The EDPS (European Data Protection Supervisor) and the EDPB (European Data Protection Board) recently released a statement calling for a ban on the automated processing of biometric data. This includes facial recognition software, fingerprints, retinal scans and voice recognition software –...
Organisations of all sizes rely on data protection policies and procedures to ensure that they process information effectively and in line with their regulatory requirements. But creating this documentation is often harder than it looks, with a lack of resources and...
The Guardian recently dropped the first stories of an investigation it has been conducting alongside other organisations into a form of spyware produced by the NSO Group. When a story like this appears, GRCI Law’s clients often ask us to provide...
Organisations that conduct international data transfers have had a frustrating few months. First, the European Court of Justice invalidated the EU–US Privacy Shield, then the UK left the EU without a clear legal basis for transferring personal data. If you’re confused...
Day 371 of the home-working revolution: the rats have comfy new central London homes, small people keep asking me how to do long division and I fear I will never have a Friday fish-and-chip lunch at the pub again. During the...
In the summer of 2018, the incident that privacy obsessives had been waiting for happened: a major data breach, by a household name, in the new GDPR (General Data Protection Regulation) era. Ticketmaster was the victim, having learned that a cyber...
Sooner or later, employees leave – and in almost all cases, they take their organisation’s sensitive data with them. You might think this threat is limited to employees who have been sacked or feel mistreated, but it’s a far more widespread...
Privacy by design is a framework designed to ensure that any new process or tool is designed and built with data privacy in mind. The concept isn’t new, but it has attracted greater attention in recent years as data protection and...
Earlier this month, a former RAC employee was sentenced to eight months’ imprisonment for stealing company data and sharing it with another firm. An ICO (Information Commissioner’s Office) investigation revealed that Kim Doyle transferred RAC customers’ names, mobile phone numbers and...
Seeding is the practice of planting dummy details into a database. Organisations do this so that they can monitor how the information is being handled and identify when it has been misused or breached. The practice is becoming increasingly popular, as...