GDPR: Episode 3

The General Data Protection Regulation is the big topic at the moment. In episode 1 of Technology & the Law we looked at GDPR in relation to data location. In episode 3 we looked more broadly at GDPR issues. There is no magic wand which a consultant can wave to make you GDPR compliant: you … Continue reading GDPR: Episode 3

Privacy Shield not ready yet

Two working parties, ministers galore... but data transfer law remains in limbo The revelations by rogue NSA sysadmin Edward Snowden in 2013 caused indignant EU politicians to open a dialogue with the US government to update the data transfer regime to safeguard personal data. The Privacy Shield is the culmination of those discussions. The US's hands-off approach … Continue reading Privacy Shield not ready yet

Brexit = Legal Armageddon?

The Brexit debate continues and, with the Leave and Remain camps neck and neck, it looks likely that the undecided few will carry the result. It seems that we can expect more headline-grabbing soundbites until the vote on June 23. The polarised nature of this debate is throwing up some interesting oddities, so you might … Continue reading Brexit = Legal Armageddon?

Data transfers post Schrems

Transfers of data from EU to US can still occur. The Article 29 Working Party has set a deadline of end of January 2016 for Safe Harbour 2.0 to be finalised. After this, depending upon what transfer methods are being used, the data protection authorities will start taking enforcement action. The European Commission sets out … Continue reading Data transfers post Schrems

US & Microsoft return to court over access to Dublin data

Finally, after going quiet for several months, the US Gov & Microsoft is set to return to court. The US government had obtained a court ruling under the US Stored Communications Act to allow it to gain access to data held in Microsoft's Dublin datacentre. Microsoft had resisted on the basis that Irish law should … Continue reading US & Microsoft return to court over access to Dublin data

Carphone Warehouse data hack

The hack of 2.4m Carphone Warehouse customer records (including 90,000 credit card details) has received much coverage in the press. The Information Commissioner's Office, the body that regulates compliance with the UK Data Protection Act, has said that is "making enquiries". It would be inappropriate for me to comment on whether Carphone Warehouse could have been … Continue reading Carphone Warehouse data hack

Cloud providers: 4 steps to prepare for the new data reg

Last year I wrote about the key issues cloud providers need to know about the new EU General Data Protection Regulation. This is the new EU-wide legislation that will finally harmonise data protection laws across the 28 EU member states (except for the bits where member states can enhance the minimum protection specified - wait, that … Continue reading Cloud providers: 4 steps to prepare for the new data reg