Ireland’s DPC (Data Protection Commission) is investigating Instagram amid allegations that it failed to protect children’s personal data. Reports claimed that the email addresses and phone numbers of those under 18 were left publicly available due to an oversight in …
The GDPR (General Data Protection Regulation) is characterised by its widespread departure from previous European data protection laws – and one area where this is particularly the case is the scope of its application. Not only does the GDPR apply to …
The German subsidiary of H&M has received a €35,258,707.95 (about £31.9 million) fine from the Hamburg Data Protection Authority for violating the GDPR (General Data Protection Regulation). The infringement relates to a 2019 data breach that revealed that H&M was …
The GDPR (General Data Protection Regulation) restricts transfers of personal data outside of the EU. This prevents organisations circumventing the Regulation by processing the personal data in a country where the information is not adequately protected. For a data transfer …
For more than two years, Instagram was keeping pictures and direct messages on its servers after users deleted them. The researcher Saugat Pokharel discovered the error after sending the social media giant a request to access the information it stored …
Cyber criminals have developed a new way of strong-arming people into paying ransomware demands, according to a Sophos report.
16 July 2020 is likely to be remembered as the day the CJEU (Court of Justice of the European Union) invalidated the EU–US Privacy Shield Framework. The CJEU handed down its judgement on Schrems II, in which it considered the …
The ECJ (European Court of Justice) has declared that the EU–US Privacy Shield fails to protect people’s rights to privacy and data protection. The Privacy Shield was adopted in 2015 as way for organisations on both sides of the Atlantic …
Contracts are essential for GDPR (General Data Protection Regulation) compliance. Whether you’re dealing with employees, third parties or organisations outside the EU, a written agreement of data protection practices is the only way to make sure everyone is on the …
Chapter 1 of the GDPR (General Data Protection) outlines four general provisions that summarise the Regulation’s aims, regulatory requirements and key definitions. Understanding these are essential for GDPR compliance, so if there’s anything that you’re unsure of, you’ll benefit from …
