Under the GDPR (General Data Protection Regulation), organisations can be held responsible for data breaches that occur at suppliers that don’t have appropriate protections in place. That’s why it’s essential that organisations review third parties’ data protection practices before partnering with...
Max Schrems’ privacy group, NOYB, is targeting organisations that make it difficult for people to opt out of tracking cookies. The group launched 422 formal complaints last month, claiming that the organisations in question were violating the GDPR (General Data Protection...
The EDPS (European Data Protection Supervisor) and the EDPB (European Data Protection Board) recently released a statement calling for a ban on the automated processing of biometric data. This includes facial recognition software, fingerprints, retinal scans and voice recognition software –...
Organisations of all sizes rely on data protection policies and procedures to ensure that they process information effectively and in line with their regulatory requirements. But creating this documentation is often harder than it looks, with a lack of resources and...
The Guardian recently dropped the first stories of an investigation it has been conducting alongside other organisations into a form of spyware produced by the NSO Group. When a story like this appears, GRCI Law’s clients often ask us to provide...
Organisations that conduct international data transfers have had a frustrating few months. First, the European Court of Justice invalidated the EU–US Privacy Shield, then the UK left the EU without a clear legal basis for transferring personal data. If you’re confused...
Day 371 of the home-working revolution: the rats have comfy new central London homes, small people keep asking me how to do long division and I fear I will never have a Friday fish-and-chip lunch at the pub again. During the...
In the summer of 2018, the incident that privacy obsessives had been waiting for happened: a major data breach, by a household name, in the new GDPR (General Data Protection Regulation) era. Ticketmaster was the victim, having learned that a cyber...
Sooner or later, employees leave – and in almost all cases, they take their organisation’s sensitive data with them. You might think this threat is limited to employees who have been sacked or feel mistreated, but it’s a far more widespread...
Privacy by design is a framework designed to ensure that any new process or tool is designed and built with data privacy in mind. The concept isn’t new, but it has attracted greater attention in recent years as data protection and...