection Authority) for violating the GDPR’s (General Data Protection Regulation) requirements concerning the appointment of a DPO (data protection officer). The person who filled the position …

[Continue Reading...]

How to keep personal data flowing between the EU and the UK after Brexit

Luke Irwin 28th April 2020 Cyber security

On 31 January 2020, after almost four years of negotiations, the UK’s membership of the EU ended. This began a transition period, set to end on New Year’s Eve, during which the UK and the EU will agree their future …

[Continue Reading...]

Do employers need to amend employees’ contracts to comply with the GDPR?

Luke Irwin 27th March 2020

The GDPR (General Data Protection Regulation) applies as much to your employees’ personal data as it does to your customers’. After all, their information is just as vulnerable to misuse and therefore it needs to be protected. Fortunately, you aren’t …

[Continue Reading...]

Why your organisation should use standard contractual clauses

Luke Irwin 9th March 2020

Under the GDPR (General Data Protection Regulation), organisations that send personal data to a country outside the EU that hasn’t been recognised as providing an adequate level of data protection need to use an appropriate safeguard mechanism. The two most …

[Continue Reading...]

The GDPR: Data protection rights and responsibilities

Luke Irwin 3rd January 2020

If you strip away the big talking points of the GDPR (General Data Protection Regulation) – the massive fines and consent and what counts as personal data – you’re left with a simple, logical truth: data subjects have certain rights …

[Continue Reading...]