Luke Irwin Archive
The UK government recently unveiled plans to expand the list of countries that it deems provide adequate data protection. It comes as part of a wider announcement on the future of the UK’s data protection regime, and follows the EU’s adequacy decision on the UK earlier this year. Adequacy decisions mean that the …
We live in a world of “datafied” children – whether we’re posting their photos on our social media pages, storing baby monitoring data in the Cloud or letting our kids use online services. Indeed, the likes of Facebook, Snapchat and …
Data sharing agreements between organisations with whom you send and receive information plays a major role in your compliance with the GDPR (General Data Protection Regulation) and similar regulations. Your organisation might refer to it by a different name – …
The EU Commission has awarded the UK two adequacy decisions. The first recognises that the UK meets the requirements of the GDPR (General Data Protection Regulation), and the other recognises that it meets the requirements of the Law Enforcement Directive. …
The Information Commissioner’s Office held its 2021 Data Practitioner’s Conference earlier this month, bringing together more than 3,000 data protection professionals from across the country. In a year filled with obstacles – from COVID-19 to Brexit – there was no …
On New Year’s Eve 2020, the UK and EU struck a deal allowing personal data to continue flowing freely between the territories until 30 June 2021. The agreement bridges the gap between the end of the Brexit transition period and …
In 2016, Marriott International purchased Starwood Hotels & Resorts to become the world’s largest hotel chain. But at no point during that $13.6 billion takeover did Marriott realise that it wasn’t only acquiring 11 new brands but also an unsecure …
A German publishing company has become the first organisation to face enforcement action for its use of SCCs (standard contractual clauses) following the demise of the EU–US Privacy Shield. The BayLDA (Bavarian Data Protection Authority) ruled that the publisher failed …
Although the GDPR (General Data Protection Regulation) is rooted in EU law, organisations across the globe have been told that they must comply with its requirements. This has been most prominent in the US, which is the EU’s biggest trading …
Under the GDPR (General Data Protection Regulation), organisations must report certain types of data breach within 72 hours of becoming aware of them. As such, when an incident occurs, security teams must work quickly to investigate the breach, document their …
